Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: MS Removal Tool

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.04.2011, 16:33   #1
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



Hallo zusammen,

erstmal das Malwarebytes-Log:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6333
 
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
 
11.04.2011 17:28:56
mbam-log-2011-04-11 (17-28-56).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 112686
Laufzeit: 17 Minute(n), 15 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hIj28258lHaFl28258 (Rogue.MSRemovalTool) -> Value: hIj28258lHaFl28258 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B922D405-6D13-4A2B-AE89-08A030DA4402}\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\programdata\hij28258lhafl28258\hij28258lhafl28258.exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\33A6.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\686t20g1.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\6ntecle7.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\7cc2opx4.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\9iyywc9v.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\aysdte0o.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\j5pepkrl.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\kf1khc1s.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\pnakgqu0.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\qtpd76jb.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\v7tt5gb1.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\LocalLow\Sun\Java\deployment\cache\6.0\3\11cfa543-3992d1eb (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc24452392.txt (Trojan.Hiloti) -> Quarantined and deleted successfully.
         
OTL 1:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.04.2011 17:32:43 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\*\Voreingestellte Ordner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 441,46 Gb Free Space | 76,62% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,84 Gb Free Space | 44,23% Space Free | Partition Type: FAT32
Drive H: | 2,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 3,73 Gb Total Space | 0,54 Gb Free Space | 14,44% Space Free | Partition Type: FAT32
 
Computer Name: *-PCMENG | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*\Voreingestellte Ordner\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*\Voreingestellte Ordner\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\netsession_win_a35e6b9.dll ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (DBService) -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
SRV - (TVGOnlineUpdateSvc) -- C:\Programme\TVG\OnlineUpdate\OnlineUpdateSvc.exe ()
SRV - (AdobeActiveFileMonitor8.0) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (avmaudio) -- C:\Windows\System32\drivers\avmaudio.sys (AVM Berlin)
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (ACEDRV09) -- C:\Windows\System32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (Advanced Micro Devices, Inc)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (acedrv10) -- C:\Windows\System32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (acehlp10) -- C:\Windows\System32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi-sued.de/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi-sued.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.test-wasser.de/piwik/index.php?module=CoreHome&action=index&date=2010-08-03&period=day&idSite=40
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:61838
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.de/ig"
FF - prefs.js..extensions.enabledItems: seostatus@rubyweb:1.5.7
FF - prefs.js..extensions.enabledItems: webrank-toolbar@probcomp.com:3.1
FF - prefs.js..extensions.enabledItems: {D73AD7EE-96ED-49B4-A9B7-DD94F154813D}:1.9.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=18e19fc0000000000000bc05430013f4&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.gopher_port: 80
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks_port: 80
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.11 15:34:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.11 15:34:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.03.08 17:18:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] ()
 
[2010.07.21 09:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2010.07.21 09:49:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.11 17:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kt93lppj.default\extensions
[2010.07.27 10:04:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kt93lppj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.30 10:03:41 | 000,000,000 | ---D | M] (SEO Status PageRank/Alexa Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kt93lppj.default\extensions\seostatus@rubyweb
[2010.08.30 10:05:24 | 000,000,000 | ---D | M] (WebRank Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\kt93lppj.default\extensions\webrank-toolbar@probcomp.com
[2011.04.11 15:57:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.04 08:47:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.09.03 15:49:32 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.09.03 15:49:33 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2011.04.11 14:14:26 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\*\APPDATA\LOCAL\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}
[2009.05.30 01:20:07 | 000,535,840 | ---- | M] (iLinc Communications, Inc.) -- C:\Programme\Mozilla Firefox\plugins\NPCltInstall.dll
[2011.04.11 15:34:05 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.11 15:34:05 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.11 15:34:06 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.04.11 15:34:06 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.04.11 15:34:06 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\HomeCinema\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Corel Graphics Suite 1117] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\*\AppData\Local\Apps\2.0\HD0Z4920.JG8\7Y9M4GYD.9C7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin)
O4 - HKCU..\Run: [STAMPIT-Tray] C:\Programme\STAMPIT\Binary\STRAY.EXE (Deutsche Post AG)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.02.03 11:27:41 | 000,000,040 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{0535049c-43ce-11e0-a48e-0025d325465b}\Shell - "" = AutoRun
O33 - MountPoints2\{0535049c-43ce-11e0-a48e-0025d325465b}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{053504a0-43ce-11e0-a48e-0025d325465b}\Shell - "" = AutoRun
O33 - MountPoints2\{053504a0-43ce-11e0-a48e-0025d325465b}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{278250a3-96ad-11de-a7bd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{278250a3-96ad-11de-a7bd-806e6f6e6963}\Shell\AutoRun\command - "" = H:\menue.exe -- [2008.08.11 17:42:26 | 000,160,536 | R--- | M] ()
O33 - MountPoints2\{3ed125c6-ca9b-11de-bd94-002421b68ec4}\Shell - "" = AutoRun
O33 - MountPoints2\{3ed125c6-ca9b-11de-bd94-002421b68ec4}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{3ed125d0-ca9b-11de-bd94-002421b68ec4}\Shell - "" = AutoRun
O33 - MountPoints2\{3ed125d0-ca9b-11de-bd94-002421b68ec4}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{79f034ae-96b0-11de-b545-0025d325465b}\Shell - "" = AutoRun
O33 - MountPoints2\{79f034ae-96b0-11de-b545-0025d325465b}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{8c30e776-13f3-11e0-9441-002421b68ec4}\Shell - "" = AutoRun
O33 - MountPoints2\{8c30e776-13f3-11e0-9441-002421b68ec4}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{d836128d-4337-11e0-b354-002421b68ec4}\Shell - "" = AutoRun
O33 - MountPoints2\{d836128d-4337-11e0-b354-002421b68ec4}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\{dfffc733-7520-11df-9f36-002421b68ec4}\Shell - "" = AutoRun
O33 - MountPoints2\{dfffc733-7520-11df-9f36-002421b68ec4}\Shell\AutoRun\command - "" = I:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.11 16:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft
[2011.04.11 16:48:06 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2011.04.11 16:05:02 | 017,733,592 | ---- | C] (GridinSoft, Inc.                                            ) -- C:\Users\*\Voreingestellte Ordner\Desktop\trojankiller2092-setup.exe
[2011.04.11 15:58:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.04.11 14:34:10 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.04.11 14:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.11 14:33:36 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Users\*\Voreingestellte Ordner\Desktop\ccsetup305_1409.exe
[2011.04.11 14:32:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2011.04.11 14:32:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.11 14:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.11 14:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.11 14:32:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.11 14:32:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.11 14:31:54 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\*\Voreingestellte Ordner\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.11 14:30:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.04.11 14:14:26 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}
[2011.04.11 14:12:44 | 000,000,000 | ---D | C] -- C:\ProgramData\hIj28258lHaFl28258
[2011.04.08 07:50:32 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DasTelefonbuch Gelbe Seiten Map&Route
[2011.04.08 07:50:30 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\TVG
[2011.04.08 07:49:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DasTelefonbuch Gelbe Seiten Map & Route
[2011.04.08 07:45:53 | 000,000,000 | ---D | C] -- C:\Programme\TVG
[2011.03.30 10:52:19 | 000,000,000 | ---D | C] -- C:\Users\*\Voreingestellte Ordner\Desktop\Ciao.it
[2011.03.29 09:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2011.03.29 08:48:45 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Corel
[2011.03.29 08:48:26 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Visual Studio 2008
[2011.03.29 08:46:22 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SDKs
[2011.03.29 08:46:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 9.0
[2011.03.29 08:43:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Protexis
[2011.03.29 08:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5
[2011.03.29 08:36:04 | 000,000,000 | ---D | C] -- C:\Programme\BabylonToolbar
[2011.03.23 09:04:15 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 09:04:15 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.22 11:59:36 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\CyberLink
[2011.03.22 11:47:55 | 000,000,000 | ---D | C] -- C:\Users\*\Voreingestellte Ordner\Desktop\gynefix2011
[2011.03.18 15:00:50 | 000,000,000 | ---D | C] -- C:\tmp
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.11 17:16:37 | 000,638,224 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.11 17:16:37 | 000,604,154 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.11 17:16:37 | 000,130,634 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.11 17:16:37 | 000,107,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.11 17:09:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.11 16:58:42 | 243,748,103 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.11 16:52:27 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.11 16:52:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.11 16:52:06 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.11 16:48:09 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2011.04.11 16:37:47 | 000,404,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.11 16:25:49 | 000,001,356 | ---- | M] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2011.04.11 16:05:15 | 017,733,592 | ---- | M] (GridinSoft, Inc.                                            ) -- C:\Users\*\Voreingestellte Ordner\Desktop\trojankiller2092-setup.exe
[2011.04.11 15:25:02 | 000,000,130 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\hosts-perm.bat
[2011.04.11 15:20:56 | 001,006,778 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\eXplorer.exe
[2011.04.11 14:45:10 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.11 14:36:42 | 000,002,736 | ---- | M] () -- C:\Users\*\AppData\Roaming\CD06.5F3
[2011.04.11 14:32:31 | 000,012,800 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.11 14:28:28 | 003,050,664 | ---- | M] (Piriform Ltd) -- C:\Users\*\Voreingestellte Ordner\Desktop\ccsetup305_1409.exe
[2011.04.11 14:27:28 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\*\Voreingestellte Ordner\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.11 14:14:27 | 000,000,120 | ---- | M] () -- C:\Users\*\AppData\Local\Yyikodusexuy.dat
[2011.04.11 14:14:27 | 000,000,000 | ---- | M] () -- C:\Users\*\AppData\Local\Cmamevub.bin
[2011.04.11 14:14:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.08 07:49:27 | 000,001,432 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeManager Terminerinnerung.lnk
[2011.04.01 14:28:52 | 000,005,983 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\PM Haarmineralanalyse Apotheker-1.odt
[2011.04.01 14:28:30 | 000,006,457 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Haarmineralanalyse PM Endkunde.odt
[2011.04.01 08:46:37 | 000,157,773 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Rechnung eMedical.pdf
[2011.04.01 08:46:24 | 000,157,765 | ---- | M] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Rechnung DHB.pdf
[2011.03.21 11:26:41 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
 
========== Files Created - No Company Name ==========
 
[2011.04.11 16:48:09 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
[2011.04.11 15:35:55 | 000,000,130 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\hosts-perm.bat
[2011.04.11 15:26:19 | 001,006,778 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\eXplorer.exe
[2011.04.11 14:48:48 | 243,748,103 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.04.11 14:14:27 | 000,000,120 | ---- | C] () -- C:\Users\*\AppData\Local\Yyikodusexuy.dat
[2011.04.11 14:14:27 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Local\Cmamevub.bin
[2011.04.11 14:12:36 | 000,002,736 | ---- | C] () -- C:\Users\*\AppData\Roaming\CD06.5F3
[2011.04.08 07:49:27 | 000,001,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeManager Terminerinnerung.lnk
[2011.04.01 14:28:51 | 000,005,983 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\PM Haarmineralanalyse Apotheker-1.odt
[2011.04.01 14:28:29 | 000,006,457 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Haarmineralanalyse PM Endkunde.odt
[2011.04.01 08:46:36 | 000,157,773 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Rechnung eMedical.pdf
[2011.04.01 08:46:24 | 000,157,765 | ---- | C] () -- C:\Users\*\Voreingestellte Ordner\Desktop\Rechnung DHB.pdf
[2011.02.22 09:20:09 | 000,000,293 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.02.07 13:31:06 | 000,001,356 | ---- | C] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2010.10.25 13:07:38 | 000,000,055 | ---- | C] () -- C:\Users\*\AppData\Roaming\tigersetting.dll
[2010.10.21 15:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2010.10.21 15:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll
[2010.10.21 15:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll
[2010.10.21 15:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll
[2010.10.15 16:36:49 | 000,000,701 | ---- | C] () -- C:\Users\*\AppData\Roaming\init.dll
[2010.10.15 16:36:49 | 000,000,006 | ---- | C] () -- C:\Users\*\AppData\Roaming\SYSTEM32.dll
[2010.10.15 16:36:47 | 000,000,701 | ---- | C] () -- C:\Users\*\AppData\Roaming\sound.dll
[2010.10.15 16:35:53 | 000,094,274 | ---- | C] () -- C:\Windows\System32\HPBHEALR.DLL
[2010.06.11 11:57:08 | 000,024,456 | ---- | C] () -- C:\Windows\System32\TALDM32A.dll
[2010.06.11 11:57:06 | 000,052,616 | ---- | C] () -- C:\Windows\System32\TAL12832.DLL
[2010.06.11 11:57:06 | 000,022,920 | ---- | C] () -- C:\Windows\System32\TALDM32.DLL
[2010.06.11 11:56:58 | 000,255,368 | ---- | C] () -- C:\Windows\System32\SBSPAIN3.DLL
[2010.06.11 11:56:54 | 000,075,656 | ---- | C] () -- C:\Windows\System32\ENCODE32.DLL
[2010.05.11 09:35:41 | 001,503,232 | ---- | C] () -- C:\Windows\System32\ptj.exe
[2010.05.11 09:35:41 | 001,103,360 | ---- | C] () -- C:\Windows\System32\cidfont.dll
[2010.05.11 09:35:39 | 004,369,408 | ---- | C] () -- C:\Windows\System32\pdftk.exe
[2010.05.11 09:35:39 | 000,235,008 | ---- | C] () -- C:\Windows\System32\office.exe
[2010.04.19 14:59:07 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.04.19 14:59:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.09.22 11:05:36 | 011,194,368 | ---- | C] () -- C:\Windows\System32\ZHHP_RES.DLL
[2009.09.22 11:05:35 | 000,352,256 | ---- | C] () -- C:\Windows\System32\zSHP2600.EXE
[2009.09.03 15:49:10 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.09.03 15:14:32 | 000,000,819 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009.09.03 15:14:32 | 000,000,160 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009.09.03 15:13:36 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009.09.03 15:13:35 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009.09.03 15:13:35 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009.09.01 11:09:15 | 000,012,800 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.01 07:16:57 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
[2009.09.01 07:16:56 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009.09.01 07:16:56 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009.09.01 06:55:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.01 06:55:13 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.09.01 06:55:11 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD7320.DAT
[2009.09.01 06:46:22 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.06.19 13:31:04 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2009.06.19 13:16:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.06.02 13:38:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.02 13:38:44 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2009.06.02 13:38:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.29 03:14:19 | 000,638,224 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.05.29 03:14:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.05.29 03:14:19 | 000,130,634 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.05.29 03:14:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.05.28 17:53:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.05.16 05:22:50 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.04.23 21:04:54 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.02.18 19:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.03 22:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008.07.09 17:23:10 | 000,042,296 | ---- | C] () -- C:\Windows\System32\SBSPAINT.DLL
[2008.07.09 17:23:06 | 000,050,488 | ---- | C] () -- C:\Windows\System32\SBSPAIN2.DLL
[2008.02.21 00:44:36 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2007.06.27 08:00:00 | 000,749,568 | ---- | C] () -- C:\Windows\System32\AGISSI.DLL
[2007.06.27 08:00:00 | 000,299,008 | ---- | C] () -- C:\Windows\System32\ZHHP2600.EXE
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,404,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,154 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,486 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.08.09 07:00:42 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
 
========== LOP Check ==========
 
[2011.04.01 09:35:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Babylon
[2011.04.08 07:50:32 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch Gelbe Seiten Map&Route
[2009.10.16 10:52:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch GelbeSeiten Map&Route
[2011.02.22 12:09:52 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Lexware
[2009.09.22 13:36:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PC-FAX TX
[2010.06.10 08:38:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ProtectDisc
[2010.07.21 09:49:01 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2009.10.16 10:52:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TVG
[2011.02.28 15:17:55 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\XSManager
[2010.10.25 13:07:58 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\YCanPDF
[2011.04.11 15:22:31 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---

OTL 2

Extras:

Code:
ATTFilter
OTL Extras logfile created on: 11.04.2011 17:32:43 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\*\Voreingestellte Ordner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,17 Gb Total Space | 441,46 Gb Free Space | 76,62% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 8,84 Gb Free Space | 44,23% Space Free | Partition Type: FAT32
Drive H: | 2,09 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 3,73 Gb Total Space | 0,54 Gb Free Space | 14,44% Space Free | Partition Type: FAT32
 
Computer Name: *-PCMENG | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02168D5F-1DC9-408B-BBD6-15413069EFA8}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1816C5C5-8724-4346-BE7B-D6AD9BF9783F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{19D52958-82A0-49E5-A7D0-5B0ABB4D9BD5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{26ACDBF9-3F62-4039-88EE-BB5085D2F88B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{2D24BB1B-45DA-427F-8BB2-57038C6114AE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{34394ECB-55D8-4365-9217-E4615BEACF8E}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface | 
"{43A7A43F-31CC-44BD-9190-A147717D727B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5B3F1AB2-BB23-4042-96C6-A476F18F9B87}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5B6389CA-35AB-473D-92B9-89C2E6EAA4C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6DD9E58C-BBAA-4553-BC4D-4DD0B2713C49}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{7D00B4AD-588A-436A-8B79-12425B3025ED}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8AC15729-7F19-4013-BC6E-CBD771A9C5CA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8C5D1BC5-9FB9-4276-A322-4923AEF199A4}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{CEF1FEEE-D5DE-40AD-9C0E-44071CE655F7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D2E63D72-AF82-42DC-A99B-3E929AECE6FF}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DA29240B-DAAF-4C2F-85B3-BC5D63B1B76A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DF2F699D-4D4C-4048-9648-E8AD9AE80A21}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E79498D0-5688-47EF-8A90-E78CADFE044B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E8C1978F-99EE-4385-937A-91DAEAD737F1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{FBB36426-C494-4349-9A18-F4FB5AD91145}" = rport=139 | protocol=6 | dir=out | app=system | 
"{FD64E035-E3FB-4751-874E-54DB333A668C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FF648C95-EC9A-4D63-8B34-494CB8154996}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BAB2950-412F-43AE-AE84-E6C26AE11CE2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{16D6CCB1-153E-4A96-8B18-4BE302EB0109}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | 
"{2305097D-4A25-4280-A20C-87D64AF4DA12}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{330176FD-B388-4FED-BDAB-7756D5024EEB}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{4074D7CD-E6F8-4492-BC0D-24849B906F80}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\hp1006mc.exe | 
"{7A37DCB4-3FB8-4963-85A7-D58CD1A69961}" = protocol=17 | dir=in | app=c:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 
"{84D28370-5E88-4676-9B18-F30073B5AFBC}" = protocol=6 | dir=in | app=c:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 
"{87F4EB7E-BE7A-4293-AB0F-A86DFD346F62}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8FCF42BB-913C-4422-9D0D-996090DAC2C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{A1EB3616-7A10-400A-A81E-7BEFD43E9CB2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{ADDD1838-02E6-45C4-AC41-355D4A10D5D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B31B51C3-20BD-40CA-B401-26B2FC0EAF12}" = protocol=17 | dir=in | app=c:\users\*\voreingestellte ordner\downloads\pdf_converter.exe | 
"{B6F95F63-654B-4F70-889D-8D1C8DEC682E}" = protocol=6 | dir=in | app=c:\users\*\voreingestellte ordner\downloads\pdf_converter.exe | 
"{BE29A264-0900-4C94-AB3B-F39194970FE1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CB08819A-3E73-4FE4-8B92-34E87B635332}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D769AD58-E721-499D-8C70-BC4B15F40737}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{E2FF9E75-3AE5-424D-A546-BC85DFC736D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{4FA8F3B5-A0D2-4AF9-88E7-C73082C60243}C:\program files\lan.fs\lan-fs.exe" = protocol=6 | dir=in | app=c:\program files\lan.fs\lan-fs.exe | 
"TCP Query User{6BF648D6-8E76-44F8-A76C-95A1B8E2971E}C:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 
"TCP Query User{7D451E0A-17A0-4F65-84A9-825EA2DBF2AA}H:\setup.exe" = protocol=6 | dir=in | app=h:\setup.exe | 
"UDP Query User{46D0DF17-3A0C-49E5-863B-15D41DE1514A}C:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\apps\2.0\hd0z4920.jg8\7y9m4gyd.9c7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe | 
"UDP Query User{B0EBE722-677E-431B-B01C-B040325BA9E5}C:\program files\lan.fs\lan-fs.exe" = protocol=17 | dir=in | app=c:\program files\lan.fs\lan-fs.exe | 
"UDP Query User{CDE4E560-0E51-46BB-A448-9BF8E776FB68}H:\setup.exe" = protocol=17 | dir=in | app=h:\setup.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00BADC8E-0A5A-1C41-A4C2-ADE2B26B78EF}" = CCC Help German
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1E307673-A877-89FF-78DC-14EE9B90E36D}" = ATI Catalyst Install Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A0EDB2D-F27C-DFDD-C17C-F2E4B05F503D}" = CCC Help French
"{321F2647-25B9-2909-E2F4-AC2770A358B9}" = Catalyst Control Center Graphics Full New
"{3429F980-7C10-BF80-84C0-06ACF39900CD}" = ccc-utility
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{383A2E3F-A462-1C60-7627-EFA7D3B140E7}" = CCC Help Finnish
"{398ED33A-6B97-9909-B91F-7A3ADEF08BEE}" = CCC Help Norwegian
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A567E16-3E64-39BB-0C07-8083E81D56F0}" = CCC Help Spanish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{437220AC-2A97-8338-E012-74B8DF30E9DA}" = Catalyst Control Center InstallProxy
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C4DC88C-1C41-457C-BB14-9FAE6E3CEFBD}" = Lexware faktura+auftrag 2011
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1.1
"{519EDA51-1048-2879-8005-5EF3F3EE4A99}" = CCC Help Japanese
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{5235D305-3A25-35E0-C8F4-0D07325B5449}" = CCC Help Italian
"{5383EF8A-150E-4EAB-2C1D-C3135DE70368}" = Catalyst Control Center Core Implementation
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76DAEC83-AF7B-333C-8A53-83D7C7D39199}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{849EF876-F6A3-B14F-7FBE-35264E4D84A0}" = Catalyst Control Center Graphics Previews Vista
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8E87B944-4815-3C5E-947F-5035C9F64362}" = Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92D9E57D-73A5-4329-9888-FBBC16ED8944}_is1" = UN.CO.VER. 2.0
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FF070B4-7A62-FEB7-2673-68A58166C9D5}" = Catalyst Control Center Localization All
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AEM384L1-28E3-1232-1233-1JD74JDIEK32}_is1" = PDFTigerDriver
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3B2E45F-A0FC-47C6-B399-72D9D8482C8A}" = Visual Basic for Applications (R) Core - German
"{B83AAFD3-D8DE-46CE-9351-70C21AC6704E}" = Stampit Home
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DC507BF5-66C7-B876-F564-0E60CB91D0DF}" = Catalyst Control Center Graphics Full Existing
"{DCB39D37-F1EC-EC0B-AC38-F3ECC9B5F55D}" = CCC Help Swedish
"{DCF22E37-A8B6-4F78-9D61-3BCB5ED38A50}" = CorelDRAW Graphics Suite X5 - DE
"{DE252510-5687-4C60-A705-C43E19F12C9D}_is1" = PDFTiger Kernel
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E1CEE7F9-90EF-19B9-75DE-8F8F2AA18131}" = Catalyst Control Center Graphics Light
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5DF3476-26A4-A39E-52E1-33FFD2D7FEED}" = CCC Help Danish
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E67038A6-1745-BFC1-65D5-01D833D8E932}" = ccc-core-static
"{E7F088E0-6B7F-896B-4337-FC1617514152}" = CCC Help English
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EF3D2EED-053B-9A14-B270-B62FB987EBC5}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"{F98A9659-65D5-856C-A163-1304D8355F72}" = Skins
"{FBD3DDF9-38BD-4BBC-A135-A5F0DD7BA634}" = Deutsche Post Einlieferungslisten
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babylon" = Babylon
"BabylonToolbar" = Babylon toolbar
"CCleaner" = CCleaner
"CyberGhost VPN_is1" = CyberGhost VPN
"DasTelefonbuch Gelbe Seiten Map & Route" = DasTelefonbuch Gelbe Seiten Map & Route
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}" = DesignPro 5
"Local Area Network File Send 2_is1" = Local Area Network File Send Version 2.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"myBabylon_English Toolbar" = myBabylon English Toolbar
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"PDFTiger_is1" = PDFTiger
"Picasa 3" = Picasa 3
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"uninstall.exe" = iLinc Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"web2date" = DATA BECKER shop to date 5
"WinLiveSuite_Wave3" = Windows Live Essentials
"XSManager" = XSManager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss
"pdfsam" = pdfsam
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.04.2011 09:02:01 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2011 09:15:51 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2011 09:20:04 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2011 09:21:01 | Computer Name = *-PCMeng | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.04.2011 09:21:01 | Computer Name = *-PCMeng | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.04.2011 11:00:19 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2011 11:00:54 | Computer Name = *-PCMeng | Source = EventSystem | ID = 4609
Description = 
 
Error - 11.04.2011 11:10:09 | Computer Name = *-PCMeng | Source = EventSystem | ID = 4609
Description = 
 
Error - 11.04.2011 11:10:43 | Computer Name = *-PCMeng | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.04.2011 11:21:52 | Computer Name = *-PCMeng | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ OSession Events ]
Error - 17.03.2011 09:23:02 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 18.03.2011 08:43:09 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16745
 seconds with 900 seconds of active time.  This session ended with a crash.
 
Error - 23.03.2011 08:30:28 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7922
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 23.03.2011 08:31:59 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 51
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.03.2011 08:32:12 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.03.2011 08:33:16 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.03.2011 08:33:42 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.03.2011 10:21:35 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 172
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 30.03.2011 04:54:40 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 87
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.04.2011 01:55:30 | Computer Name = *-PCMeng | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 217
 seconds with 180 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 11.04.2011 11:00:56 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description = 
 
Error - 11.04.2011 11:00:58 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description = 
 
Error - 11.04.2011 11:00:59 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description = 
 
Error - 11.04.2011 11:09:58 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description = 
 
Error - 11.04.2011 11:10:09 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description = 
 
Error - 11.04.2011 11:10:11 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description = 
 
Error - 11.04.2011 11:10:12 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description = 
 
Error - 11.04.2011 11:10:13 | Computer Name = *-PCMeng | Source = DCOM | ID = 10005
Description = 
 
Error - 11.04.2011 11:10:43 | Computer Name = *-PCMeng | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.04.2011 11:10:43 | Computer Name = *-PCMeng | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         

Alt 11.04.2011, 18:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MS Removal Tool - Standard

MS Removal Tool



Wirst du hier zum Stammgast
oder ist das (wieder?) ein neuer (anderer) PC?
__________________

__________________

Alt 11.04.2011, 19:36   #3
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



Hallo cosinus,

vielen Dank für deine schnelle Antwort.

Es ist ein anderer PC.

Liebe Grüße
__________________

Alt 11.04.2011, 19:48   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MS Removal Tool - Standard

MS Removal Tool



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.04.2011, 21:37   #5
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



Folgen morgen früh, werden aber einige werden...

So, dann legen wir mal los:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 5363
 
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
 
11.04.2011 14:40:57
mbam-log-2011-04-11 (14-40-57).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 175216
Laufzeit: 6 Minute(n), 7 Sekunde(n)
 
Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5
 
Infizierte Speicherprozesse:
c:\Users\*\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> 1196 -> Unloaded process successfully.
c:\Users\*\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 1260 -> Unloaded process successfully.
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
 
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (Adware.WidgiToolbar) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Xkudamisab (Trojan.Agent.U) -> Value: Xkudamisab -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vpohomuraranawif (Trojan.Agent.U) -> Value: Vpohomuraranawif -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Value: Shell -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\*\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\program files\pdfforge toolbar\pdfforgetoolbarie.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\ST301V.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\omuhaqevemi.dll (Trojan.Agent.U) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 5363
 
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
 
11.04.2011 14:54:02
mbam-log-2011-04-11 (14-54-02).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 167145
Laufzeit: 3 Minute(n), 38 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\Users\*\AppData\Roaming\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
         
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 5363
 
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
 
11.04.2011 15:08:06
mbam-log-2011-04-11 (15-08-06).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 167177
Laufzeit: 3 Minute(n), 14 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Danach habe ich Windows wieder normal gestartet und MS Removal Tool hat sich wieder eingenistet. Danach wieder Safe-Mode:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6333
 
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
 
11.04.2011 17:28:56
mbam-log-2011-04-11 (17-28-56).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 112686
Laufzeit: 17 Minute(n), 15 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 15
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\hIj28258lHaFl28258 (Rogue.MSRemovalTool) -> Value: hIj28258lHaFl28258 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B922D405-6D13-4A2B-AE89-08A030DA4402}\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> Quarantined and deleted successfully.
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\programdata\hij28258lhafl28258\hij28258lhafl28258.exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\33A6.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\686t20g1.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\6ntecle7.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\7cc2opx4.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\9iyywc9v.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\aysdte0o.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\j5pepkrl.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\kf1khc1s.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\pnakgqu0.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\qtpd76jb.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\v7tt5gb1.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\LocalLow\Sun\Java\deployment\cache\6.0\3\11cfa543-3992d1eb (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc24452392.txt (Trojan.Hiloti) -> Quarantined and deleted successfully.
         

Ich mache jetzt nochmal einen kompletten Suchlauf und werde mich melden.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 6340
 
Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005
 
12.04.2011 09:54:17
mbam-log-2011-04-12 (09-54-17).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 358649
Laufzeit: 45 Minute(n), 29 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 22
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc24446339.txt (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc130.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc137.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc141.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc151.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc158.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc164.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc173.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc219.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc239.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc253.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc29.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc30.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc56.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc61.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc74.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc78.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc79.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc81.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc87.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Roaming\Adobe\plugs\mmc89.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\*\voreingestellte ordner\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
         


Alt 12.04.2011, 11:19   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MS Removal Tool - Standard

MS Removal Tool



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
--> MS Removal Tool

Alt 12.04.2011, 11:39   #7
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



Hallo,

vielen Dank erstmal. Hier das Log:

Code:
ATTFilter
2011/04/12 12:32:17.0771 1292	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 12:32:18.0036 1292	================================================================================
2011/04/12 12:32:18.0036 1292	SystemInfo:
2011/04/12 12:32:18.0036 1292	
2011/04/12 12:32:18.0036 1292	OS Version: 6.0.6002 ServicePack: 2.0
2011/04/12 12:32:18.0036 1292	Product type: Workstation
2011/04/12 12:32:18.0036 1292	ComputerName: *-PCMENG
2011/04/12 12:32:18.0036 1292	UserName: *
2011/04/12 12:32:18.0036 1292	Windows directory: C:\Windows
2011/04/12 12:32:18.0036 1292	System windows directory: C:\Windows
2011/04/12 12:32:18.0036 1292	Processor architecture: Intel x86
2011/04/12 12:32:18.0036 1292	Number of processors: 4
2011/04/12 12:32:18.0036 1292	Page size: 0x1000
2011/04/12 12:32:18.0036 1292	Boot type: Safe boot with network
2011/04/12 12:32:18.0036 1292	================================================================================
2011/04/12 12:32:18.0441 1292	Initialize success
2011/04/12 12:32:25.0212 0620	================================================================================
2011/04/12 12:32:25.0212 0620	Scan started
2011/04/12 12:32:25.0212 0620	Mode: Manual; 
2011/04/12 12:32:25.0212 0620	================================================================================
2011/04/12 12:32:26.0444 0620	ACEDRV09        (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
2011/04/12 12:32:26.0491 0620	acedrv10        (0059ff74927a27395c5e190f9aa392df) C:\Windows\system32\drivers\acedrv10.sys
2011/04/12 12:32:26.0569 0620	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
2011/04/12 12:32:26.0585 0620	acehlp10        (6625a32ad17a3fa6c7f405aeac945aa7) C:\Windows\system32\drivers\acehlp10.sys
2011/04/12 12:32:26.0694 0620	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/04/12 12:32:26.0756 0620	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/12 12:32:26.0787 0620	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/12 12:32:26.0834 0620	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/12 12:32:26.0850 0620	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/12 12:32:26.0928 0620	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/04/12 12:32:26.0959 0620	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/12 12:32:26.0990 0620	ahcix86s        (03081e98c515cb838434d252f407f6e8) C:\Windows\system32\DRIVERS\ahcix86s.sys
2011/04/12 12:32:27.0021 0620	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/12 12:32:27.0084 0620	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/12 12:32:27.0146 0620	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/12 12:32:27.0177 0620	amdide          (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/12 12:32:27.0224 0620	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/12 12:32:27.0240 0620	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/12 12:32:27.0287 0620	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/12 12:32:27.0333 0620	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/12 12:32:27.0380 0620	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/12 12:32:27.0411 0620	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/04/12 12:32:27.0552 0620	atikmdag        (ec6b30e644e11d7b18382601f3f95807) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/12 12:32:27.0661 0620	AtiPcie         (5a1465ad2e7c1bc39cda12a355329096) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/04/12 12:32:27.0739 0620	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/12 12:32:27.0755 0620	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/12 12:32:27.0770 0620	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/12 12:32:27.0833 0620	avmaudio        (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys
2011/04/12 12:32:27.0864 0620	avmaura         (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaura.sys
2011/04/12 12:32:27.0911 0620	avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
2011/04/12 12:32:27.0942 0620	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/12 12:32:27.0989 0620	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/12 12:32:28.0004 0620	bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/12 12:32:28.0051 0620	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/12 12:32:28.0067 0620	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/12 12:32:28.0098 0620	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/12 12:32:28.0160 0620	BrSerIf         (1a5fc78e41840edf79d65ec16eff2787) C:\Windows\system32\Drivers\BrSerIf.sys
2011/04/12 12:32:28.0191 0620	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/12 12:32:28.0207 0620	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/12 12:32:28.0223 0620	BrUsbSer        (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
2011/04/12 12:32:28.0254 0620	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/12 12:32:28.0285 0620	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/12 12:32:28.0332 0620	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/12 12:32:28.0363 0620	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/12 12:32:28.0410 0620	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/04/12 12:32:28.0457 0620	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/12 12:32:28.0535 0620	cmnsusbser      (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys
2011/04/12 12:32:28.0566 0620	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/04/12 12:32:28.0597 0620	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/12 12:32:28.0628 0620	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/12 12:32:28.0675 0620	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/04/12 12:32:28.0691 0620	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/04/12 12:32:28.0753 0620	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/12 12:32:28.0815 0620	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/12 12:32:28.0862 0620	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/12 12:32:28.0925 0620	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/04/12 12:32:28.0987 0620	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/12 12:32:29.0018 0620	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/12 12:32:29.0081 0620	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/04/12 12:32:29.0112 0620	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/04/12 12:32:29.0143 0620	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/12 12:32:29.0174 0620	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/12 12:32:29.0205 0620	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/12 12:32:29.0237 0620	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/12 12:32:29.0252 0620	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/04/12 12:32:29.0315 0620	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/12 12:32:29.0346 0620	FWLANUSB        (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
2011/04/12 12:32:29.0377 0620	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/12 12:32:29.0439 0620	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/04/12 12:32:29.0486 0620	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/12 12:32:29.0533 0620	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/12 12:32:29.0580 0620	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/12 12:32:29.0611 0620	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/12 12:32:29.0658 0620	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/12 12:32:29.0705 0620	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/04/12 12:32:29.0720 0620	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/12 12:32:29.0767 0620	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/12 12:32:29.0798 0620	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/12 12:32:29.0829 0620	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/12 12:32:29.0939 0620	IntcAzAudAddService (fd1d5f1609126831f49d6cfbb61f9ddd) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/12 12:32:30.0017 0620	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/12 12:32:30.0032 0620	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/12 12:32:30.0079 0620	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/12 12:32:30.0126 0620	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/12 12:32:30.0157 0620	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/12 12:32:30.0173 0620	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/12 12:32:30.0204 0620	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/12 12:32:30.0251 0620	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/12 12:32:30.0266 0620	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/12 12:32:30.0297 0620	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/12 12:32:30.0329 0620	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/12 12:32:30.0375 0620	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/12 12:32:30.0422 0620	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/12 12:32:30.0453 0620	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/12 12:32:30.0500 0620	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/12 12:32:30.0531 0620	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/12 12:32:30.0563 0620	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/12 12:32:30.0578 0620	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/12 12:32:30.0625 0620	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/12 12:32:30.0656 0620	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/12 12:32:30.0687 0620	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/12 12:32:30.0719 0620	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/12 12:32:30.0734 0620	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/12 12:32:30.0750 0620	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/12 12:32:30.0765 0620	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/12 12:32:30.0812 0620	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/12 12:32:30.0859 0620	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/12 12:32:30.0890 0620	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/12 12:32:30.0921 0620	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/12 12:32:30.0984 0620	mrxsmb          (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/12 12:32:30.0999 0620	mrxsmb10        (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/12 12:32:31.0046 0620	mrxsmb20        (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/12 12:32:31.0093 0620	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/04/12 12:32:31.0124 0620	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/12 12:32:31.0171 0620	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/12 12:32:31.0202 0620	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/12 12:32:31.0233 0620	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/12 12:32:31.0280 0620	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/12 12:32:31.0280 0620	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/12 12:32:31.0327 0620	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/04/12 12:32:31.0358 0620	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/12 12:32:31.0374 0620	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/12 12:32:31.0389 0620	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/04/12 12:32:31.0436 0620	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/12 12:32:31.0467 0620	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/04/12 12:32:31.0499 0620	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/12 12:32:31.0514 0620	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/12 12:32:31.0545 0620	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/12 12:32:31.0577 0620	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/12 12:32:31.0577 0620	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/12 12:32:31.0608 0620	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/12 12:32:31.0670 0620	netr28u         (9ba2f93e4f01ec58e722b36639e0ce5d) C:\Windows\system32\DRIVERS\netr28u.sys
2011/04/12 12:32:31.0748 0620	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/12 12:32:31.0779 0620	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/04/12 12:32:31.0811 0620	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/12 12:32:31.0857 0620	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/04/12 12:32:31.0904 0620	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/12 12:32:31.0920 0620	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/12 12:32:31.0951 0620	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/12 12:32:31.0967 0620	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/12 12:32:32.0029 0620	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/12 12:32:32.0107 0620	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/12 12:32:32.0154 0620	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/12 12:32:32.0185 0620	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/04/12 12:32:32.0216 0620	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/12 12:32:32.0232 0620	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/04/12 12:32:32.0294 0620	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/04/12 12:32:32.0310 0620	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/12 12:32:32.0357 0620	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/12 12:32:32.0450 0620	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/12 12:32:32.0450 0620	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/04/12 12:32:32.0497 0620	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/12 12:32:32.0559 0620	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/12 12:32:32.0637 0620	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/12 12:32:32.0700 0620	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/12 12:32:32.0731 0620	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/12 12:32:32.0747 0620	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/12 12:32:32.0778 0620	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/12 12:32:32.0809 0620	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/12 12:32:32.0825 0620	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/12 12:32:32.0856 0620	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/12 12:32:32.0871 0620	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/12 12:32:32.0903 0620	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/12 12:32:32.0934 0620	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/12 12:32:32.0965 0620	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/04/12 12:32:33.0012 0620	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/12 12:32:33.0074 0620	RTHDMIAzAudService (72a5515a2031d458dd38e9336594184b) C:\Windows\system32\drivers\RtHDMIV.sys
2011/04/12 12:32:33.0121 0620	RTL8169         (abbe0f54ba3a378262c9cb86cf7d91f8) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/12 12:32:33.0137 0620	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/12 12:32:33.0183 0620	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/12 12:32:33.0215 0620	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/12 12:32:33.0246 0620	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/04/12 12:32:33.0277 0620	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/12 12:32:33.0324 0620	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/12 12:32:33.0339 0620	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/12 12:32:33.0371 0620	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/12 12:32:33.0386 0620	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/12 12:32:33.0433 0620	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/12 12:32:33.0449 0620	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/12 12:32:33.0480 0620	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/12 12:32:33.0527 0620	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/04/12 12:32:33.0573 0620	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/12 12:32:33.0636 0620	srv             (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/04/12 12:32:33.0667 0620	srv2            (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/12 12:32:33.0698 0620	srvnet          (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/12 12:32:33.0745 0620	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/12 12:32:33.0792 0620	ss_bus          (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\Windows\system32\DRIVERS\ss_bus.sys
2011/04/12 12:32:33.0839 0620	ss_mdfl         (f0a85580e36a3a85059037d39a9cf079) C:\Windows\system32\DRIVERS\ss_mdfl.sys
2011/04/12 12:32:33.0885 0620	ss_mdm          (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\Windows\system32\DRIVERS\ss_mdm.sys
2011/04/12 12:32:33.0932 0620	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/12 12:32:33.0963 0620	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/12 12:32:33.0979 0620	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/12 12:32:34.0010 0620	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/12 12:32:34.0057 0620	tap0901         (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
2011/04/12 12:32:34.0119 0620	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/04/12 12:32:34.0151 0620	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/12 12:32:34.0197 0620	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/12 12:32:34.0229 0620	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/12 12:32:34.0260 0620	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/12 12:32:34.0307 0620	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/12 12:32:34.0322 0620	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/12 12:32:34.0385 0620	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/12 12:32:34.0416 0620	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/12 12:32:34.0447 0620	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/12 12:32:34.0494 0620	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/12 12:32:34.0541 0620	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/12 12:32:34.0603 0620	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/12 12:32:34.0619 0620	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/12 12:32:34.0650 0620	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/12 12:32:34.0681 0620	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/12 12:32:34.0712 0620	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/12 12:32:34.0759 0620	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/12 12:32:34.0790 0620	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/12 12:32:34.0837 0620	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/12 12:32:34.0884 0620	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/12 12:32:34.0899 0620	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/12 12:32:34.0931 0620	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/12 12:32:34.0962 0620	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/12 12:32:35.0009 0620	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/12 12:32:35.0024 0620	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/12 12:32:35.0071 0620	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/12 12:32:35.0102 0620	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/12 12:32:35.0133 0620	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/12 12:32:35.0165 0620	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/12 12:32:35.0180 0620	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/12 12:32:35.0211 0620	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/12 12:32:35.0258 0620	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/04/12 12:32:35.0305 0620	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/04/12 12:32:35.0336 0620	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/12 12:32:35.0383 0620	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/12 12:32:35.0414 0620	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 12:32:35.0414 0620	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 12:32:35.0461 0620	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/12 12:32:35.0508 0620	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/12 12:32:35.0601 0620	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/12 12:32:35.0648 0620	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/12 12:32:35.0711 0620	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/12 12:32:35.0804 0620	\HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/12 12:32:36.0023 0620	================================================================================
2011/04/12 12:32:36.0023 0620	Scan finished
2011/04/12 12:32:36.0023 0620	================================================================================
2011/04/12 12:32:36.0038 1128	Detected object count: 1
2011/04/12 12:32:46.0022 1128	\HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/12 12:32:46.0022 1128	\HardDisk0 - ok
2011/04/12 12:32:46.0022 1128	Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 
2011/04/12 12:32:57.0379 1700	Deinitialize success
         
Der zweite Kontrollscan war sauber.

Liebe Grüße

Alt 12.04.2011, 11:44   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MS Removal Tool - Standard

MS Removal Tool



Code:
ATTFilter
2011/04/12 12:32:36.0038 1128	Detected object count: 1
2011/04/12 12:32:46.0022 1128	\HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/12 12:32:46.0022 1128	\HardDisk0 - ok
2011/04/12 12:32:46.0022 1128	Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 
2011/04/12 12:32:57.0379 1700	Deinitialize success
         
TDL4 wurde erkannt und entfernt. Bitte Windows neu starten und den TDSS-Killer zur Kontrolle nochmal ausführen - Log posten. Oder hast du den Kontrollscan nach einem Neustart gemacht?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.04.2011, 11:54   #9
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



Den Kontrollscan habe ich nach dem Neustart gemacht.

Alt 12.04.2011, 12:01   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MS Removal Tool - Daumen hoch

MS Removal Tool



Zitat:
Den Kontrollscan habe ich nach dem Neustart gemacht.
Sehr gut!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.04.2011, 12:39   #11
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



Dass sich nun keine Anwendung mehr starten lässt, beunruhigt mich doch etwas.

"Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum löschen markiert wurde."

Beispielsweise beim Firefox und bei Thunderbird.

Bin nun an einem anderen Rechner.

Das Log:


Combofix Logfile:
Code:
ATTFilter
ComboFix 11-04-11.03 - * 12.04.2011  13:20:12.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.2741 [GMT 2:00]
ausgeführt von:: c:\users\*\Voreingestellte Ordner\Desktop\cofi.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pontius Pilatus\AppData\Roaming\EurekaLog
c:\users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}
c:\users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}\chrome.manifest
c:\users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}\chrome\content\_cfg.js
c:\users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}\chrome\content\overlay.xul
c:\users\*\AppData\Local\{D73AD7EE-96ED-49B4-A9B7-DD94F154813D}\install.rdf
c:\users\*\AppData\Roaming\Adobe\plugs
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24452844.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24452875.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24452907.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24452953.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24453016.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24453031.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24456385.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24462220.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24462922.txt
c:\users\*\AppData\Roaming\Adobe\plugs\mmc24465808.txt
c:\users\*\AppData\Roaming\Adobe\shed
c:\users\*\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\system32\office.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-12 bis 2011-04-12  ))))))))))))))))))))))))))))))
.
.
2011-04-12 11:25 . 2011-04-12 11:26	--------	d-----w-	c:\users\*\AppData\Local\temp
2011-04-12 11:25 . 2011-04-12 11:25	--------	d-----w-	c:\users\SEO\AppData\Local\temp
2011-04-12 11:25 . 2011-04-12 11:25	--------	d-----w-	c:\users\Pontius Pilatus\AppData\Local\temp
2011-04-12 11:25 . 2011-04-12 11:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-12 11:11 . 2011-04-12 11:11	--------	d-----w-	C:\cofi
2011-04-11 14:48 . 2011-04-11 14:48	--------	d-----w-	c:\program files\GridinSoft Trojan Killer
2011-04-11 13:58 . 2011-04-11 13:58	--------	d-----w-	c:\windows\Sun
2011-04-11 12:34 . 2011-04-11 12:34	--------	d-----w-	c:\program files\CCleaner
2011-04-11 12:32 . 2011-04-11 12:32	--------	d-----w-	c:\users\*\AppData\Roaming\Malwarebytes
2011-04-11 12:32 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-11 12:32 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-11 12:32 . 2011-04-11 12:32	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-11 12:14 . 2011-04-11 12:14	0	----a-w-	c:\users\*\AppData\Local\Cmamevub.bin
2011-04-08 05:50 . 2011-04-08 05:50	--------	d-----w-	c:\users\*\AppData\Roaming\DasTelefonbuch Gelbe Seiten Map&Route
2011-04-08 05:50 . 2011-04-08 05:50	--------	d-----w-	c:\program files\Common Files\TVG
2011-04-08 05:45 . 2011-04-08 05:45	--------	d-----w-	c:\program files\TVG
2011-03-29 06:46 . 2011-03-29 06:46	--------	d-----w-	c:\program files\Microsoft SDKs
2011-03-29 06:46 . 2011-03-29 06:50	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
2011-03-29 06:43 . 2011-03-29 06:43	--------	d-----w-	c:\program files\Common Files\Protexis
2011-03-29 06:36 . 2011-03-29 06:36	--------	d-----w-	c:\program files\BabylonToolbar
2011-03-23 07:04 . 2011-02-22 14:13	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-03-23 07:04 . 2011-02-22 13:33	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-03-23 07:04 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-03-22 09:59 . 2011-03-22 09:59	--------	d-----w-	c:\users\*\AppData\Roaming\CyberLink
2011-03-22 09:59 . 2011-03-22 09:59	--------	d-----w-	c:\users\Public\CyberLink
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-12 10:26 . 2010-10-25 11:07	55	----a-w-	c:\users\*\AppData\Roaming\tigersetting.dll
2011-02-28 17:11 . 2011-02-28 17:11	90112	----a-w-	c:\windows\system32\lxdao11VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	69632	----a-w-	c:\windows\system32\PXTTool80VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	61440	----a-w-	c:\windows\system32\LXCurr12VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	4648960	----a-w-	c:\windows\system32\LxXtreme70VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	27648	----a-w-	c:\windows\system32\LXTPSW20VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	188416	----a-w-	c:\windows\system32\LxDBAL11VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	135168	----a-w-	c:\windows\system32\LxMail30VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	1335296	----a-w-	c:\windows\system32\LXTool91VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	118784	----a-w-	c:\windows\system32\LxOdbc11VC8.dll
2011-02-28 17:11 . 2011-02-28 17:11	110592	----a-w-	c:\windows\system32\LxUISettings20Native.dll
2011-02-28 17:11 . 2011-02-28 17:11	81920	----a-w-	c:\windows\system32\LxCI12.dll
2011-02-28 17:11 . 2011-02-28 17:11	196608	----a-w-	c:\windows\system32\LxBasics91VC8.dll
2011-02-28 12:43 . 2011-02-28 13:17	52128	----a-w-	c:\windows\system32\drivers\smsbda.sys
2011-02-28 12:43 . 2011-02-28 13:17	133120	----a-w-	c:\windows\system32\drivers\cm_netamd.sys
2011-02-28 12:43 . 2011-02-28 13:17	118272	----a-w-	c:\windows\system32\drivers\cm_seramd.sys
2011-02-28 12:43 . 2011-02-28 13:17	112640	----a-w-	c:\windows\system32\drivers\cm_net32.sys
2011-02-28 12:43 . 2011-02-28 13:17	103680	----a-w-	c:\windows\system32\drivers\cm_ser32.sys
2011-02-28 12:43 . 2011-02-28 13:17	103424	----a-w-	c:\windows\system32\drivers\cmnsusbser.sys
2011-02-24 17:38 . 2011-02-24 17:38	1425408	----a-w-	c:\windows\system32\FormAssi80.dll
2011-02-05 15:25 . 2011-02-05 15:25	57344	----a-w-	c:\windows\system32\FKStampPainter20.dll
2011-02-02 17:11 . 2009-10-05 08:22	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 07:43	638336	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 07:43	478720	----a-w-	c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 07:43	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 07:43	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 07:43	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 07:43	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 07:43	37376	----a-w-	c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 07:43	258048	----a-w-	c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 07:43	586240	----a-w-	c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 07:43	2873344	----a-w-	c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 07:43	26112	----a-w-	c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 07:43	209920	----a-w-	c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 07:43	98816	----a-w-	c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 07:43	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 07:43	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 07:43	667648	----a-w-	c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 07:43	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 07:43	135680	----a-w-	c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 07:43	979456	----a-w-	c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 07:43	357376	----a-w-	c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 07:43	302592	----a-w-	c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 07:43	261632	----a-w-	c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 07:43	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 07:43	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 07:43	683008	----a-w-	c:\windows\system32\d2d1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-13 17:10	2734688	----a-w-	c:\program files\myBabylon_English\tbmyBa.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyBa.dll" [2010-06-13 2734688]
.
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"AVMUSBFernanschluss"="c:\users\*\AppData\Local\Apps\2.0\HD0Z4920.JG8\7Y9M4GYD.9C7\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe" [2009-09-22 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-01 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"STAMPIT-Tray"="c:\program files\STAMPIT\Binary\Stray.exe" [2010-06-11 83336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\HomeCinema\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-12-02 1833504]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-05 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"Corel Graphics Suite 1117"="c:\program files\Corel\Corel Graphics 11\Register\registration.exe" [2005-02-17 315392]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 11\Register\registration.exe" [2005-02-17 315392]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2010-07-01 3811768]
"AVMWlanClient"="c:\program files\avmwlanstick\FRITZWLANMini.exe" [2007-02-02 283136]
"LexwareInfoService"="c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"starter4g"="c:\windows\starter4g.exe" [2010-07-08 160992]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" [2010-11-07 286720]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OfficeManager Terminerinnerung.lnk - c:\program files\TVG\DasTelefonbuch Gelbe Seiten Map & Route\win32\officemanager\OMAlarm.exe [2011-4-8 201728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 pxjabejg;pxjabejg;c:\windows\System32\drivers\ljwqoo.sys [x]
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-09-01 110304]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-10-28 583128]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-05-16 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2010-05-17 187456]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 135664]
R2 TVGOnlineUpdateSvc;TVG OnlineUpdate-Service;c:\program files\TVG\OnlineUpdate\OnlineUpdateSvc.exe [2010-02-24 398128]
R2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2010-04-12 329168]
R2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2010-07-08 145120]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
R3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2009-09-22 101248]
R3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2009-09-22 101248]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2007-01-25 4352]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2010-12-14 2412680]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-02-28 103424]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-10-26 250560]
S3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2007-01-25 265088]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2007-09-21 554496]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-01 09:11]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 07:54]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-11 07:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.test-wasser.de/piwik/index.php?module=CoreHome&action=index&date=2010-08-03&period=day&idSite=40
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1
uInternet Settings,ProxyServer = http=127.0.0.1:61838
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-31/4
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\kt93lppj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=14542
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=18e19fc0000000000000bc05430013f4&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http_port - 8000
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: SEO Status PageRank/Alexa Toolbar: seostatus@rubyweb - %profile%\extensions\seostatus@rubyweb
FF - Ext: WebRank Toolbar: webrank-toolbar@probcomp.com - %profile%\extensions\webrank-toolbar@probcomp.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-12 13:26
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-04-12  13:30:14
ComboFix-quarantined-files.txt  2011-04-12 11:30
.
Vor Suchlauf: 9 Verzeichnis(se), 474.077.728.768 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 474.032.267.264 Bytes frei
.
- - End Of File - - 362964E5105B50E1794A622355D581AF
         
--- --- ---

Alt 12.04.2011, 12:44   #12
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



Nicht mal mehr die Systemwiederherstellung würde funktionieren.

Alt 12.04.2011, 13:09   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MS Removal Tool - Standard

MS Removal Tool



Hast du Windows nach Combofix neu gestartet?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 12.04.2011, 13:20   #14
bugbugbug
Gesperrt
 
MS Removal Tool - Standard

MS Removal Tool



Ok, nach dem Neustart funktioniert es wieder. War mir nur etwas unsicher.

So, weiter im Programm.

Alt 12.04.2011, 13:28   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
MS Removal Tool - Standard

MS Removal Tool



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu MS Removal Tool
adobe, anti-malware, appdata, auftrag, avgntflt.sys, babylon toolbar, babylontoolbar, becker, cache, ccsetup, code, conduit, cyberghost, dateien, deutsche post, excel.exe, explorer, files, firefox, google chrome, hallo zusammen, install.exe, intranet, java, location, microsoft, microsoft office word, minute, mozilla, mozilla thunderbird, office 2007, oldtimer, otl.exe, pdfforge, pdfforge toolbar, picasa, removal, roaming, rootkit.tdss.gen, runonce, saver, sched.exe, search the web, searchplugins, security update, service, service pack 2, shell32.dll, shortcut, skype.exe, software, start menu, studio, temp, tool, version, visual studio, zusammen



Ähnliche Themen: MS Removal Tool


  1. MS removal Tool vollständig entfernen
    Log-Analyse und Auswertung - 21.07.2011 (72)
  2. erst ms removal tool und nun sheur3
    Log-Analyse und Auswertung - 23.06.2011 (22)
  3. Ms Removal tool
    Plagegeister aller Art und deren Bekämpfung - 22.05.2011 (1)
  4. Backup nach MS Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (4)
  5. MS Removal Tool - dwn.exe + csrss.exe
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (11)
  6. Befall mit MS Removal Tool
    Log-Analyse und Auswertung - 26.04.2011 (18)
  7. Endgültige Beseitigung von MS Removal Tool
    Log-Analyse und Auswertung - 20.04.2011 (1)
  8. MS Removal Tool auf Vista
    Log-Analyse und Auswertung - 17.04.2011 (19)
  9. Trojaner, Viren und MS Removal Tool etc.
    Antiviren-, Firewall- und andere Schutzprogramme - 16.04.2011 (8)
  10. MS Removal Tool wehrt sich -.-
    Plagegeister aller Art und deren Bekämpfung - 15.04.2011 (5)
  11. MS Removal Tool entfernen
    Anleitungen, FAQs & Links - 27.03.2011 (2)
  12. BitDefender-Stuxnet-Removal-Tool.exe
    Plagegeister aller Art und deren Bekämpfung - 22.10.2010 (15)
  13. Conficker/ cleanup tool oder removal tool ?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (0)
  14. boot - removal tool
    Plagegeister aller Art und deren Bekämpfung - 31.01.2007 (4)

Zum Thema MS Removal Tool - Hallo zusammen, erstmal das Malwarebytes-Log: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6333 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 7.0.6002.18005 11.04.2011 17:28:56 mbam-log-2011-04-11 - MS Removal Tool...
Archiv
Du betrachtest: MS Removal Tool auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.