Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojaner FakeAlert (https://www.trojaner-board.de/105087-trojaner-fakealert.html)

Blumenwiese 14.11.2011 12:44
Trojaner FakeAlert
 
Hallo,

heute hat sich ein "Antiviren-Programm" bei mir gemütlich gemacht. Bin derzeit im abgesicherten Modus und habe Malwarebytes drüber scannen lassen.

Hier die Log-Datei:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8159

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

14.11.2011 11:41:42
mbam-log-2011-11-14 (11-41-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 190621
Laufzeit: 3 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sIyTmnsPQfX.exe (Trojan.FakeAlert) -> Value: sIyTmnsPQfX.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\siytmnspqfx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\orf1rbdmofdjpb.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\18paam6x8uy32g.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\3093.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\98D7.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\guqsxfgvoxlht0.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\wusa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\~!#BF9A.tmp (Trojan.Inject) -> Quarantined and deleted successfully.
c:\Users\*\AppData\Local\Temp\0.4948223278427448.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

Hier noch Log-Datein von alten Scans:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7883

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

06.10.2011 13:24:23
mbam-log-2011-10-06 (13-24-23).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 201419
Laufzeit: 7 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6624

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

20.05.2011 11:33:35
mbam-log-2011-05-20 (11-33-35).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 370370
Laufzeit: 1 Stunde(n), 1 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B922D405-6D13-4A2B-AE89-08A030DA4402}\COMPONENTS\PDFFORGETOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: PDFFORGETOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\mozilla firefox\extensions\{b922d405-6d13-4a2b-ae89-08a030da4402}\components\pdfforgetoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6624

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19048

20.05.2011 10:21:06
mbam-log-2011-05-20 (10-21-06).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 175581
Laufzeit: 3 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Extras.txt:

Code:
OTL Extras logfile created on: 14.11.2011 11:51:47 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 78,97% Memory free
6,20 Gb Paging File | 5,79 Gb Available in Paging File | 93,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,61 Gb Total Space | 406,05 Gb Free Space | 70,42% Space Free | Partition Type: NTFS
Drive D: | 19,55 Gb Total Space | 13,33 Gb Free Space | 68,19% Space Free | Partition Type: FAT32
 
Computer Name: *-PC | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{182E67FC-4F59-474F-B9C1-9A929ACA6FF3}" = rport=139 | protocol=6 | dir=out | app=system |
"{1F0F7712-BF80-4AEB-8F9C-928CD50811F7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{28947FAA-1985-41AD-9BA6-B944B53BF501}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{355FB103-FD41-4A10-A6C1-7FB164F54612}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C921513-FA38-41B5-AFBB-D8FAF561C2AE}" = rport=445 | protocol=6 | dir=out | app=system |
"{69D85F44-B385-4149-BA59-F8A92EA80B44}" = lport=139 | protocol=6 | dir=in | app=system |
"{6AD37F0C-EC13-4241-B8A3-2073CFE75587}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot |
"{78DD2770-F3A5-4436-B2BC-BA0CBD94A8F7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A0926A4-F5FB-4A62-8EFD-9D7B1B2D73D4}" = lport=445 | protocol=6 | dir=in | app=system |
"{7BEBADC2-E40A-4B76-9A85-85AB26E20F59}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot |
"{8BB5D3A3-F541-4D00-854C-BDD13980D283}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{90720311-134C-4EF5-9D5D-814DB9EC2496}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{917C7491-0480-45B8-9036-79444CD6CB23}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{971DBBAD-A81D-42BA-A64C-A5DC571A343E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A8B1D00B-5B0D-4DB5-AC29-0408592D2B91}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AA4DABD8-A2AC-4E94-9C76-D46AF7BF9E6D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B7F48FCF-F3CA-480A-AAD4-B7EFB0731D93}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C1270D8B-5EC4-4710-95A6-03E70C263BD4}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot |
"{C58EABCF-525A-448C-8EC3-88E1AE270152}" = lport=138 | protocol=17 | dir=in | app=system |
"{E3CA773C-C55B-41D4-8F8F-342D63CC18BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E8934A54-F31B-4807-B5AF-AEA04B10B508}" = rport=138 | protocol=17 | dir=out | app=system |
"{EE73CAD9-BCC6-486E-B444-7A003C1F99AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1B022FB-A0B8-46ED-99E4-93AA579609A8}" = lport=137 | protocol=17 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02ED4ACB-F7C6-42FE-A167-4B83FB00F793}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1BFFC4AF-9B13-4A66-84DD-B71A10C2F1F1}" = protocol=6 | dir=in | app=c:\users\*\appdata\local\temp\ins4308\setup\bin\maininst.exe |
"{1F0B1D74-9CB2-4A10-95D5-31EA94FAEFAD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1F360168-4EEB-4A22-920A-BF70179401CB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{25F9F6B1-C512-4A18-8C8A-48CEE00BF5DC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{38010F0C-9E0C-434E-AA6E-BB0B2648817F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{77619B93-13FC-4027-9635-FC47ED167F1E}" = protocol=6 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{78E7469C-DD8A-4B64-ADFB-3F7C7EA46041}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8151AF7F-6145-4804-AA7E-5F09C93C02A1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8A5B0940-5EDA-4CA7-95C9-439067DEDA82}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{943721B8-3FED-4623-93C5-20AED5B22CF0}" = protocol=17 | dir=in | app=c:\users\*\appdata\local\temp\ins4308\setup\bin\maininst.exe |
"{9F734A5C-EC0A-4782-8B20-1A3D993D6AA6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AD1979FD-2837-4573-8F0A-1F874A96BCA1}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B8176040-B066-42FF-84EF-71174CD5CEE9}" = protocol=17 | dir=in | app=c:\program files\realtek\11n usb wireless lan utility\rtwlan.exe |
"{BEA0A3B3-DBE4-44E8-A4AB-20C18015BE1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB436949-CC95-4F1C-9471-0ECA2D776867}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC7B8546-71F4-492F-A101-7C107DDA9B35}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FD08C18A-C13B-4844-85AA-6D109830918D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{16AA6523-F560-4DAC-B64D-8E7237B6F345}C:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"TCP Query User{1DCD0280-613B-4811-9E74-DD36F3ACCE32}C:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"TCP Query User{316FB121-4081-441A-B18C-86019EF9E70E}C:\users\*\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 7.0\apache\apache.exe |
"TCP Query User{67764990-4DB3-4CAB-A98E-4E9F34D497A1}C:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"TCP Query User{7312BBD5-C7C3-49C3-B913-DA29869DAAE8}C:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"TCP Query User{831B596B-B10B-4F2B-916C-BB72AC8F160F}C:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"TCP Query User{975233EA-C0DD-4D25-8BCD-47278132FB03}C:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=6 | dir=in | app=c:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"TCP Query User{E853903F-41E6-45D3-A136-7FE411A53898}E:\setup.exe" = protocol=6 | dir=in | app=e:\setup.exe |
"UDP Query User{1A048BCE-1EC8-4265-8441-86B03DB182BE}C:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"UDP Query User{24BA53AC-A94A-46FB-9EEB-008CEB2EC677}C:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"UDP Query User{649AEF97-1F1C-4538-9296-4531599888A9}C:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"UDP Query User{7AE73B26-2A3E-4C06-96DC-CFF942496D43}C:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\gast shop2date\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"UDP Query User{AE1DCDAD-67A1-46E6-BA41-CB402500C593}C:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"UDP Query User{CD70A618-C923-4ADB-953F-A55BB91A90DB}C:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\gast\appdata\local\data becker\web to date 6.0\apache\apache.exe |
"UDP Query User{E7E5D31B-6D42-41AD-A16D-D6C31DE1C235}E:\setup.exe" = protocol=17 | dir=in | app=e:\setup.exe |
"UDP Query User{FECA17D4-82E4-41A0-ADB6-FE99D21A6BF7}C:\users\*\appdata\local\data becker\web to date 7.0\apache\apache.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\data becker\web to date 7.0\apache\apache.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0ED47137-C071-46CC-A243-E5E33271E10E}" = Windows Live Sign-in Assistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DDB7A5-00A9-96D3-AF53-AF143CE29CD1}" = Catalyst Control Center InstallProxy
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 25
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{432DEFB9-9C74-A859-1B66-F67530CF1D33}" = Catalyst Control Center Localization German
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73EBF259-D41F-3517-78C6-29F335BD252B}" = Skins
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7AEBD87F-7818-2C67-F0F5-822E0260D002}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{98129815-2DEB-7E30-8105-65CC9D0E3F0D}" = ccc-utility
"{9992BAC0-E57C-1BBB-8391-3DEC5BFC025B}" = ATI Catalyst Install Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK Wireless LAN Driver and Utility
"{9E752ADC-4903-E12F-8843-743A78CD3CBB}" = ccc-core-static
"{9F9D923C-8BF4-859A-853A-7C4299FD98DD}" = Catalyst Control Center Core Implementation
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BF8DC7F0-DB69-5F15-4871-5B38C95410EA}" = Catalyst Control Center Graphics Light
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1D1D5FE-AF9E-9150-1493-C76A81A69FEE}" = Catalyst Control Center Graphics Full Existing
"{D66BDB75-FBB8-4B4E-5379-B17E7EBD7B1A}" = CCC Help English
"{DC344C96-0A5D-65C7-F0D3-CCBA48DDA190}" = CCC Help German
"{E37C6398-2D75-6EF3-FA55-CF4B92371940}" = Catalyst Control Center Graphics Previews Vista
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"HFRS_is1" = Trend Micro SafeSync
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"Mozilla Thunderbird (6.0.1)" = Mozilla Thunderbird (6.0.1)
"NVIDIA Drivers" = NVIDIA Drivers
"Plugin Marketing Booster_is1" = DATA BECKER Plugin Marketing Booster
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"Recuva" = Recuva
"Samsung CLP-320 Series" = Wartung Samsung CLP-320 Series
"SEO Traffic-Booster_is1" = DATA BECKER SEO Traffic-Booster
"shop to date 6.0 pro MultiUser_is1" = DATA BECKER shop to date 6.0 pro MultiUser
"shop to date 7 pro MultiUser_is1" = DATA BECKER shop to date 7 pro MultiUser
"uninstall.exe" = iLinc Client
"VLC media player" = VLC media player 1.0.5
"web2date" = DATA BECKER shop to date 5
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.11.2011 06:22:29 | Computer Name = *-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.11.2011 06:24:21 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.11.2011 06:24:21 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.11.2011 06:24:25 | Computer Name = *-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.11.2011 06:24:37 | Computer Name = *-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.3.0, Zeitstempel
 0x47c6bd1b, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x17271727,  Prozess-ID 0x5a8, Anwendungsstartzeit
 01cca2b793788352.
 
Error - 14.11.2011 06:31:01 | Computer Name = *-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 14.11.2011 06:31:08 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.11.2011 06:31:08 | Computer Name = *-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 14.11.2011 06:34:07 | Computer Name = *-PC | Source = EventSystem | ID = 4609
Description =
 
Error - 14.11.2011 06:34:13 | Computer Name = *-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 01.07.2010 05:27:00 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2779
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 30.07.2010 07:30:14 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9923
 seconds with 780 seconds of active time.  This session ended with a crash.
 
Error - 01.09.2010 06:49:56 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3039
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2010 04:56:25 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1326
 seconds with 1200 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2010 08:43:22 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 13569
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 30.09.2010 08:46:30 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6923
 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error - 04.10.2010 04:56:01 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3401
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 12.10.2010 02:38:50 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 820
 seconds with 540 seconds of active time.  This session ended with a crash.
 
Error - 26.10.2010 08:51:00 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6441
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 28.10.2010 04:55:04 | Computer Name = *-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6405
 seconds with 420 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.11.2011 06:33:38 | Computer Name = *-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 14.11.2011 um 11:32:02 unerwartet heruntergefahren.
 
Error - 14.11.2011 06:34:00 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description =
 
Error - 14.11.2011 06:33:59 | Computer Name = *-PC | Source = netbt | ID = 4321
Description = Der Name "*-PC      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.119  registriert werden. Der Computer mit IP-Adresse 192.168.2.102
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.11.2011 06:33:59 | Computer Name = *-PC | Source = netbt | ID = 4321
Description = Der Name "*-PC      :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.2.119  registriert werden. Der Computer mit IP-Adresse 192.168.2.102
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 14.11.2011 06:34:07 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description =
 
Error - 14.11.2011 06:34:08 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description =
 
Error - 14.11.2011 06:34:09 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description =
 
Error - 14.11.2011 06:34:10 | Computer Name = *-PC | Source = DCOM | ID = 10005
Description =
 
Error - 14.11.2011 06:34:14 | Computer Name = *-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 14.11.2011 06:34:14 | Computer Name = *-PC | Source = Service Control Manager | ID = 7026
Description =
 
[ TuneUp Events ]
Error - 10.10.2011 07:49:55 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-10 13:49:55', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5388',0)
 
Error - 12.10.2011 04:11:56 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-12 10:11:56', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3732',0)
 
Error - 12.10.2011 04:43:09 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-12 10:43:09', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5016',0)
 
Error - 12.10.2011 05:07:16 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-12 11:07:16', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','5580',0)
 
Error - 12.10.2011 07:35:27 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-12 13:35:27', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3844',0)
 
Error - 14.10.2011 04:19:58 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-14 10:19:58', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','4260',0)
 
Error - 14.10.2011 04:20:13 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-14 10:20:13', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','2988',0)
 
Error - 18.10.2011 08:41:59 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-18 14:41:59', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3736',0)
 
Error - 19.10.2011 02:31:04 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-19 08:31:04', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3060',0)
 
Error - 26.10.2011 08:29:43 | Computer Name = *-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-10-26 14:29:43', '\device\harddiskvolume1\program
 files\malwarebytes' anti-malware\mbam.exe','3172',0)
 
 
< End of report >
Code:
OTL logfile created on: 14.11.2011 11:51:47 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 78,97% Memory free
6,20 Gb Paging File | 5,79 Gb Available in Paging File | 93,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,61 Gb Total Space | 406,05 Gb Free Space | 70,42% Space Free | Partition Type: NTFS
Drive D: | 19,55 Gb Total Space | 13,33 Gb Free Space | 68,19% Space Free | Partition Type: FAT32
 
Computer Name: *-PC | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.14 11:49:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.01 18:12:42 | 003,730,192 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro SafeSync\hrfscore.exe -- (OnlineStorageService)
SRV - [2011.07.04 19:11:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 08:06:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 14:12:56 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2011.03.01 14:12:56 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.10.13 21:03:54 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) [Auto | Stopped] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.07.10 11:23:54 | 000,036,864 | ---- | M] (Realtek) [Auto | Stopped] -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.01 18:20:10 | 000,143,120 | ---- | M] (Trend Micro Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hrfsmrx.sys -- (hrfsmrx)
DRV - [2011.07.04 19:11:48 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 19:11:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.03.10 09:33:48 | 000,526,848 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.09.10 08:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.06.09 12:04:48 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.13 05:41:54 | 004,179,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.09.05 01:01:00 | 000,419,328 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2008.09.05 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.09.05 01:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007.11.17 19:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.12 15:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: foxyseotool@foxyseotool.com:0.8.4
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: senseo@nico*er.de:1.4.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.6
FF - prefs.js..extensions.enabledItems: seoquake-plugin-seolinx@seoquake.com:1.0.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.06 11:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.06 10:46:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.04 18:33:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
 
[2010.11.18 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2010.11.18 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.05 10:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.11.11 09:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions
[2010.10.29 09:09:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.25 09:21:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009.10.08 11:02:24 | 000,000,000 | ---D | M] (RankQuest SEO Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{556d6eb2-aed0-4a4c-98a0-6f1dd597b98b}
[2011.10.06 11:35:55 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2009.10.08 11:05:05 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2011.05.20 10:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.20 10:18:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2011.05.20 10:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.20 10:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\FOXYSEOTOOL@FOXYSEOTOOL.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\SENSEO@NICO*ER.DE.XPI
[2011.10.06 11:35:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.05.30 00:20:07 | 000,535,840 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInstall.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.06 11:35:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 11:35:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.06 11:35:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 11:35:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 11:35:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 11:35:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 10.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInstall.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://ips.poi.de/ips-opdata/operator/69189345/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{389EAD2B-CB3B-4DBE-AF76-B4DDA96042D2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{676F61E6-2878-4DB0-9FC3-602069A8F55B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{754E2F00-44F8-4003-A773-0E2976769286}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAD0C66-3017-4A6F-B0FC-39D80FB40CD4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9067AE95-3FC3-4C5A-A0DB-3AB697C7FD83}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914E0EA0-B606-40E8-BACC-BAC20B424978}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC299F6F-9EAA-4D25-9CE3-E963A17F1F3B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C47FD66D-8815-4180-BD75-9F637405777B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.14 11:49:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2011.11.14 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.11.10 13:53:35 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Facility
[2011.11.01 10:01:35 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Timelines
[2011.10.25 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Legionellen
[2011.10.17 09:42:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.17 09:42:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.17 09:42:12 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.10.17 09:42:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.17 09:42:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[1 C:\Users\*\AppData\Local\*.tmp files -> C:\Users\*\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.14 11:49:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2011.11.14 11:47:09 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\udnnl.sys
[2011.11.14 11:38:27 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.14 11:38:27 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.14 11:38:27 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.14 11:38:27 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.14 11:33:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.14 11:30:40 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.11.14 11:30:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.14 11:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.14 11:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.14 11:28:03 | 000,000,440 | -H-- | M] () -- C:\ProgramData\oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,613 | ---- | M] () -- C:\Users\*\Desktop\System Restore.lnk
[2011.11.14 11:25:11 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 10:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.14 10:42:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000UA.job
[2011.11.10 13:54:23 | 000,040,448 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.10 08:42:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000Core.job
[2011.10.27 08:44:28 | 000,004,096 | -H-- | M] () -- C:\Users\Public\Documents\0000055F.LCS
[2011.10.21 17:40:39 | 080,464,399 | ---- | M] () -- C:\Users\*\Documents\gynefix herstellerseite neu 21_10_2011 18_40_31.w2b
[2011.10.20 15:43:17 | 000,023,921 | ---- | M] () -- C:\Users\*\Desktop\google36afa2453f3593ee.html
[2011.10.17 14:03:50 | 000,359,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\*\AppData\Local\*.tmp files -> C:\Users\*\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.14 11:47:09 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\udnnl.sys
[2011.11.14 11:25:11 | 000,000,613 | ---- | C] () -- C:\Users\*\Desktop\System Restore.lnk
[2011.11.14 11:25:11 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 11:24:57 | 000,000,440 | -H-- | C] () -- C:\ProgramData\oRf1rBdMoFDJPb
[2011.10.21 17:40:38 | 080,464,399 | ---- | C] () -- C:\Users\*\Documents\gynefix herstellerseite neu 21_10_2011 18_40_31.w2b
[2011.10.20 15:43:16 | 000,023,921 | ---- | C] () -- C:\Users\*\Desktop\google36afa2453f3593ee.html
[2011.09.28 12:42:00 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Local\{028D49B7-4ABC-43E5-985D-38B5923CD516}
[2011.09.27 07:03:33 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.06.21 06:42:38 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.05.20 10:55:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.20 10:55:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.10 09:34:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.01.20 10:19:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.09 07:50:56 | 000,007,512 | ---- | C] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2010.04.21 08:34:45 | 000,015,917 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2009.08.28 07:35:23 | 000,000,176 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009.07.28 19:38:04 | 000,040,448 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.03 13:28:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.06.09 11:58:22 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
[2009.06.09 11:58:21 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009.06.09 11:58:21 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009.06.05 15:49:15 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.06.05 14:37:12 | 011,206,656 | R--- | C] () -- C:\Windows\System32\zhhp_res.dll
[2009.06.05 14:37:12 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agissi.dll
[2009.06.05 14:37:12 | 000,348,160 | R--- | C] () -- C:\Windows\System32\zshp2600.exe
[2009.06.05 14:37:12 | 000,299,008 | R--- | C] () -- C:\Windows\System32\zhhp2600.exe
[2009.06.05 13:09:03 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.01.06 19:15:52 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.01.06 19:15:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.01.06 19:15:52 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.01.06 19:15:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.01.06 11:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.01.06 11:00:22 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.01.06 11:00:22 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.01.06 11:00:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.01.06 11:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.01.06 11:00:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009.01.06 10:26:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:24:13 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,359,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.10.15 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch GelbeSeiten Map&Route
[2010.06.07 14:28:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FRITZ!
[2011.10.06 11:15:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ProtectDisc
[2010.11.18 11:08:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2010.02.08 09:34:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2009.10.15 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TVG
[2009.07.11 14:41:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
[2011.11.14 11:30:40 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.11.14 11:29:02 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.17 10:32:53 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E06AF3D3-5AFE-464C-84A3-8485B5260C55}.job
 
========== Purity Check ==========
 
 

< End of report >
Defogger:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:00 on 14/11/2011 (Reblu)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

GMER:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-14 12:42:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000056 WDC_WD64 rev.05.0
Running: knnmbkcs.exe; Driver: C:\Users\*\AppData\Local\Temp\pwlorpod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                                                                                      fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay coffret PERSONA découvrez vos jours de fertilité (Artikel 160000674781 endet 29_06_06 181745 MESZ)-Dateien\CADERLXU-Dateien        0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay coffret PERSONA découvrez vos jours de fertilité (Artikel 160000674781 endet 29_06_06 181745 MESZ)-Dateien\eBayISAPI-Dateien      0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay Monitor Persona come nuovo Mai Usato Test Ovulazione (Artikel 7775845278 endet 27_06_06 163044 MESZ)-Dateien\CAFNDE8X-Dateien      0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay Monitor Persona come nuovo Mai Usato Test Ovulazione (Artikel 7775845278 endet 27_06_06 163044 MESZ)-Dateien\eBayISAPI-Dateien    0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay persona - contraccettivo naturale - controllo fertilità (Artikel 9531881472 endet 26_06_06 134950 MESZ)-Dateien\CAQZZZNW-Dateien  0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay persona - contraccettivo naturale - controllo fertilità (Artikel 9531881472 endet 26_06_06 134950 MESZ)-Dateien\eBayISAPI-Dateien  0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA - Sistema di contaccezione naturale (Artikel 130012277600 endet 09_08_06 235240 MESZ)-Dateien\CAMGUBYD-Dateien            0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA - Sistema di contaccezione naturale (Artikel 130012277600 endet 09_08_06 235240 MESZ)-Dateien\eBayISAPI-Dateien            0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA CONTRACCETTIVO NATURALE - CONTROLLO FERTILITÀ (Artikel 180001841273 endet 06_07_06 132912 MESZ)-Dateien\CA3ZTSAX-Dateien  0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA CONTRACCETTIVO NATURALE - CONTROLLO FERTILITÀ (Artikel 180001841273 endet 06_07_06 132912 MESZ)-Dateien\eBayISAPI-Dateien  0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay coffret PERSONA découvrez vos jours de fertilité (Artikel 160000674781 endet 29_06_06 181745 MESZ)-Dateien\CADERLXU-Dateien            0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay coffret PERSONA découvrez vos jours de fertilité (Artikel 160000674781 endet 29_06_06 181745 MESZ)-Dateien\eBayISAPI-Dateien            0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay Monitor Persona come nuovo Mai Usato Test Ovulazione (Artikel 7775845278 endet 27_06_06 163044 MESZ)-Dateien\CAFNDE8X-Dateien          0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay Monitor Persona come nuovo Mai Usato Test Ovulazione (Artikel 7775845278 endet 27_06_06 163044 MESZ)-Dateien\eBayISAPI-Dateien          0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay persona - contraccettivo naturale - controllo fertilità (Artikel 9531881472 endet 26_06_06 134950 MESZ)-Dateien\CAQZZZNW-Dateien        0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay persona - contraccettivo naturale - controllo fertilità (Artikel 9531881472 endet 26_06_06 134950 MESZ)-Dateien\eBayISAPI-Dateien      0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA CONTRACCETTIVO NATURALE - CONTROLLO FERTILITÀ (Artikel 180001841273 endet 06_07_06 132912 MESZ)-Dateien\CA3ZTSAX-Dateien        0 bytes
File            C:\Users\*\AppData\Local\Trend Micro\OSDP\*@*.de\root\Festplatte\Externe Festplatte H\Ebay\gespeicherte Ebay-Angebote\Persona\eBay PERSONA CONTRACCETTIVO NATURALE - CONTROLLO FERTILITÀ (Artikel 180001841273 endet 06_07_06 132912 MESZ)-Dateien\eBayISAPI-Dateien      0 bytes

---- EOF - GMER 1.0.15 ----

cosinus 14.11.2011 15:20
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Blumenwiese 15.11.2011 08:20
Hallo,

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8160

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

14.11.2011 16:46:44
mbam-log-2011-11-14 (16-46-44).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 399134
Laufzeit: 1 Stunde(n), 19 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7ca3c9cca1a31c46885d44ee0ad86604
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-14 04:32:54
# local_time=2011-11-14 05:32:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 18653 96177592 19186 0
# compatibility_mode=5892 16776573 100 100 13431 158813756 0 0
# compatibility_mode=8192 67108863 100 0 3700 3700 0 0
# scanned=220420
# found=3
# cleaned=0
# scan_time=7346
C:\Program Files\pdfforge Toolbar\SearchSettings.exe        Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I
C:\Users\*\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\57c430d-34fda5a5        Win32/TrojanDownloader.Small.PHM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\*\Downloads\SoftonicDownloader_fuer_recuva.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

cosinus 15.11.2011 09:33
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Blumenwiese 15.11.2011 10:17
OTL Logfile:
Code:
OTL logfile created on: 15.11.2011 09:54:28 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\*\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 81,87% Memory free
6,19 Gb Paging File | 5,85 Gb Available in Paging File | 94,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,61 Gb Total Space | 405,56 Gb Free Space | 70,34% Space Free | Partition Type: NTFS
Drive D: | 19,55 Gb Total Space | 13,33 Gb Free Space | 68,19% Space Free | Partition Type: FAT32
 
Computer Name: *-PC | User Name: * | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.14 11:49:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.01 18:12:42 | 003,730,192 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro SafeSync\hrfscore.exe -- (OnlineStorageService)
SRV - [2011.07.04 19:11:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.29 08:06:19 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 14:12:56 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2011.03.01 14:12:56 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.16 12:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.10.13 21:03:54 | 000,187,456 | -H-- | M] (DATA BECKER GmbH & Co KG) [Auto | Stopped] -- C:\Program Files\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2009.07.10 11:23:54 | 000,036,864 | ---- | M] (Realtek) [Auto | Stopped] -- C:\Program Files\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.01 18:20:10 | 000,143,120 | ---- | M] (Trend Micro Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hrfsmrx.sys -- (hrfsmrx)
DRV - [2011.07.04 19:11:48 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.04 19:11:48 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.03.10 09:33:48 | 000,526,848 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192su.sys -- (RTL8192su)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.09.10 08:50:11 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.06.09 12:04:48 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.13 05:41:54 | 004,179,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.09.05 01:01:00 | 000,419,328 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV - [2008.09.05 01:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008.09.05 01:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmeject.sys -- (avmeject)
DRV - [2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007.11.17 19:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.12 15:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: foxyseotool@foxyseotool.com:0.8.4
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: senseo@nicosteiner.de:1.4.3
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.6
FF - prefs.js..extensions.enabledItems: seoquake-plugin-seolinx@seoquake.com:1.0.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.06 11:35:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.06 10:46:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.04 18:33:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
 
[2010.11.18 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions
[2010.11.18 11:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.05 10:20:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.11.11 09:34:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions
[2010.10.29 09:09:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.25 09:21:25 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009.10.08 11:02:24 | 000,000,000 | ---D | M] (RankQuest SEO Toolbar) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{556d6eb2-aed0-4a4c-98a0-6f1dd597b98b}
[2011.10.06 11:35:55 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2009.10.08 11:05:05 | 000,000,000 | ---D | M] (SeoQuake Plugin - Seolinx) -- C:\Users\*\AppData\Roaming\mozilla\Firefox\Profiles\v1uhkq63.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2011.05.20 10:42:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.20 10:18:18 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2011.05.20 10:37:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.20 10:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\FOXYSEOTOOL@FOXYSEOTOOL.COM.XPI
() (No name found) -- C:\USERS\*\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\V1UHKQ63.DEFAULT\EXTENSIONS\SENSEO@NICOSTEINER.DE.XPI
[2011.10.06 11:35:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.05.30 00:20:07 | 000,535,840 | ---- | M] (iLinc Communications, Inc.) -- C:\Program Files\mozilla firefox\plugins\NPCltInstall.dll
[2011.04.14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.06 11:35:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 11:35:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.06 11:35:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 11:35:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 11:35:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 11:35:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: iLinc Communications Netscape/Mozilla Install Plugin v 10.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCltInstall.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://ips.poi.de/ips-opdata/operator/69189345/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{389EAD2B-CB3B-4DBE-AF76-B4DDA96042D2}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{676F61E6-2878-4DB0-9FC3-602069A8F55B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{754E2F00-44F8-4003-A773-0E2976769286}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FAD0C66-3017-4A6F-B0FC-39D80FB40CD4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9067AE95-3FC3-4C5A-A0DB-3AB697C7FD83}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{914E0EA0-B606-40E8-BACC-BAC20B424978}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC299F6F-9EAA-4D25-9CE3-E963A17F1F3B}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C47FD66D-8815-4180-BD75-9F637405777B}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.14 17:22:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.11.14 15:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.14 11:49:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2011.11.14 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.11.10 13:53:35 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Facility
[2011.11.01 10:01:35 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Timelines
[2011.10.25 14:34:29 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Legionellen
[1 C:\Users\*\AppData\Local\*.tmp files -> C:\Users\*\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.15 08:09:38 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.15 08:09:38 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.15 08:09:38 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.15 08:09:38 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.15 08:05:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.14 17:22:06 | 000,007,512 | ---- | M] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2011.11.14 12:01:29 | 000,302,592 | ---- | M] () -- C:\Users\*\Desktop\knnmbkcs.exe
[2011.11.14 11:59:33 | 000,000,000 | ---- | M] () -- C:\Users\*\defogger_reenable
[2011.11.14 11:59:04 | 000,050,477 | ---- | M] () -- C:\Users\*\Desktop\Defogger.exe
[2011.11.14 11:49:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2011.11.14 11:30:40 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.11.14 11:30:39 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.14 11:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.14 11:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.14 11:28:03 | 000,000,440 | -H-- | M] () -- C:\ProgramData\oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,613 | ---- | M] () -- C:\Users\*\Desktop\System Restore.lnk
[2011.11.14 11:25:11 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | M] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 10:47:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.14 10:42:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000UA.job
[2011.11.10 13:54:23 | 000,040,448 | ---- | M] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.10 08:42:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000Core.job
[2011.10.27 08:44:28 | 000,004,096 | -H-- | M] () -- C:\Users\Public\Documents\0000055F.LCS
[2011.10.21 17:40:39 | 080,464,399 | ---- | M] () -- C:\Users\*\Documents\gynefix herstellerseite neu 21_10_2011 18_40_31.w2b
[2011.10.20 15:43:17 | 000,023,921 | ---- | M] () -- C:\Users\*\Desktop\google36afa2453f3593ee.html
[2011.10.17 14:03:50 | 000,359,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\*\AppData\Local\*.tmp files -> C:\Users\*\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.14 12:01:29 | 000,302,592 | ---- | C] () -- C:\Users\*\Desktop\knnmbkcs.exe
[2011.11.14 11:59:33 | 000,000,000 | ---- | C] () -- C:\Users\*\defogger_reenable
[2011.11.14 11:59:13 | 000,050,477 | ---- | C] () -- C:\Users\*\Desktop\Defogger.exe
[2011.11.14 11:25:11 | 000,000,613 | ---- | C] () -- C:\Users\*\Desktop\System Restore.lnk
[2011.11.14 11:25:11 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 11:24:57 | 000,000,440 | -H-- | C] () -- C:\ProgramData\oRf1rBdMoFDJPb
[2011.10.21 17:40:38 | 080,464,399 | ---- | C] () -- C:\Users\*\Documents\gynefix herstellerseite neu 21_10_2011 18_40_31.w2b
[2011.10.20 15:43:16 | 000,023,921 | ---- | C] () -- C:\Users\*\Desktop\google36afa2453f3593ee.html
[2011.09.28 12:42:00 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Local\{028D49B7-4ABC-43E5-985D-38B5923CD516}
[2011.09.27 07:03:33 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.06.21 06:42:38 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011.05.20 10:55:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.20 10:55:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.10 09:34:24 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.01.20 10:19:26 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.09 07:50:56 | 000,007,512 | ---- | C] () -- C:\Users\*\AppData\Local\d3d9caps.dat
[2010.04.21 08:34:45 | 000,015,917 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin
[2009.08.28 07:35:23 | 000,000,176 | ---- | C] () -- C:\Windows\hpntwksetup.ini
[2009.07.28 19:38:04 | 000,040,448 | ---- | C] () -- C:\Users\*\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.03 13:28:59 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.06.09 11:58:22 | 000,016,070 | ---- | C] () -- C:\Windows\German2.ini
[2009.06.09 11:58:21 | 000,446,464 | ---- | C] () -- C:\Windows\System32\Tx32.dll
[2009.06.09 11:58:21 | 000,000,151 | ---- | C] () -- C:\Windows\System32\ic32.ini
[2009.06.05 15:49:15 | 000,097,360 | ---- | C] () -- C:\Windows\System32\drivers\Fwusb1b.bin
[2009.06.05 14:37:12 | 011,206,656 | R--- | C] () -- C:\Windows\System32\zhhp_res.dll
[2009.06.05 14:37:12 | 000,749,568 | R--- | C] () -- C:\Windows\System32\agissi.dll
[2009.06.05 14:37:12 | 000,348,160 | R--- | C] () -- C:\Windows\System32\zshp2600.exe
[2009.06.05 14:37:12 | 000,299,008 | R--- | C] () -- C:\Windows\System32\zhhp2600.exe
[2009.06.05 13:09:03 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.01.06 19:15:52 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.01.06 19:15:52 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.01.06 19:15:52 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.01.06 19:15:52 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.01.06 11:32:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.01.06 11:00:22 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.01.06 11:00:22 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.01.06 11:00:22 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.01.06 11:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.01.06 11:00:22 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009.01.06 10:26:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:24:13 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,359,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.10.15 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch GelbeSeiten Map&Route
[2010.06.07 14:28:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FRITZ!
[2011.10.06 11:15:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ProtectDisc
[2010.11.18 11:08:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2010.02.08 09:34:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2009.10.15 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TVG
[2009.07.11 14:41:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
[2011.11.14 11:30:40 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.11.14 11:29:02 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.17 10:32:53 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E06AF3D3-5AFE-464C-84A3-8485B5260C55}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.07.11 09:44:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Adobe
[2010.02.10 14:02:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Apple Computer
[2009.06.05 13:26:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ATI
[2011.07.14 08:00:43 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Avira
[2009.06.17 20:27:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Corel
[2009.10.15 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DasTelefonbuch GelbeSeiten Map&Route
[2011.04.21 08:16:36 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\dvdcss
[2010.06.07 14:28:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FRITZ!
[2009.06.16 10:28:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Google
[2009.06.05 13:26:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Identities
[2009.06.05 13:26:19 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Macromedia
[2011.05.20 09:16:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Media Center Programs
[2011.01.26 09:56:08 | 000,000,000 | --SD | M] -- C:\Users\*\AppData\Roaming\Microsoft
[2009.06.16 13:38:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Mozilla
[2009.07.07 10:50:14 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Nero
[2011.10.06 11:15:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\ProtectDisc
[2011.11.03 15:31:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Skype
[2011.11.03 12:38:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\skypePM
[2010.11.18 11:08:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird
[2010.02.08 09:34:50 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TuneUp Software
[2009.10.15 17:29:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TVG
[2010.05.17 21:17:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\U3
[2011.11.11 12:05:15 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\vlc
[2010.05.17 12:39:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\WinRAR
[2009.07.11 14:41:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Zeiterfassung.6E382B54F302B7E9C6B2FE0F7306F12B647405FB.1
 
< %APPDATA%\*.exe /s >
[2009.07.22 16:28:36 | 000,477,976 | ---- | M] (Protect GmbH) -- C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe
[2011.03.24 17:27:39 | 000,059,043 | ---- | M] () -- C:\Users\*\AppData\Roaming\ProtectDisc\License Helper v2\uninst.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\*\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\*\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\drivers\nvstor32.sys
[2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_933da2ea\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---

cosinus 15.11.2011 11:41
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.07.03 13:29:44 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\Shell\AutoRun\command - "" = I:\pushinst.exe
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell - "" = AutoRun
O33 - MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\Shell\AutoRun\command - "" = F:\pushinst.exe
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pushinst.exe
[2011.11.14 11:25:11 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPb
[2011.11.14 11:25:11 | 000,000,208 | -H-- | C] () -- C:\ProgramData\~oRf1rBdMoFDJPbr
[2011.11.14 11:24:57 | 000,000,440 | -H-- | C] () -- C:\ProgramData\oRf1rBdMoFDJPb
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Blumenwiese 15.11.2011 13:10
Hallo cosinus,

nach dem Fix hat sich keine Log-Datei geöffnet und ich hatte nur noch die Möglichkeit für einen Neustart und die OTL.txt auf dem Desktop ist die, die ich vormals gepostet hatte.

Ist die irgendwo archiviert oder können wir auch so weiter machen?

cosinus 15.11.2011 13:31
Schau in den Ordner C:\_OTL nach

Blumenwiese 15.11.2011 13:40
Code:
All processes killed
========== OTL ==========
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale\EN-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\COMPONENTS folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE\EN-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\LOCALE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME\CONTENT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com\CHROME folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00f6fecb-1ca6-11df-adc2-806e6f6e6963}\ not found.
File I:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{088d9884-a746-11de-a692-002185c49f05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{088d9884-a746-11de-a692-002185c49f05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{088d9884-a746-11de-a692-002185c49f05}\ not found.
File F:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0db6c9d7-51c9-11de-8a4d-806e6f6e6963}\ not found.
File I:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80d15e22-71d9-11de-b623-002185c49f05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80d15e22-71d9-11de-b623-002185c49f05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80d15e22-71d9-11de-b623-002185c49f05}\ not found.
File G:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97f527cc-ecd4-11df-b06b-002185c49f05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97f527cc-ecd4-11df-b06b-002185c49f05}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97f527cc-ecd4-11df-b06b-002185c49f05}\ not found.
File F:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4011230-4d15-11df-ac73-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d4011230-4d15-11df-ac73-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4011230-4d15-11df-ac73-806e6f6e6963}\ not found.
File G:\pushinst.exe not found.
C:\ProgramData\~oRf1rBdMoFDJPb moved successfully.
C:\ProgramData\~oRf1rBdMoFDJPbr moved successfully.
C:\ProgramData\oRf1rBdMoFDJPb moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 83 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 748874162 bytes
->Temporary Internet Files folder emptied: 7211374 bytes
->FireFox cache emptied: 46797725 bytes
->Flash cache emptied: 1855 bytes
 
User: Gast Shop2Date
->Temp folder emptied: 763393363 bytes
->Temporary Internet Files folder emptied: 24412210 bytes
->FireFox cache emptied: 173867923 bytes
->Flash cache emptied: 6761 bytes
 
User: Public
 
User: *
->Temp folder emptied: 4387377 bytes
->Temporary Internet Files folder emptied: 984307209 bytes
->Java cache emptied: 20581789 bytes
->FireFox cache emptied: 231710870 bytes
->Google Chrome cache emptied: 143776119 bytes
->Flash cache emptied: 63624 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6238058 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.009,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11152011_115238

cosinus 15.11.2011 13:59
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Blumenwiese 15.11.2011 14:24
Code:
14:20:55.0081 0692        TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
14:20:55.0223 0692        ============================================================
14:20:55.0223 0692        Current date / time: 2011/11/15 14:20:55.0223
14:20:55.0223 0692        SystemInfo:
14:20:55.0223 0692       
14:20:55.0223 0692        OS Version: 6.0.6002 ServicePack: 2.0
14:20:55.0223 0692        Product type: Workstation
14:20:55.0223 0692        ComputerName: *-PC
14:20:55.0224 0692        UserName: *
14:20:55.0224 0692        Windows directory: C:\Windows
14:20:55.0224 0692        System windows directory: C:\Windows
14:20:55.0224 0692        Processor architecture: Intel x86
14:20:55.0224 0692        Number of processors: 4
14:20:55.0224 0692        Page size: 0x1000
14:20:55.0224 0692        Boot type: Safe boot with network
14:20:55.0224 0692        ============================================================
14:20:55.0693 0692        Initialize success
14:21:57.0900 1008        ============================================================
14:21:57.0900 1008        Scan started
14:21:57.0900 1008        Mode: Manual; SigCheck; TDLFS;
14:21:57.0900 1008        ============================================================
14:21:58.0924 1008        ACEDRV09        (ec818aed40e3359fe49ddb1700151e56) C:\Windows\system32\drivers\ACEDRV09.sys
14:21:59.0101 1008        ACEDRV09 - ok
14:21:59.0229 1008        acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
14:21:59.0242 1008        acedrv11 - ok
14:21:59.0273 1008        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:21:59.0288 1008        ACPI - ok
14:21:59.0361 1008        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
14:21:59.0379 1008        adp94xx - ok
14:21:59.0405 1008        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
14:21:59.0420 1008        adpahci - ok
14:21:59.0447 1008        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
14:21:59.0458 1008        adpu160m - ok
14:21:59.0476 1008        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
14:21:59.0487 1008        adpu320 - ok
14:21:59.0559 1008        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:21:59.0655 1008        AFD - ok
14:21:59.0697 1008        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
14:21:59.0707 1008        agp440 - ok
14:21:59.0751 1008        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:21:59.0760 1008        aic78xx - ok
14:21:59.0809 1008        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
14:21:59.0817 1008        aliide - ok
14:21:59.0875 1008        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
14:21:59.0884 1008        amdagp - ok
14:21:59.0930 1008        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
14:21:59.0939 1008        amdide - ok
14:21:59.0978 1008        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
14:22:00.0123 1008        AmdK7 - ok
14:22:00.0157 1008        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
14:22:00.0217 1008        AmdK8 - ok
14:22:00.0249 1008        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
14:22:00.0259 1008        arc - ok
14:22:00.0297 1008        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
14:22:00.0306 1008        arcsas - ok
14:22:00.0329 1008        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:22:00.0369 1008        AsyncMac - ok
14:22:00.0428 1008        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:22:00.0438 1008        atapi - ok
14:22:00.0545 1008        atikmdag        (7fe1176c2d6031d914ca8e69c0047f18) C:\Windows\system32\DRIVERS\atikmdag.sys
14:22:01.0112 1008        atikmdag - ok
14:22:01.0212 1008        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
14:22:01.0219 1008        avgio - ok
14:22:01.0307 1008        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
14:22:01.0314 1008        avgntflt - ok
14:22:01.0362 1008        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
14:22:01.0371 1008        avipbb - ok
14:22:01.0445 1008        avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\Windows\system32\drivers\avmeject.sys
14:22:01.0467 1008        avmeject ( UnsignedFile.Multi.Generic ) - warning
14:22:01.0467 1008        avmeject - detected UnsignedFile.Multi.Generic (1)
14:22:01.0520 1008        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:22:01.0549 1008        Beep - ok
14:22:01.0681 1008        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
14:22:01.0716 1008        blbdrive - ok
14:22:01.0799 1008        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:22:01.0851 1008        bowser - ok
14:22:01.0887 1008        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:22:02.0007 1008        BrFiltLo - ok
14:22:02.0068 1008        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:22:02.0101 1008        BrFiltUp - ok
14:22:02.0135 1008        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:22:02.0287 1008        Brserid - ok
14:22:02.0314 1008        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:22:02.0378 1008        BrSerWdm - ok
14:22:02.0491 1008        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:22:02.0580 1008        BrUsbMdm - ok
14:22:02.0606 1008        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:22:02.0681 1008        BrUsbSer - ok
14:22:02.0732 1008        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:22:02.0777 1008        BTHMODEM - ok
14:22:02.0800 1008        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:22:02.0859 1008        cdfs - ok
14:22:02.0876 1008        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:22:02.0894 1008        cdrom - ok
14:22:02.0926 1008        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
14:22:02.0959 1008        circlass - ok
14:22:02.0981 1008        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:22:02.0995 1008        CLFS - ok
14:22:03.0080 1008        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
14:22:03.0088 1008        cmdide - ok
14:22:03.0129 1008        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
14:22:03.0139 1008        Compbatt - ok
14:22:03.0161 1008        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
14:22:03.0171 1008        crcdisk - ok
14:22:03.0188 1008        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
14:22:03.0249 1008        Crusoe - ok
14:22:03.0413 1008        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:22:03.0446 1008        DfsC - ok
14:22:03.0515 1008        DgiVecp - ok
14:22:03.0549 1008        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:22:03.0561 1008        disk - ok
14:22:03.0691 1008        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:22:03.0771 1008        drmkaud - ok
14:22:03.0855 1008        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:22:03.0945 1008        DXGKrnl - ok
14:22:04.0065 1008        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:22:04.0215 1008        E1G60 - ok
14:22:04.0363 1008        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:22:04.0374 1008        Ecache - ok
14:22:04.0564 1008        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
14:22:04.0580 1008        elxstor - ok
14:22:04.0737 1008        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
14:22:04.0807 1008        ErrDev - ok
14:22:05.0018 1008        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:22:05.0310 1008        exfat - ok
14:22:05.0481 1008        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:22:05.0511 1008        fastfat - ok
14:22:05.0677 1008        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:22:05.0714 1008        fdc - ok
14:22:05.0859 1008        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:22:05.0868 1008        FileInfo - ok
14:22:06.0022 1008        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:22:06.0068 1008        Filetrace - ok
14:22:06.0242 1008        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:22:06.0312 1008        flpydisk - ok
14:22:06.0487 1008        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:22:06.0500 1008        FltMgr - ok
14:22:06.0649 1008        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:22:06.0671 1008        Fs_Rec - ok
14:22:06.0808 1008        FWLANUSB        (ff12fa487265da2ac7de4be53f72ff1a) C:\Windows\system32\DRIVERS\fwlanusb.sys
14:22:06.0846 1008        FWLANUSB - ok
14:22:07.0048 1008        fwlanusbn      (1020078208b455e8134b584e845c6abf) C:\Windows\system32\DRIVERS\fwlanusbn.sys
14:22:07.0137 1008        fwlanusbn - ok
14:22:07.0217 1008        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
14:22:07.0226 1008        gagp30kx - ok
14:22:07.0342 1008        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:22:07.0347 1008        GEARAspiWDM - ok
14:22:07.0542 1008        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
14:22:07.0645 1008        HdAudAddService - ok
14:22:07.0818 1008        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:22:07.0882 1008        HDAudBus - ok
14:22:07.0976 1008        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:22:08.0016 1008        HidBth - ok
14:22:08.0146 1008        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:22:08.0255 1008        HidIr - ok
14:22:08.0407 1008        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:22:08.0455 1008        HidUsb - ok
14:22:08.0561 1008        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
14:22:08.0570 1008        HpCISSs - ok
14:22:08.0703 1008        hrfsmrx        (65b0826d92806c8a14caa8a2833349be) C:\Windows\System32\Drivers\hrfsmrx.sys
14:22:08.0713 1008        hrfsmrx - ok
14:22:08.0754 1008        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
14:22:08.0791 1008        HTTP - ok
14:22:08.0884 1008        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
14:22:08.0893 1008        i2omp - ok
14:22:08.0930 1008        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:22:08.0948 1008        i8042prt - ok
14:22:08.0970 1008        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
14:22:08.0982 1008        iaStorV - ok
14:22:09.0023 1008        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:22:09.0033 1008        iirsp - ok
14:22:09.0159 1008        IntcAzAudAddService (2e06052066ce4489cdfbfb8329ea52b1) C:\Windows\system32\drivers\RTKVHDA.sys
14:22:09.0319 1008        IntcAzAudAddService - ok
14:22:09.0454 1008        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
14:22:09.0462 1008        intelide - ok
14:22:09.0522 1008        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
14:22:09.0561 1008        intelppm - ok
14:22:09.0642 1008        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:22:09.0705 1008        IpFilterDriver - ok
14:22:09.0803 1008        IpInIp - ok
14:22:09.0839 1008        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
14:22:09.0862 1008        IPMIDRV - ok
14:22:09.0915 1008        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:22:09.0939 1008        IPNAT - ok
14:22:09.0984 1008        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:22:10.0021 1008        IRENUM - ok
14:22:10.0072 1008        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
14:22:10.0080 1008        isapnp - ok
14:22:10.0167 1008        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:22:10.0179 1008        iScsiPrt - ok
14:22:10.0281 1008        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:22:10.0290 1008        iteatapi - ok
14:22:10.0363 1008        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:22:10.0371 1008        iteraid - ok
14:22:10.0509 1008        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:22:10.0517 1008        kbdclass - ok
14:22:10.0636 1008        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
14:22:10.0699 1008        kbdhid - ok
14:22:10.0846 1008        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
14:22:10.0865 1008        KSecDD - ok
14:22:11.0087 1008        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:22:11.0187 1008        lltdio - ok
14:22:11.0347 1008        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
14:22:11.0357 1008        LSI_FC - ok
14:22:11.0418 1008        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
14:22:11.0427 1008        LSI_SAS - ok
14:22:11.0478 1008        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
14:22:11.0488 1008        LSI_SCSI - ok
14:22:11.0554 1008        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:22:11.0655 1008        luafv - ok
14:22:11.0783 1008        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
14:22:11.0792 1008        megasas - ok
14:22:11.0942 1008        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
14:22:11.0977 1008        MegaSR - ok
14:22:12.0115 1008        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:22:12.0157 1008        Modem - ok
14:22:12.0307 1008        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:22:12.0350 1008        monitor - ok
14:22:12.0473 1008        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:22:12.0482 1008        mouclass - ok
14:22:12.0597 1008        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:22:12.0629 1008        mouhid - ok
14:22:12.0727 1008        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:22:12.0737 1008        MountMgr - ok
14:22:12.0839 1008        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
14:22:12.0849 1008        mpio - ok
14:22:13.0004 1008        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:22:13.0082 1008        mpsdrv - ok
14:22:13.0193 1008        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:22:13.0202 1008        Mraid35x - ok
14:22:13.0246 1008        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:22:13.0321 1008        MRxDAV - ok
14:22:13.0436 1008        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:22:13.0459 1008        mrxsmb - ok
14:22:13.0584 1008        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:22:13.0612 1008        mrxsmb10 - ok
14:22:13.0732 1008        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:22:13.0744 1008        mrxsmb20 - ok
14:22:13.0898 1008        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
14:22:13.0907 1008        msahci - ok
14:22:14.0070 1008        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
14:22:14.0079 1008        msdsm - ok
14:22:14.0224 1008        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:22:14.0274 1008        Msfs - ok
14:22:14.0403 1008        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:22:14.0411 1008        msisadrv - ok
14:22:14.0534 1008        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:22:14.0602 1008        MSKSSRV - ok
14:22:14.0841 1008        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:22:14.0864 1008        MSPCLOCK - ok
14:22:14.0953 1008        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:22:14.0986 1008        MSPQM - ok
14:22:15.0076 1008        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:22:15.0089 1008        MsRPC - ok
14:22:15.0205 1008        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:22:15.0213 1008        mssmbios - ok
14:22:15.0307 1008        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:22:15.0344 1008        MSTEE - ok
14:22:15.0502 1008        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:22:15.0511 1008        Mup - ok
14:22:15.0690 1008        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:22:15.0881 1008        NativeWifiP - ok
14:22:16.0003 1008        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:22:16.0025 1008        NDIS - ok
14:22:16.0108 1008        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:22:16.0144 1008        NdisTapi - ok
14:22:16.0168 1008        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:22:16.0194 1008        Ndisuio - ok
14:22:16.0226 1008        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:22:16.0253 1008        NdisWan - ok
14:22:16.0355 1008        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:22:16.0388 1008        NDProxy - ok
14:22:16.0401 1008        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:22:16.0425 1008        NetBIOS - ok
14:22:16.0459 1008        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:22:16.0492 1008        netbt - ok
14:22:16.0532 1008        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:22:16.0540 1008        nfrd960 - ok
14:22:16.0592 1008        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:22:16.0611 1008        Npfs - ok
14:22:16.0629 1008        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:22:16.0665 1008        nsiproxy - ok
14:22:16.0737 1008        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:22:16.0885 1008        Ntfs - ok
14:22:16.0954 1008        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:22:17.0009 1008        ntrigdigi - ok
14:22:17.0031 1008        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:22:17.0062 1008        Null - ok
14:22:17.0105 1008        NVENETFD        (d668632606d1cebf0b6ec64c1df7ed6f) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:22:17.0152 1008        NVENETFD - ok
14:22:17.0207 1008        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
14:22:17.0219 1008        nvraid - ok
14:22:17.0257 1008        nvsmu          (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\DRIVERS\nvsmu.sys
14:22:17.0310 1008        nvsmu - ok
14:22:17.0328 1008        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
14:22:17.0336 1008        nvstor - ok
14:22:17.0384 1008        nvstor32        (1a649b87a7b7c1220a2b16b121f2198e) C:\Windows\system32\DRIVERS\nvstor32.sys
14:22:17.0392 1008        nvstor32 - ok
14:22:17.0440 1008        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
14:22:17.0451 1008        nv_agp - ok
14:22:17.0459 1008        NwlnkFlt - ok
14:22:17.0485 1008        NwlnkFwd - ok
14:22:17.0530 1008        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
14:22:17.0561 1008        ohci1394 - ok
14:22:17.0601 1008        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:22:17.0654 1008        Parport - ok
14:22:17.0710 1008        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:22:17.0720 1008        partmgr - ok
14:22:17.0765 1008        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:22:17.0806 1008        Parvdm - ok
14:22:17.0889 1008        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:22:17.0900 1008        pci - ok
14:22:17.0923 1008        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:22:17.0932 1008        pciide - ok
14:22:17.0993 1008        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:22:18.0004 1008        pcmcia - ok
14:22:18.0058 1008        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:22:18.0224 1008        PEAUTH - ok
14:22:18.0283 1008        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:22:18.0317 1008        PptpMiniport - ok
14:22:18.0391 1008        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
14:22:18.0413 1008        Processor - ok
14:22:18.0510 1008        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:22:18.0534 1008        PSched - ok
14:22:18.0612 1008        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
14:22:18.0949 1008        ql2300 - ok
14:22:19.0183 1008        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:22:19.0194 1008        ql40xx - ok
14:22:19.0618 1008        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:22:19.0702 1008        QWAVEdrv - ok
14:22:19.0910 1008        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:22:20.0109 1008        RasAcd - ok
14:22:20.0285 1008        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:22:20.0323 1008        Rasl2tp - ok
14:22:20.0425 1008        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:22:20.0457 1008        RasPppoe - ok
14:22:20.0694 1008        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:22:20.0705 1008        RasSstp - ok
14:22:21.0056 1008        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:22:21.0078 1008        rdbss - ok
14:22:21.0487 1008        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:22:21.0529 1008        RDPCDD - ok
14:22:21.0587 1008        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
14:22:21.0615 1008        rdpdr - ok
14:22:21.0687 1008        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:22:21.0717 1008        RDPENCDD - ok
14:22:21.0768 1008        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:22:21.0791 1008        RDPWD - ok
14:22:21.0868 1008        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:22:21.0890 1008        rspndr - ok
14:22:21.0947 1008        RTL8192su      (9b666e157b7221d64074d5726a4edf4f) C:\Windows\system32\DRIVERS\RTL8192su.sys
14:22:21.0984 1008        RTL8192su - ok
14:22:22.0023 1008        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:22:22.0032 1008        sbp2port - ok
14:22:22.0088 1008        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:22:22.0141 1008        secdrv - ok
14:22:22.0256 1008        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
14:22:22.0299 1008        Serenum - ok
14:22:22.0365 1008        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
14:22:22.0393 1008        Serial - ok
14:22:22.0462 1008        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:22:22.0536 1008        sermouse - ok
14:22:22.0693 1008        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
14:22:22.0711 1008        sffdisk - ok
14:22:22.0797 1008        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
14:22:22.0841 1008        sffp_mmc - ok
14:22:22.0973 1008        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
14:22:22.0995 1008        sffp_sd - ok
14:22:23.0130 1008        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:22:23.0185 1008        sfloppy - ok
14:22:23.0336 1008        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
14:22:23.0345 1008        sisagp - ok
14:22:23.0540 1008        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
14:22:23.0549 1008        SiSRaid2 - ok
14:22:23.0738 1008        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
14:22:23.0747 1008        SiSRaid4 - ok
14:22:23.0874 1008        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:22:23.0904 1008        Smb - ok
14:22:24.0092 1008        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:22:24.0100 1008        spldr - ok
14:22:24.0395 1008        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:22:24.0458 1008        srv - ok
14:22:24.0730 1008        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:22:24.0758 1008        srv2 - ok
14:22:24.0961 1008        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:22:24.0973 1008        srvnet - ok
14:22:25.0101 1008        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
14:22:25.0106 1008        ssmdrv - ok
14:22:25.0343 1008        SSPORT          (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
14:22:25.0405 1008        SSPORT ( UnsignedFile.Multi.Generic ) - warning
14:22:25.0405 1008        SSPORT - detected UnsignedFile.Multi.Generic (1)
14:22:25.0547 1008        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:22:25.0554 1008        swenum - ok
14:22:25.0658 1008        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:22:25.0667 1008        Symc8xx - ok
14:22:25.0796 1008        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:22:25.0804 1008        Sym_hi - ok
14:22:25.0966 1008        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:22:25.0974 1008        Sym_u3 - ok
14:22:26.0084 1008        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:22:26.0192 1008        Tcpip - ok
14:22:26.0305 1008        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:22:26.0392 1008        Tcpip6 - ok
14:22:26.0613 1008        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:22:26.0640 1008        tcpipreg - ok
14:22:26.0846 1008        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:22:26.0870 1008        TDPIPE - ok
14:22:26.0969 1008        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:22:26.0994 1008        TDTCP - ok
14:22:27.0135 1008        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:22:27.0162 1008        tdx - ok
14:22:27.0226 1008        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:22:27.0235 1008        TermDD - ok
14:22:27.0348 1008        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:22:27.0387 1008        tssecsrv - ok
14:22:27.0589 1008        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:22:27.0766 1008        tunmp - ok
14:22:27.0895 1008        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:22:27.0919 1008        tunnel - ok
14:22:28.0004 1008        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
14:22:28.0013 1008        uagp35 - ok
14:22:28.0098 1008        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:22:28.0118 1008        udfs - ok
14:22:28.0245 1008        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
14:22:28.0253 1008        uliagpkx - ok
14:22:28.0336 1008        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
14:22:28.0349 1008        uliahci - ok
14:22:28.0496 1008        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:22:28.0506 1008        UlSata - ok
14:22:28.0598 1008        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:22:28.0609 1008        ulsata2 - ok
14:22:28.0727 1008        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:22:28.0762 1008        umbus - ok
14:22:29.0232 1008        usbccgp        (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
14:22:29.0292 1008        usbccgp - ok
14:22:29.0593 1008        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:22:29.0657 1008        usbcir - ok
14:22:29.0978 1008        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:22:30.0033 1008        usbehci - ok
14:22:30.0194 1008        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:22:30.0270 1008        usbhub - ok
14:22:30.0561 1008        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:22:30.0591 1008        usbohci - ok
14:22:30.0821 1008        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:22:30.0970 1008        usbprint - ok
14:22:31.0252 1008        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:22:31.0324 1008        USBSTOR - ok
14:22:31.0477 1008        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
14:22:31.0522 1008        usbuhci - ok
14:22:31.0732 1008        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
14:22:31.0767 1008        vga - ok
14:22:31.0921 1008        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:22:31.0950 1008        VgaSave - ok
14:22:32.0129 1008        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
14:22:32.0139 1008        viaagp - ok
14:22:32.0331 1008        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
14:22:32.0382 1008        ViaC7 - ok
14:22:32.0518 1008        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
14:22:32.0528 1008        viaide - ok
14:22:32.0791 1008        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:22:32.0987 1008        volmgr - ok
14:22:33.0146 1008        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:22:33.0378 1008        volmgrx - ok
14:22:33.0514 1008        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:22:33.0529 1008        volsnap - ok
14:22:34.0067 1008        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
14:22:34.0078 1008        vsmraid - ok
14:22:34.0162 1008        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:22:34.0232 1008        WacomPen - ok
14:22:34.0379 1008        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:22:34.0432 1008        Wanarp - ok
14:22:34.0501 1008        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:22:34.0519 1008        Wanarpv6 - ok
14:22:34.0803 1008        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
14:22:34.0812 1008        Wd - ok
14:22:35.0073 1008        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:22:35.0197 1008        Wdf01000 - ok
14:22:35.0475 1008        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:22:35.0491 1008        WmiAcpi - ok
14:22:35.0792 1008        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:22:35.0820 1008        ws2ifsl - ok
14:22:36.0016 1008        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:22:36.0060 1008        WUDFRd - ok
14:22:36.0142 1008        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:22:36.0480 1008        \Device\Harddisk0\DR0 - ok
14:22:36.0496 1008        Boot (0x1200)  (377c0b20a792b3fd5328271b55efc9ab) \Device\Harddisk0\DR0\Partition0
14:22:36.0497 1008        \Device\Harddisk0\DR0\Partition0 - ok
14:22:36.0522 1008        Boot (0x1200)  (4433ca861d078d3a093871e153cb19e2) \Device\Harddisk0\DR0\Partition1
14:22:36.0522 1008        \Device\Harddisk0\DR0\Partition1 - ok
14:22:36.0523 1008        ============================================================
14:22:36.0523 1008        Scan finished
14:22:36.0523 1008        ============================================================
14:22:36.0547 1556        Detected object count: 2
14:22:36.0547 1556        Actual detected object count: 2
14:22:49.0207 1556        avmeject ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:49.0207 1556        avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:22:49.0208 1556        SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
14:22:49.0208 1556        SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 15.11.2011 14:40
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Blumenwiese 15.11.2011 15:03
[code]

anCombofix Logfile:
Code:
ComboFix 11-11-15.01 - * 15.11.2011  14:57:02.1.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.2309 [GMT 1:00]
ausgeführt von:: c:\users\*\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20111114112950.125597
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\System Restore.lnk
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\Uninstall System Restore.lnk
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-10-15 bis 2011-11-15  ))))))))))))))))))))))))))))))
.
.
2011-11-15 14:00 . 2011-11-15 14:00        --------        d-----w-        c:\users\*\AppData\Local\temp
2011-11-15 11:00 . 2011-11-15 11:00        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8B898B3-213A-4605-8EC4-4C6E523A6F8F}\offreg.dll
2011-11-15 10:52 . 2011-11-15 10:52        --------        d-----w-        C:\_OTL
2011-11-14 16:22 . 2011-11-14 16:22        --------        d-----w-        c:\windows\Sun
2011-11-14 14:28 . 2011-11-14 14:28        --------        d-----w-        c:\program files\ESET
2011-11-11 07:58 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8B898B3-213A-4605-8EC4-4C6E523A6F8F}\mpengine.dll
2011-11-09 08:06 . 2011-10-17 11:41        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 08:06 . 2011-09-20 21:02        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-11-09 08:06 . 2011-09-30 15:57        707584        ----a-w-        c:\program files\Common Files\System\wab32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-28 11:42 . 2011-09-28 11:42        0        ----a-w-        c:\users\*\AppData\Local\BITE860.tmp
2011-09-27 05:56 . 2011-05-17 13:06        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-06 13:30 . 2011-10-14 07:04        2043392        ----a-w-        c:\windows\system32\win32k.sys
2011-09-05 06:37 . 2011-09-05 06:37        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2011-09-05 06:37 . 2011-09-05 06:37        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2011-09-05 06:37 . 2011-09-05 06:37        161792        ----a-w-        c:\windows\system32\msls31.dll
2011-09-05 06:37 . 2011-09-05 06:37        86528        ----a-w-        c:\windows\system32\iesysprep.dll
2011-09-05 06:37 . 2011-09-05 06:37        63488        ----a-w-        c:\windows\system32\tdc.ocx
2011-09-05 06:37 . 2011-09-05 06:37        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2011-09-05 06:37 . 2011-09-05 06:37        367104        ----a-w-        c:\windows\system32\html.iec
2011-09-05 06:37 . 2011-09-05 06:37        74752        ----a-w-        c:\windows\system32\iesetup.dll
2011-09-05 06:37 . 2011-09-05 06:37        420864        ----a-w-        c:\windows\system32\vbscript.dll
2011-09-05 06:37 . 2011-09-05 06:37        23552        ----a-w-        c:\windows\system32\licmgr10.dll
2011-09-05 06:37 . 2011-09-05 06:37        152064        ----a-w-        c:\windows\system32\wextract.exe
2011-09-05 06:37 . 2011-09-05 06:37        150528        ----a-w-        c:\windows\system32\iexpress.exe
2011-09-05 06:37 . 2011-09-05 06:37        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-09-05 06:37 . 2011-09-05 06:37        35840        ----a-w-        c:\windows\system32\imgutil.dll
2011-09-05 06:37 . 2011-09-05 06:37        142848        ----a-w-        c:\windows\system32\ieUnatt.exe
2011-09-05 06:37 . 2011-09-05 06:37        11776        ----a-w-        c:\windows\system32\mshta.exe
2011-09-05 06:37 . 2011-09-05 06:37        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll
2011-09-05 06:37 . 2011-09-05 06:37        101888        ----a-w-        c:\windows\system32\admparse.dll
2011-08-31 15:00 . 2011-05-20 08:16        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-08-25 16:15 . 2011-10-14 07:03        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14 . 2011-10-14 07:03        563712        ----a-w-        c:\windows\system32\oleaut32.dll
2011-08-25 16:14 . 2011-10-14 07:03        238080        ----a-w-        c:\windows\system32\oleacc.dll
2011-08-25 13:31 . 2011-10-14 07:03        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
2011-10-06 10:35 . 2011-05-23 07:07        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoReadonly]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2C}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2C}]
2011-08-01 17:19        1104656        ----a-w-        c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSynced]
@="{7479C9AF-DA81-4944-92E5-23E49390BB2A}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB2A}]
2011-08-01 17:19        1104656        ----a-w-        c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoSyncing]
@="{7479C9AF-DA81-4944-92E5-23E49390BB29}"
[HKEY_CLASSES_ROOT\CLSID\{7479C9AF-DA81-4944-92E5-23E49390BB29}]
2011-08-01 17:19        1104656        ----a-w-        c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00HumyoUnavailable]
@="{06F5F772-99DF-4191-9AED-3037B0DF154B}"
[HKEY_CLASSES_ROOT\CLSID\{06F5F772-99DF-4191-9AED-3037B0DF154B}]
2011-08-01 17:19        1104656        ----a-w-        c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-05 39408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]
"Skytel"="Skytel.exe" [2008-09-09 1833504]
"Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-10-14 20480]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 11\Register\registration.exe" [2005-02-17 315392]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-06-12 998400]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-06-07 618496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\users\*\Desktop\OTL.exe" [2011-11-14 584192]
.
c:\users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OneNote Inhaltsverzeichnis.onetoc2 [2010-1-7 3656]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Trend Micro SafeSync.lnk - c:\program files\Trend Micro SafeSync\HrfsClient.exe [2011-9-4 2210576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"Google Update"="c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 ACEDRV09;ACEDRV09;c:\windows\system32\drivers\ACEDRV09.sys [2009-06-09 110304]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DBService;DATA BECKER Update Service;c:\program files\Common Files\DATA BECKER Shared\DBService.exe [2009-10-13 187456]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R2 Realtek11nSU;Realtek11nSU;c:\program files\Realtek\11n USB Wireless LAN Utility\RtlService.exe [2009-07-10 36864]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-09-10 5120]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2008-09-05 4352]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [2008-09-05 265088]
R3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2008-09-05 419328]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 hrfsmrx;hrfsmrx;c:\windows\System32\Drivers\hrfsmrx.sys [2011-08-01 143120]
R3 OnlineStorageService;OnlineStorageService;c:\program files\Trend Micro SafeSync\hrfscore.exe [2011-08-01 3730192]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2011-03-10 526848]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 10621496
*Deregistered* - 10621496
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-14 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 12:00]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 09:57]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 09:57]
.
2011-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000Core.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26 07:17]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1121016878-2803726019-2787449478-1000UA.job
- c:\users\*\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-26 07:17]
.
2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{E06AF3D3-5AFE-464C-84A3-8485B5260C55}.job
- c:\windows\system32\msfeedssync.exe [2011-09-05 06:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.2.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://ips.poi.de/ips-opdata/operator/69189345/objects/jordan.cab
FF - ProfilePath - c:\users\*\AppData\Roaming\Mozilla\Firefox\Profiles\v1uhkq63.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
AddRemove-web2date - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-11-15 15:00
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1816)
c:\program files\Trend Micro SafeSync\HrfsShellExtension.dll
.
Zeit der Fertigstellung: 2011-11-15  15:01:31
ComboFix-quarantined-files.txt  2011-11-15 14:01
.
Vor Suchlauf: 9 Verzeichnis(se), 438.373.535.744 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 437.246.844.928 Bytes frei
.
- - End Of File - - D26410FD281C8B168AB013981498C966
--- --- ---

cosinus 15.11.2011 15:38
Zitat:
Boot type: Safe boot with network
Warum machst du eigentlich ALLES im angesicherten Modus mit Netzwerktreibern?
Soweit nicht anders erwähnt, solltest du möglichst alles im normalen Modus machen.

Blumenwiese 16.11.2011 08:33
Naja,

im normalen Modus haute mir der Trojaner das System zusammen bis zu einem Bluescreen. Ich konnte ja nicht mal Malwarebytes ausführen zu Anfang. Daher schien mir das als sichere Variante, um zu scannen und zu posten.

Was soll ich nun machen? Wie gehts weiter? Bin nun im normalen Modus.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:15 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28