Trojaner-Board - Trojan.BHO und anderes lustiges Zeugs

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Trojan.BHO und anderes lustiges Zeugs (https://www.trojaner-board.de/105403-trojan-bho-anderes-lustiges-zeugs.html)

Trojan.BHO und anderes lustiges Zeugs

Hallo,

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Datenbank Version: 8226

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

23.11.2011 20:50:58

mbam-log-2011-11-23 (20-50-58).txt

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 188258

Laufzeit: 6 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 16

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 2

Infizierte Dateien: 1

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:

HKEY_CLASSES_ROOT\AppID\{647D5A4E-78B5-53ED-7E75-1940D1DFFEA4} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{2C86C605-6081-D104-96F7-F765C20B22F1} (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingAdsHelper.PornPro_BHO.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingAdsHelper.PornPro_BHO (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{913E9215-EB81-7E43-76E6-FC26E50E264C} (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingAdsHelper.BrowserWatcher.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingAdsHelper.BrowserWatcher (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{AF56FD81-28A2-0159-4922-1211155898A9} (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingAdsHelper.PrecacheBrowserHost.1 (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\ShoppingAdsHelper.PrecacheBrowserHost (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\ShoppingAdsHelper.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\ShoppingAdsHelper (Adware.ShoppingAdsHelper) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Foxicle (Adware.Foxicle) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:

c:\program files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

c:\Users\Karin\AppData\Roaming\microsoft\Windows\start menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Infizierte Dateien:

c:\program files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.

Weitere Log-Dateien gibt es nicht.

OTL Logfile:
OTL EXTRAS Logfile:

Code:

OTL logfile created on: 24.11.2011 12:12:44 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Karin\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,96% Memory free

6,21 Gb Paging File | 5,14 Gb Available in Paging File | 82,63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 278,56 Gb Total Space | 208,14 Gb Free Space | 74,72% Space Free | Partition Type: NTFS

Drive D: | 19,52 Gb Total Space | 2,21 Gb Free Space | 11,32% Space Free | Partition Type: FAT32

 

Computer Name: 24-01-09-PC | User Name: Karin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.11.24 12:08:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Downloads\OTL.exe

PRC - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe

PRC - [2011.11.15 08:55:50 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

PRC - [2011.11.15 08:54:50 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe

PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.07.03 12:43:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.05.04 13:49:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2010.11.02 21:21:30 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.08.28 18:36:28 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared Files\brs.exe

PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2006.01.30 17:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe

PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.11.19 17:04:22 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)

SRV - [2011.11.15 08:54:50 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.11.15 08:52:56 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.03 12:43:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.05.04 13:49:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)

SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.08.11 12:12:43 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)

DRV - [2011.07.03 12:43:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.03 12:43:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.03.23 11:58:14 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.09.14 12:39:02 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/06 17:11:17] [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})

DRV - [2009.08.28 18:36:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/11/16 10:19:34] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})

DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.10.02 10:52:50 | 000,175,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)

DRV - [2008.09.29 21:29:00 | 007,593,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008.05.02 06:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2005.08.30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin

FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter

 

 
 ========== Chrome  ==========

 

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)

O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [OrderReminder] C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E8A2319-425F-4F6A-83ED-D7DE6F1A8B21}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5BEFE19-EB18-4821-80AB-0FD89C738699}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FADDC20C-0D3A-443F-A3EA-5238F9D39D69}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell\AutoRun\command - "" = F:\VTP_Manager.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (MACHINE BootExecut)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.11.23 22:35:56 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Systweak

[2011.11.23 22:35:54 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe

[2011.11.23 20:30:32 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Malwarebytes

[2011.11.23 20:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.11.23 20:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.11.23 20:30:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.11.23 20:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.11.20 19:24:58 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\Paybackcoupons

[2011.11.20 19:20:32 | 000,000,000 | ---D | C] -- C:\Users\Karin\Payback

[2011.11.20 19:18:31 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\Betriebsrat

[2011.11.20 18:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011.11.20 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 7.0

[2011.11.20 17:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 7.0

[2011.11.20 17:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects

[2011.11.20 17:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\StarFinanz

[2011.11.20 17:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\StarMoney 7.0

[2011.11.19 19:11:00 | 000,000,000 | R--D | C] -- C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8

[2011.11.19 19:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011.11.19 19:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011.11.19 18:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.11.19 18:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.11.19 18:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.11.19 18:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011.11.19 17:04:28 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2011.11.19 17:04:28 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2011.11.16 12:37:22 | 000,000,000 | ---D | C] -- C:\MQAReport_q

[2011.11.16 10:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink

[2011.10.28 15:59:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2 C:\Users\Karin\*.tmp files -> C:\Users\Karin\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.11.24 12:17:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{86E5CCA8-6AC9-493A-B5A9-4366879E2D22}.job

[2011.11.24 11:15:05 | 000,056,767 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011.11.24 11:14:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.11.24 11:14:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.11.24 11:14:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.11.24 11:14:44 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys

[2011.11.23 23:21:42 | 000,056,767 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011.11.23 23:07:33 | 000,001,660 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin

[2011.11.23 22:15:15 | 000,000,000 | ---- | M] () -- C:\Users\Karin\defogger_reenable

[2011.11.23 20:30:24 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.22 10:29:45 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.11.22 10:29:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.11.22 10:29:45 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.11.22 10:29:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.11.21 18:15:18 | 000,472,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.11.20 18:08:16 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011.11.20 17:22:39 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk

[2011.11.19 19:06:52 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011.11.19 18:46:55 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.11.19 17:51:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.11.19 17:51:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.11.19 17:04:22 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk

[2011.11.19 17:04:22 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk

[2011.11.19 16:58:24 | 000,000,105 | ---- | M] () -- C:\Users\Karin\AppData\Roaming\default.pls

[2011.11.19 16:47:31 | 000,006,144 | ---- | M] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.11.15 08:56:22 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe

[2011.11.15 08:53:02 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2011.11.15 08:52:56 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2 C:\Users\Karin\*.tmp files -> C:\Users\Karin\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.11.23 23:02:04 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin

[2011.11.23 22:15:15 | 000,000,000 | ---- | C] () -- C:\Users\Karin\defogger_reenable

[2011.11.23 20:30:24 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.20 18:08:16 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011.11.20 17:22:39 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk

[2011.11.19 19:06:52 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011.11.19 18:46:55 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.08.13 09:43:30 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1018.dll

[2011.06.28 13:11:23 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll

[2011.04.03 14:16:46 | 000,000,038 | ---- | C] () -- C:\Windows\System32\ZX9EQJT7_{EFFCF240-71E7-4A74-AD20-14C1C3836F69}.dat

[2011.03.11 17:28:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2009.07.10 17:46:35 | 000,006,144 | ---- | C] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.06.24 18:29:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.06.24 18:29:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.05.13 20:52:54 | 000,172,032 | ---- | C] () -- C:\Windows\WsBtn.dll

[2009.03.13 21:51:11 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll

[2009.02.22 11:29:41 | 000,000,105 | ---- | C] () -- C:\Users\Karin\AppData\Roaming\default.pls

[2009.02.13 16:44:57 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini

[2009.02.07 15:07:19 | 000,004,607 | ---- | C] () -- C:\Windows\hpdj3600.ini

[2009.02.07 13:45:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.02.06 14:30:47 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2009.02.06 14:29:57 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2009.02.01 18:13:24 | 000,007,592 | ---- | C] () -- C:\Users\Karin\AppData\Local\d3d9caps.dat

[2009.01.25 14:31:47 | 000,000,511 | ---- | C] () -- C:\Windows\wiso.ini

[2009.01.24 18:12:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008.12.09 20:13:56 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.12.09 20:13:56 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.12.09 20:13:56 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.12.09 20:13:56 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2008.12.09 13:05:06 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat

[2008.12.09 12:53:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008.12.09 12:53:31 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE3.sys

[2008.12.09 12:53:30 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys

[2008.12.09 12:53:30 | 000,294,016 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys

[2008.12.09 12:53:30 | 000,175,360 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE.sys

[2008.12.09 11:25:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2007.12.10 08:00:00 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE

[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll

[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,472,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll

[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll

[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

 
 ========== LOP Check ==========

 

[2011.08.02 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BOM

[2009.05.31 14:41:31 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Buhl Data Service

[2009.01.25 21:15:30 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BullGuard

[2011.08.14 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoft

[2011.05.22 15:09:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.10.11 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\elsterformular

[2010.12.07 16:13:25 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\gtk-2.0

[2010.04.30 11:09:02 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\K-PACS-Lite

[2011.04.14 15:32:47 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\ML

[2010.02.27 15:39:28 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Nokia

[2010.02.27 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\PC Suite

[2011.08.16 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\phonostar GmbH

[2011.05.06 20:40:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Samsung

[2010.05.06 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\SparweltGutschein

[2011.11.23 23:03:00 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Systweak

[2010.04.12 09:52:19 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Tobit

[2009.01.26 14:31:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\TuneUp Software

[2009.05.13 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Vodafone

[2011.11.24 09:42:19 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.11.24 12:17:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{86E5CCA8-6AC9-493A-B5A9-4366879E2D22}.job

 
 ========== Purity Check ==========

Code:

OTL Extras logfile created on: 24.11.2011 12:12:44 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Karin\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 67,96% Memory free

6,21 Gb Paging File | 5,14 Gb Available in Paging File | 82,63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 278,56 Gb Total Space | 208,14 Gb Free Space | 74,72% Space Free | Partition Type: NTFS

Drive D: | 19,52 Gb Total Space | 2,21 Gb Free Space | 11,32% Space Free | Partition Type: FAT32

 

Computer Name: 24-01-09-PC | User Name: Karin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03A069D7-066B-450A-AEAA-C981280A53C9}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{05D6220F-DF41-4432-8C37-B82E101EAAF2}" = lport=138 | protocol=17 | dir=in | app=system |

"{09912E9B-52A0-431A-973A-6D3F92F21580}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{0B0E0601-3D0B-4F4C-A983-3E96D804BB31}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{1A2991F1-9F1C-4A7D-9F17-3B80607EE529}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{1A30A740-EEA1-441E-90BE-8BEFBC485BF7}" = lport=5357 | protocol=6 | dir=in | app=system |

"{225871D0-086A-47F1-8517-5ECF48921AD1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{237DE376-D79E-4E98-8A27-9DDB71DDA9C7}" = rport=137 | protocol=17 | dir=out | app=system |

"{23BAE9EA-1B55-4917-9A80-8CBEC6BA8842}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |

"{266D28D2-C6B2-414F-B96B-CDF67C78A5F7}" = lport=2869 | protocol=6 | dir=in | app=system |

"{342DEE81-0657-44FC-9505-AC2ABC5E0EE6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{361B293E-F7E7-41AF-8D32-671DCB96307B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{368EDBE8-60D8-4349-81BB-A048347E85F4}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{3887C2C1-8D4C-4523-B532-8E0F46EF6922}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{390CDCB1-3F56-4B00-8038-99B85DE87B7A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3AB0E24B-10D9-4713-80AC-E4800CEDCCB2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{3F8F56F5-95E2-4AAA-96A9-8DB70FFC3F60}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{45A47686-3453-4DEC-A447-FCE1F3488FAF}" = lport=5358 | protocol=6 | dir=in | app=system |

"{4642C7E0-75B4-4943-A975-63F85AB19144}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{49116ED8-380B-458F-A41B-12009CDB7339}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |

"{498648D4-DA1F-4EB8-B84E-0E74EACEC119}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{499FD273-4025-454C-84B4-7C38243F45CA}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{4AD1ABA8-75A5-4302-B31A-6200A52F8036}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{4C8B705A-7886-4FC0-813B-36905212159F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{56113B4E-EB3B-4723-983D-1D0AEB3A6862}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |

"{5D560D5F-E4A4-407B-B421-9939F7AFB27C}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |

"{60B0686F-AB23-4D6E-BD92-A43AB3BC34B7}" = rport=139 | protocol=6 | dir=out | app=system |

"{613700A5-3529-4924-82B4-DA4E28F87F5B}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |

"{6270E95A-F0D9-4596-94E5-CD262C02B572}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |

"{6452F075-9E19-462B-AA3B-0C8D2BA06447}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{6936C1B3-AB4C-471E-8988-324397777EF3}" = lport=10243 | protocol=6 | dir=in | app=system |

"{6C2E790C-67DD-4F4E-853B-D69F7DAAC178}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |

"{6FBC1412-4495-4F14-80D9-7A42B54E0ADE}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |

"{73502BD1-5CD2-4BE0-9D23-7C1F143B3983}" = lport=40823 | protocol=17 | dir=in | name=emule |

"{7685F925-44BA-4E81-83B6-B1B21264C8E0}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{7940E762-55C3-47EE-8051-02FF0EBCD5D2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{79F3C6AF-98AB-4016-BB6F-752810B23783}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{7D4F780C-F402-4E53-8E9F-2FB9175FA8D6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{83F8B635-C6B5-410B-9FE1-98BEACAE8AC5}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |

"{92E3A5B1-BF5D-483F-BAC6-3CA42EBC85B2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{974A9343-8838-4A80-A5B5-3D5B9205861D}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |

"{9A6C2CE9-9DDE-4FBA-8078-CF7D5FEEA741}" = rport=5358 | protocol=6 | dir=out | app=system |

"{9DEEFCAB-CEBC-464D-B67D-EF721472DD08}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9F394D8B-29D6-4316-A2C8-2E37B3097513}" = lport=139 | protocol=6 | dir=in | app=system |

"{9F5BE16E-FEEF-4D89-962B-D9287946D786}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{A2C7CD6B-1BEC-4B9A-82EC-5568F787F0FE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A3AB2A0A-09BB-4150-9123-0C8D3D47D656}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |

"{B134D277-D3D3-4274-8F53-E6848F69B0C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B563FE0E-7D0F-4187-A249-BBBCE12CEACC}" = rport=5357 | protocol=6 | dir=out | app=system |

"{BAD5D785-F0F5-4A80-9AF7-0BEFC3968557}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |

"{C0F00A23-0138-4D4A-B7CE-292022DD1B86}" = rport=445 | protocol=6 | dir=out | app=system |

"{C222B250-E58D-44C3-91AA-0DF5FD900A11}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C32EF195-4DD9-4C68-AB1E-B12E6426CE41}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{CAC25B60-3FF5-4898-A4C4-1515F97312ED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{CF18FAD4-CA96-4D10-8EF8-15B0D55E44ED}" = rport=138 | protocol=17 | dir=out | app=system |

"{CF3E0DE7-550A-4370-B98B-5E8816FD1203}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D095823F-6398-4862-9581-3E0BBCBFA742}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D4008930-367A-4FA1-B559-3659E79B7AFE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{DE4E1E09-DB42-4F21-ADEF-F171423396E0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E2511168-59EF-4944-B3D2-F626489B3A1E}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{E8BD188B-37F8-453F-8319-C42F4B802E28}" = rport=2869 | protocol=6 | dir=out | app=system |

"{EB2C1C73-7721-4745-B698-96FA59065756}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{EF1E5717-A446-4292-97BF-0D38CA0EBF96}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F637582C-D047-4AE9-A5FF-C07FCF414AA6}" = lport=445 | protocol=6 | dir=in | app=system |

"{FB599224-CDD2-47DF-8376-BF062F785EF9}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |

"{FC5F5518-258E-4039-B5D6-3AFB07AF5687}" = lport=137 | protocol=17 | dir=in | app=system |

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{013EC4CF-8B13-4611-BCA7-99F7CE4A07BD}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe |

"{022D32B1-58AB-405D-841D-0A68050F3B19}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |

"{030F62AF-DE53-42C3-8F70-B95A9422959E}" = protocol=6 | dir=in | app=e:\fsetup.exe |

"{094AC69B-0D83-41F9-8797-93F4930B212C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{0CFD38CB-72AF-4991-A66A-CC50C805EA22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{179C71A3-F798-477D-83CF-CD4340F0FC33}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{185C0F07-485F-4D8A-8401-B06DB1D34CD3}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |

"{18CEB5B7-8580-4D8F-BEFF-22B832A63C86}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1C81244F-1B53-48D4-9A38-A1F3F5E1EBDA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{2DDA5972-DBB8-47FA-A8FC-C6092A0EA20B}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |

"{2F7A52B8-53B0-45AE-935E-64EF5A32B5F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{2FF42EC3-2C21-4374-8C40-F89C8E07B24F}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |

"{3020A3E7-22E7-40B2-8FF5-8A98D2C392A9}" = protocol=17 | dir=in | app=c:\users\karin\appdata\local\apps\2.0\hr00omqq.5o6\61btww03.yyo\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |

"{30645E84-E0DF-4B13-BAD3-3F170A7E7AD1}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |

"{46FBC8DD-4F9E-4822-A7C3-3D7C39CC7405}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{47203123-CC5E-4065-9537-51D442014BB5}" = protocol=17 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe |

"{472D50AE-6907-4C84-A76F-18AD9C532504}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |

"{4A1EE710-742E-4502-9B65-B3493D95551D}" = protocol=17 | dir=in | app=e:\fsetup.exe |

"{4CEFC5D9-4E41-4803-836B-5902F8CE315A}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\app\starmoney.exe |

"{4DF030EE-E4F2-4C57-BFF4-89725126CD4C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{4FA8C39D-407F-4280-928C-3C2CEDBB7400}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |

"{4FC9228F-BFFF-461D-AAD4-23445DA39B0E}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{4FFCECB3-3AB1-41E5-8167-3818E7E31FB0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{50CA6E84-A250-42CE-A57E-F217CBDEA33D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{513157A3-5FB3-4157-B4D8-2B627D801AFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{5265AE0E-BB76-4081-904F-C5CEBB72DF6C}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{53B00529-AB4A-4183-9C76-8B3988485EC6}" = protocol=6 | dir=in | app=c:\users\karin\appdata\local\apps\2.0\hr00omqq.5o6\61btww03.yyo\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |

"{555FDF37-FD79-489E-9886-BFEC22D95E6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5E1804C6-697E-4383-BCA3-2FA1D08AF47D}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{64671DAC-C4C8-42BA-859A-AC02D6BFEBDF}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |

"{648A1F8D-7861-4720-9736-2FF50F217962}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{64A3ED39-E9B5-494D-8E83-4D48FF2E6B01}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{64D21B49-C735-43A8-8279-72A013863D8E}" = protocol=6 | dir=out | app=system |

"{6A408D44-BF7C-4C59-87EE-D41B3FA1CE14}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |

"{6A535726-DDAB-4EA0-82AA-8E2F6AAF2506}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |

"{6C73A5E9-ECDC-4CB3-9DB3-3EBC3E187ABA}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |

"{6C7A094F-A4CE-4DE1-94EC-4ECDD35EA9C0}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{6D0BCED8-5F8D-4855-911E-C26EAEDF8C04}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |

"{7B7708E5-1590-4449-B26F-48091A839A90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7D605499-89B5-4BB0-8770-25EBDAE97EFF}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |

"{7ECFC43D-5708-4DBC-8786-9C6FD3352B59}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |

"{7FE1C699-EB9D-485E-B769-CE8BBF42A30B}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |

"{8218C9FF-4759-462B-B010-5A48AA4B814E}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{8A73B466-F320-4F79-852F-B0DFF70BB197}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |

"{8FCB56A4-6561-4D30-88AB-A5BFA73D34FB}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |

"{90D7E835-1FB4-46FD-ADC2-025748278C28}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |

"{9634A17C-F4B1-454A-9D9F-BFB5B5832B0D}" = protocol=6 | dir=in | app=c:\users\karin\appdata\local\apps\2.0\hr00omqq.5o6\61btww03.yyo\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |

"{9C4FAD13-5F4D-4E4B-B8F9-F4EA747C68C9}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |

"{A0A99AC6-C721-40CC-93B9-DEB61A8059FB}" = protocol=17 | dir=in | app=c:\users\karin\appdata\local\apps\2.0\hr00omqq.5o6\61btww03.yyo\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe |

"{A4D0D82F-5F92-45AA-85FE-67C0F72FD046}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |

"{A71D3663-4321-4AC8-B949-22071ADBFDD1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{AB9CD28F-AFD6-4F22-B9F7-EEFEF266E50C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{ABF9C6C5-C704-4455-BA46-D577C9617859}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{AC516A57-1616-4257-AD24-322D7FD19C3B}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe |

"{B92C7C80-DE76-472D-B6E7-EF2F53705ACD}" = protocol=6 | dir=in | app=c:\program files\tobit radio.fx\client\rfx-client.exe |

"{D20599EA-33A0-4C93-968C-5198E8C3B8AB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{D3F3DB90-B75E-4968-859E-60B8BE6629AC}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |

"{DFCCD596-4399-474F-A14B-DE2958B8B2D8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{E8857001-1203-4CC4-B1DF-FF08D38D6654}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |

"{EFB8A413-2964-4E22-AEC9-9FBB2455F0D1}" = protocol=17 | dir=in | app=c:\program files\tobit radio.fx\server\rfx-server.exe |

"{F08B226B-5158-4F9E-BFBD-F46C1B15B9F6}" = protocol=6 | dir=in | app=c:\program files\starmoney 7.0\ouservice\starmoneyonlineupdate.exe |

"{F1A75584-0B5B-4691-8142-7723B8C61BA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F3971018-CA8B-4910-AD95-01C10C437089}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{F825E5AA-B8D0-4767-989F-F0C4FFA066E2}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |

"{F8949F23-B9D7-4AFF-80CC-4616F61B0723}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |

"{FFB73710-1F8D-40BA-AFF0-97899441B17A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"TCP Query User{0BB6F299-3947-4935-8614-1831C905E257}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"TCP Query User{0F6F69CC-2EA7-4BC4-817A-2F55867C6567}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"TCP Query User{4C08EC06-46DF-4F51-B530-F298CED90029}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |

"TCP Query User{8D0675FA-2716-4478-B9E1-3A33C60992F9}C:\casino\bwin casino\casino.exe" = protocol=6 | dir=in | app=c:\casino\bwin casino\casino.exe |

"TCP Query User{A1D3AAED-8815-4F33-AFEE-A950B9BE2BF3}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |

"TCP Query User{B06AB857-A266-4C63-B933-5F639E77B59C}C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe |

"TCP Query User{B1EAD652-4820-4F6A-B55F-E7883B241CAF}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

"TCP Query User{BEBFCC43-6434-4A82-993F-78BB44F7D4E7}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

"TCP Query User{C6F4AD5F-25CF-4032-B1D6-8F17C04B0197}C:\program files\simplecenter\home media server.exe" = protocol=6 | dir=in | app=c:\program files\simplecenter\home media server.exe |

"TCP Query User{E1ABF2EC-AC64-49BD-A65D-1361B451EB74}C:\casino\bwin casino\casino.exe" = protocol=6 | dir=in | app=c:\casino\bwin casino\casino.exe |

"TCP Query User{ED421BFC-D552-461A-9700-A0FB35C7E498}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{13F9ED1F-105D-45E5-902C-87F18B5A84D3}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"UDP Query User{17A96713-461A-4027-AB0A-57CEBD5EADF9}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

"UDP Query User{1EFEAC83-0121-4A96-B8C3-3A6CBD26DB92}C:\program files\simplecenter\home media server.exe" = protocol=17 | dir=in | app=c:\program files\simplecenter\home media server.exe |

"UDP Query User{3C704716-B88B-4494-A398-2BAF7EC301AD}C:\casino\bwin casino\casino.exe" = protocol=17 | dir=in | app=c:\casino\bwin casino\casino.exe |

"UDP Query User{5C3A9EA5-F63C-481D-9F9F-9D651BD9DC1D}C:\program files\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero mediahome\nmmediaserver.exe |

"UDP Query User{7856796D-44B2-4895-9C05-84DA2501A4E0}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

"UDP Query User{79D06EAE-C69F-4722-B7CC-202EAA8F4668}C:\casino\bwin casino\casino.exe" = protocol=17 | dir=in | app=c:\casino\bwin casino\casino.exe |

"UDP Query User{8006DEE8-6E59-4104-B221-DC671E1A1521}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

"UDP Query User{CC17D4FE-A7C6-48FF-9CAC-2C834868289E}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |

"UDP Query User{D1C98D10-B868-4C8B-883B-C04BB13EF8A1}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe |

"UDP Query User{E50A7AEC-E263-4AAA-B9E8-DE3710BC1131}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM

"{013EFF7A-3F00-485B-9194-DD677C9EAFD5}" = StarMoney 7.0

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26

"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys Logic PC Camera Device

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)

"{80CCA55B-FCA8-47E2-9BFE-A24CDEE51031}" = SecurDisc Viewer

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail

"{83C68799-9E25-498C-B20F-F0FEE2AF3ACC}" = Sparwelt.de Gutschein Alarm

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN

"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne

"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie

"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE

"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3

"{B145EC69-66F5-11D8-9D75-000129760D75}" = CyberLink MakeDisc

"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer

"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon

"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AVMFBox" = AVM FRITZ!Box Dokumentation

"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss

"BFGC" = Big Fish Games Client

"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8

"bwin Casino" = bwin Casino

"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)

"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender

"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804

"Google Chrome" = Google Chrome

"Home Media Server 4.2.0.32" = Home Media Server 4.2.0.32

"HP OrderReminder" = HP OrderReminder

"hp print screen utility" = hp print screen utility

"HP-LaserJet 1018" = LaserJet 1018

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"IrfanView" = IrfanView (remove only)

"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)

"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)

"MAGIX Fotobuch" = MAGIX Fotobuch 3.6

"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)

"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)

"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300

"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NVIDIA Drivers" = NVIDIA Drivers

"PAYBACK Toolbar_is1" = PAYBACK Toolbar 1.0

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Tobit Radio.fx Server" = Radio.fx

"TuneUp Utilities" = TuneUp Utilities

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 0.9.8a

"WinRAR archiver" = WinRAR

"YInstHelper" = Yahoo! Install Manager

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 23.11.2011 18:09:20 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 23.11.2011 18:22:04 | Computer Name = 24-01-09-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 23.11.2011 18:22:05 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 23.11.2011 18:22:05 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 24.11.2011 04:26:09 | Computer Name = 24-01-09-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 24.11.2011 04:26:12 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 24.11.2011 04:26:12 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 24.11.2011 06:15:21 | Computer Name = 24-01-09-PC | Source = WinMgmt | ID = 10

Description =

 

Error - 24.11.2011 06:15:29 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

Error - 24.11.2011 06:15:29 | Computer Name = 24-01-09-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

 

[ System Events ]

Error - 22.11.2011 16:19:25 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 23.11.2011 05:35:47 | Computer Name = 24-01-09-PC | Source = Print | ID = 19

Description = Der Druckspooler konnte den Drucker PDFCreator nicht unter dem Namen

 PDFCreator freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern

 im Netzwerk verwendet werden.

 

Error - 23.11.2011 05:36:27 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 23.11.2011 15:56:14 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 23.11.2011 17:12:14 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 23.11.2011 18:08:39 | Computer Name = 24-01-09-PC | Source = Print | ID = 19

Description = Der Druckspooler konnte den Drucker PDFCreator nicht unter dem Namen

 PDFCreator freigeben. Fehler: 2114. Der Drucker kann nicht von anderen Benutzern

 im Netzwerk verwendet werden.

 

Error - 23.11.2011 18:09:15 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 23.11.2011 18:22:05 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 24.11.2011 04:26:10 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 24.11.2011 06:15:21 | Computer Name = 24-01-09-PC | Source = Service Control Manager | ID = 7000

Description =

 

 

< End of report >

--- --- ---

--- --- ---

GMER stürzt immer ab...

Liebe Grüße

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Code:

www.malwarebytes.orgDatenbank Version: 8267Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.1642129.11.2011 09:58:46

mbam-log-2011-11-29 (09-58-46).txtArt des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 186449

Laufzeit: 5 Minute(n), 9 Sekunde(n)Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.orgDatenbank Version: 8267Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.1642129.11.2011 22:40:58

mbam-log-2011-11-29 (22-40-58).txtArt des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 390835

Laufzeit: 1 Stunde(n), 23 Minute(n), 12 Sekunde(n)Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

www.malwarebytes.orgDatenbank Version: 8287Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.1642101.12.2011 23:32:51

mbam-log-2011-12-01 (23-32-51).txtArt des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 392641

Laufzeit: 1 Stunde(n), 25 Minute(n), 55 Sekunde(n)Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=9af897a11f947946a6656fedbd5800b9

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-01 08:54:16

# local_time=2011-12-01 09:54:16 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1797 16775165 100 100 369533 97660538 371725 0

# compatibility_mode=5892 16776573 100 100 7477 160296702 0 0

# compatibility_mode=8192 67108863 100 0 209509 209509 0 0

# scanned=217230

# found=1

# cleaned=0

# scan_time=8881

C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 04.12.2011 18:05:33 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Karin\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,77 Gb Available Physical Memory | 59,04% Memory free

6,21 Gb Paging File | 4,86 Gb Available in Paging File | 78,17% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 278,56 Gb Total Space | 195,33 Gb Free Space | 70,12% Space Free | Partition Type: NTFS

Drive D: | 19,52 Gb Total Space | 2,21 Gb Free Space | 11,32% Space Free | Partition Type: FAT32

 

Computer Name: 24-01-09-PC | User Name: Karin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.04 18:02:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTL.exe

PRC - [2011.11.29 10:50:03 | 010,826,624 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe

PRC - [2011.11.29 10:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe

PRC - [2011.11.29 10:50:03 | 002,669,952 | ---- | M] (TeamViewer GmbH) -- c:\Programme\TeamViewer\Version7\TeamViewer_Desktop.exe

PRC - [2011.11.29 10:33:26 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe

PRC - [2011.11.19 17:57:17 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe

PRC - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe

PRC - [2011.11.15 08:55:50 | 000,745,280 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

PRC - [2011.11.15 08:54:50 | 001,052,480 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

PRC - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe

PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.07.03 12:43:17 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.05.04 13:49:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.02.23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe

PRC - [2010.11.02 21:21:30 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.08.28 18:36:28 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\CyberLink\Shared Files\brs.exe

PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2006.01.30 17:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe

PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.11.29 10:50:03 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)

SRV - [2011.11.19 17:04:22 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)

SRV - [2011.11.18 14:51:12 | 003,673,944 | ---- | M] () [Auto | Running] -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)

SRV - [2011.11.15 08:54:50 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011.11.15 08:52:56 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2011.11.08 11:54:25 | 000,554,160 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Running] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.03 12:43:17 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.05.04 13:49:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2006.12.14 17:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)

SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.08.11 12:12:43 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)

DRV - [2011.07.03 12:43:18 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.03 12:43:18 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010.03.23 11:58:14 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2009.09.14 12:39:02 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/06 17:11:17] [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})

DRV - [2009.08.28 18:36:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/11/16 10:19:34] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})

DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2008.10.02 10:52:50 | 000,175,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBGENE.sys -- (DCamUSBGene)

DRV - [2008.09.29 21:29:00 | 007,593,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008.05.02 06:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2008.03.17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2005.08.30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.01 19:05:31 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin

FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter

 

[2011.12.01 19:05:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Karin\AppData\Roaming\mozilla\Extensions

[2011.12.01 19:05:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)

O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BDRegion] C:\Programme\CyberLink\Shared Files\brs.exe (cyberlink)

O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [OrderReminder] C:\Programme\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: PAYBACK Toolbar - {4840E489-677C-4a08-A1B5-FFAF5196531E} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E8A2319-425F-4F6A-83ED-D7DE6F1A8B21}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5BEFE19-EB18-4821-80AB-0FD89C738699}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FADDC20C-0D3A-443F-A3EA-5238F9D39D69}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell\AutoRun\command - "" = F:\VTP_Manager.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (MACHINE BootExecut)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.

ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 

ActiveX: >{b4db1911-e061-4cc6-aab1-6fe12ea65eac} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.04 18:02:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTL.exe

[2011.12.01 21:21:58 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\FreePDF

[2011.12.01 21:14:18 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\FreePDF_XP

[2011.12.01 21:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\FreePDF_XP

[2011.12.01 21:10:59 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\FreePDF

[2011.12.01 21:10:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF

[2011.12.01 21:10:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript

[2011.12.01 21:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\gs

[2011.12.01 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Mozilla

[2011.12.01 19:05:38 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Local\Mozilla

[2011.12.01 19:05:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2011.12.01 18:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer

[2011.11.29 10:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.11.29 09:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.11.29 09:50:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.11.29 09:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.11.24 12:22:54 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\Scan OTL

[2011.11.23 22:35:56 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Systweak

[2011.11.23 22:35:54 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe

[2011.11.23 20:30:32 | 000,000,000 | ---D | C] -- C:\Users\Karin\AppData\Roaming\Malwarebytes

[2011.11.23 20:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.11.20 19:24:58 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\Paybackcoupons

[2011.11.20 19:20:32 | 000,000,000 | ---D | C] -- C:\Users\Karin\Payback

[2011.11.20 19:18:31 | 000,000,000 | ---D | C] -- C:\Users\Karin\Desktop\Betriebsrat

[2011.11.20 18:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011.11.20 17:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\StarMoney 7.0

[2011.11.20 17:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 7.0

[2011.11.20 17:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\Business Objects

[2011.11.20 17:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\StarFinanz

[2011.11.20 17:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\StarMoney 7.0

[2011.11.19 19:11:00 | 000,000,000 | R--D | C] -- C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8

[2011.11.19 19:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011.11.19 19:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011.11.19 18:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.11.19 18:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.11.19 18:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011.11.19 18:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2011.11.19 17:04:28 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2011.11.19 17:04:28 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2011.11.16 12:37:22 | 000,000,000 | ---D | C] -- C:\MQAReport_q

[2011.11.16 10:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink

[2 C:\Users\Karin\*.tmp files -> C:\Users\Karin\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.04 18:11:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{86E5CCA8-6AC9-493A-B5A9-4366879E2D22}.job

[2011.12.04 18:02:50 | 000,056,767 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011.12.04 18:02:01 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Karin\Desktop\OTL.exe

[2011.12.04 17:41:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.04 17:41:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.04 09:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.04 09:41:35 | 3217,522,688 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.03 11:07:05 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.12.03 11:07:05 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.12.03 11:07:05 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.12.03 11:07:05 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.12.01 19:05:32 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.12.01 18:34:11 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2011.11.29 09:50:29 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.29 09:36:02 | 000,056,767 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011.11.24 23:31:17 | 000,302,592 | ---- | M] () -- C:\Users\Karin\Desktop\riq4bjrr.exe

[2011.11.24 23:21:54 | 000,000,928 | ---- | M] () -- C:\Users\Karin\Documents\Malwarebytes' Anti-Malware.lnk

[2011.11.23 23:07:33 | 000,001,660 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin

[2011.11.23 22:15:15 | 000,000,000 | ---- | M] () -- C:\Users\Karin\defogger_reenable

[2011.11.21 18:15:18 | 000,472,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.11.20 18:08:16 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011.11.20 17:22:39 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk

[2011.11.19 19:06:52 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011.11.19 18:46:55 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.11.19 17:51:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.11.19 17:51:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.11.19 17:04:22 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk

[2011.11.19 17:04:22 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk

[2011.11.19 16:58:24 | 000,000,105 | ---- | M] () -- C:\Users\Karin\AppData\Roaming\default.pls

[2011.11.19 16:47:31 | 000,006,144 | ---- | M] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.11.15 08:56:22 | 000,030,528 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe

[2011.11.15 08:53:02 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll

[2011.11.15 08:52:56 | 000,030,016 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll

[2 C:\Users\Karin\*.tmp files -> C:\Users\Karin\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.01 21:11:01 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

[2011.12.01 21:11:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe

[2011.12.01 19:05:32 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2011.12.01 19:05:31 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011.12.01 18:34:11 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk

[2011.12.01 18:34:11 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk

[2011.11.29 09:50:29 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.24 23:31:17 | 000,302,592 | ---- | C] () -- C:\Users\Karin\Desktop\riq4bjrr.exe

[2011.11.24 23:21:54 | 000,000,928 | ---- | C] () -- C:\Users\Karin\Documents\Malwarebytes' Anti-Malware.lnk

[2011.11.23 23:02:04 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin

[2011.11.23 22:15:15 | 000,000,000 | ---- | C] () -- C:\Users\Karin\defogger_reenable

[2011.11.20 18:08:16 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2011.11.20 17:22:39 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\StarMoney 7.0.lnk

[2011.11.19 19:06:52 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011.11.19 18:46:55 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011.08.13 09:43:30 | 000,106,496 | R--- | C] () -- C:\Windows\System32\vshp1018.dll

[2011.06.28 13:11:23 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll

[2011.04.03 14:16:46 | 000,000,038 | ---- | C] () -- C:\Windows\System32\ZX9EQJT7_{EFFCF240-71E7-4A74-AD20-14C1C3836F69}.dat

[2011.03.11 17:28:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2009.07.10 17:46:35 | 000,006,144 | ---- | C] () -- C:\Users\Karin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.06.24 18:29:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.06.24 18:29:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.05.13 20:52:54 | 000,172,032 | ---- | C] () -- C:\Windows\WsBtn.dll

[2009.03.13 21:51:11 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll

[2009.02.22 11:29:41 | 000,000,105 | ---- | C] () -- C:\Users\Karin\AppData\Roaming\default.pls

[2009.02.13 16:44:57 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini

[2009.02.07 15:07:19 | 000,004,607 | ---- | C] () -- C:\Windows\hpdj3600.ini

[2009.02.07 13:45:40 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.02.06 14:30:47 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2009.02.06 14:29:57 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2009.02.01 18:13:24 | 000,007,592 | ---- | C] () -- C:\Users\Karin\AppData\Local\d3d9caps.dat

[2009.01.25 14:31:47 | 000,000,511 | ---- | C] () -- C:\Windows\wiso.ini

[2009.01.24 18:12:38 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008.12.09 20:13:56 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.12.09 20:13:56 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.12.09 20:13:56 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.12.09 20:13:56 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2008.12.09 13:05:06 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat

[2008.12.09 12:53:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2008.12.09 12:53:31 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE3.sys

[2008.12.09 12:53:30 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys

[2008.12.09 12:53:30 | 000,294,016 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys

[2008.12.09 12:53:30 | 000,175,360 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE.sys

[2008.12.09 11:25:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2007.12.10 08:00:00 | 000,434,176 | ---- | C] () -- C:\Windows\System32\ZSHP1018.EXE

[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll

[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,472,008 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll

[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll

[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

 
 ========== LOP Check ==========

 

[2011.08.02 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BOM

[2009.05.31 14:41:31 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Buhl Data Service

[2009.01.25 21:15:30 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BullGuard

[2011.08.14 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoft

[2011.05.22 15:09:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.10.11 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\elsterformular

[2011.12.01 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\FreePDF

[2010.12.07 16:13:25 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\gtk-2.0

[2010.04.30 11:09:02 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\K-PACS-Lite

[2011.04.14 15:32:47 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\ML

[2010.02.27 15:39:28 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Nokia

[2010.02.27 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\PC Suite

[2011.08.16 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\phonostar GmbH

[2011.05.06 20:40:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Samsung

[2010.05.06 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\SparweltGutschein

[2011.11.23 23:03:00 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Systweak

[2010.04.12 09:52:19 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Tobit

[2009.01.26 14:31:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\TuneUp Software

[2009.05.13 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Vodafone

[2011.12.03 22:21:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.12.04 18:11:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{86E5CCA8-6AC9-493A-B5A9-4366879E2D22}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.03.02 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Adobe

[2011.11.19 19:12:54 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Apple Computer

[2010.03.27 15:36:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Avira

[2011.08.02 12:37:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BOM

[2009.05.31 14:41:31 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Buhl Data Service

[2009.01.25 21:15:30 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\BullGuard

[2010.02.17 10:28:11 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Corel

[2010.03.06 16:10:06 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\CyberLink

[2011.08.14 12:18:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoft

[2011.05.22 15:09:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers

[2011.10.11 17:17:36 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\elsterformular

[2011.12.01 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\FreePDF

[2009.01.26 13:35:24 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Google

[2010.12.07 16:13:25 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\gtk-2.0

[2009.01.25 21:14:04 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Identities

[2011.08.29 18:33:20 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\InstallShield

[2010.04.30 11:09:02 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\K-PACS-Lite

[2009.01.24 14:28:54 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Macromedia

[2011.11.23 20:30:32 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Malwarebytes

[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Media Center Programs

[2011.03.02 10:49:29 | 000,000,000 | --SD | M] -- C:\Users\Karin\AppData\Roaming\Microsoft

[2011.04.14 15:32:47 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\ML

[2011.12.01 19:05:38 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Mozilla

[2009.02.13 19:50:16 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Nero

[2010.02.27 15:39:28 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Nokia

[2010.02.27 15:37:03 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\PC Suite

[2011.08.16 09:47:49 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\phonostar GmbH

[2011.05.06 20:40:39 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Samsung

[2011.11.19 18:45:13 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Skype

[2011.07.16 10:53:38 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\skypePM

[2010.05.06 18:17:05 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\SparweltGutschein

[2011.11.23 23:03:00 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Systweak

[2010.04.12 09:52:19 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Tobit

[2009.01.26 14:31:57 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\TuneUp Software

[2009.03.06 19:32:32 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\vlc

[2009.05.13 19:50:38 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Vodafone

[2010.10.22 20:34:14 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\WinRAR

[2009.01.27 16:00:47 | 000,000,000 | ---D | M] -- C:\Users\Karin\AppData\Roaming\Yahoo!

 
 < %APPDATA%\*.exe /s >

[2011.10.11 17:13:08 | 006,489,448 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Karin\AppData\Roaming\elsterformular\update\ElsterFormular_update-12_3_2_6814p.exe

[2011.02.16 09:27:13 | 000,005,550 | R--- | M] () -- C:\Users\Karin\AppData\Roaming\Microsoft\Installer\{83C68799-9E25-498C-B20F-F0FEE2AF3ACC}\_6FEFF9B68218417F98F549.exe

[2011.08.16 20:29:39 | 012,340,744 | ---- | M] (                                                            ) -- C:\Users\Karin\AppData\Roaming\phonostar GmbH\Schlagerhöllen-Player\update.exe

[1 C:\Users\Karin\AppData\Roaming\phonostar GmbH\Schlagerhöllen-Player\*.tmp files -> C:\Users\Karin\AppData\Roaming\phonostar GmbH\Schlagerhöllen-Player\*.tmp -> ]

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:71FA8B7F
 

< End of report >

--- --- ---

[/code]

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (PAYBACK Toolbar Browserhilfsobjekt) - {E141F5C3-2619-4996-8AF8-AA0A9439D986} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)

O3 - HKLM\..\Toolbar: (PAYBACK Toolbar) - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (PAYBACK Toolbar) - {9613CB43-EA4C-48B5-878D-13DFE1818EFE} - C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll (PAYBACK GmbH)

O4 - HKLM..\Run: []  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell - "" = AutoRun

O33 - MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\Shell\AutoRun\command - "" = F:\VTP_Manager.exe

@Alternate Data Stream - 97 bytes -> C:\ProgramData\Temp:71FA8B7F

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.

C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll moved successfully.

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.

File C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E141F5C3-2619-4996-8AF8-AA0A9439D986}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E141F5C3-2619-4996-8AF8-AA0A9439D986}\ deleted successfully.

C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9613CB43-EA4C-48b5-878D-13DFE1818EFE} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9613CB43-EA4C-48b5-878D-13DFE1818EFE}\ deleted successfully.

File C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.

File C:\Programme\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9613CB43-EA4C-48B5-878D-13DFE1818EFE} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9613CB43-EA4C-48B5-878D-13DFE1818EFE}\ not found.

File C:\Programme\Payback\PAYBACK Toolbar\PaybackToolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

D:\AUTOEXEC.BAT moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f1c1399-3ff0-11de-ade2-002220037278}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1f1c1399-3ff0-11de-ade2-002220037278}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f1c1399-3ff0-11de-ade2-002220037278}\ not found.

File G:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30e9ac11-3fee-11de-9a8e-002220037278}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30e9ac11-3fee-11de-9a8e-002220037278}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30e9ac11-3fee-11de-9a8e-002220037278}\ not found.

File F:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c32d39c-4ae6-11de-8856-002220037278}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c32d39c-4ae6-11de-8856-002220037278}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c32d39c-4ae6-11de-8856-002220037278}\ not found.

File F:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c32d39e-4ae6-11de-8856-002220037278}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8c32d39e-4ae6-11de-8856-002220037278}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8c32d39e-4ae6-11de-8856-002220037278}\ not found.

File F:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93cf32d1-6690-11e0-ad71-002220037278}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93cf32d1-6690-11e0-ad71-002220037278}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93cf32d1-6690-11e0-ad71-002220037278}\ not found.

File F:\VTP_Manager.exe not found.

ADS C:\ProgramData\Temp:71FA8B7F deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Flash cache emptied: 41 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Hardy

->Temp folder emptied: 32312 bytes

->Java cache emptied: 242687 bytes

->Flash cache emptied: 10774 bytes

 

User: Karin

->Temp folder emptied: 346679 bytes

->Java cache emptied: 5046389 bytes

->FireFox cache emptied: 45056281 bytes

->Google Chrome cache emptied: 856432 bytes

->Apple Safari cache emptied: 4777984 bytes

->Flash cache emptied: 517 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 21348 bytes

RecycleBin emptied: 9993827 bytes

 

Total Files Cleaned = 63,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 12062011_204346
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

PS: Habe viel gelesen wegen den Registrycleanern. gerne kann ich mich davon auch trennen. Auch von Adobe PDF, etc.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

21:47:19.0817 4596        TDSS rootkit removing tool 2.6.22.0 Dec  7 2011 13:21:06

21:47:21.0821 4596        ============================================================

21:47:21.0821 4596        Current date / time: 2011/12/09 21:47:21.0821

21:47:21.0821 4596        SystemInfo:

21:47:21.0821 4596        

21:47:21.0821 4596        OS Version: 6.0.6002 ServicePack: 2.0

21:47:21.0821 4596        Product type: Workstation

21:47:21.0821 4596        ComputerName: 24-01-09-PC

21:47:21.0821 4596        UserName: Karin

21:47:21.0821 4596        Windows directory: C:\Windows

21:47:21.0821 4596        System windows directory: C:\Windows

21:47:21.0821 4596        Processor architecture: Intel x86

21:47:21.0821 4596        Number of processors: 2

21:47:21.0821 4596        Page size: 0x1000

21:47:21.0821 4596        Boot type: Normal boot

21:47:21.0821 4596        ============================================================

21:47:23.0113 4596        Initialize success

21:47:36.0038 5088        ============================================================

21:47:36.0038 5088        Scan started

21:47:36.0038 5088        Mode: Manual; SigCheck; TDLFS; 

21:47:36.0038 5088        ============================================================

21:47:36.0789 5088        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

21:47:36.0917 5088        ACPI - ok

21:47:37.0095 5088        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

21:47:37.0118 5088        adp94xx - ok

21:47:37.0166 5088        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

21:47:37.0181 5088        adpahci - ok

21:47:37.0225 5088        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

21:47:37.0237 5088        adpu160m - ok

21:47:37.0266 5088        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

21:47:37.0277 5088        adpu320 - ok

21:47:37.0348 5088        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

21:47:37.0390 5088        AFD - ok

21:47:37.0421 5088        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

21:47:37.0432 5088        agp440 - ok

21:47:37.0459 5088        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

21:47:37.0471 5088        aic78xx - ok

21:47:37.0514 5088        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

21:47:37.0526 5088        aliide - ok

21:47:37.0555 5088        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

21:47:37.0566 5088        amdagp - ok

21:47:37.0585 5088        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

21:47:37.0598 5088        amdide - ok

21:47:37.0622 5088        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

21:47:37.0649 5088        AmdK7 - ok

21:47:37.0702 5088        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

21:47:37.0729 5088        AmdK8 - ok

21:47:37.0780 5088        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

21:47:37.0796 5088        arc - ok

21:47:37.0825 5088        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

21:47:37.0836 5088        arcsas - ok

21:47:37.0864 5088        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

21:47:37.0890 5088        AsyncMac - ok

21:47:37.0954 5088        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

21:47:37.0965 5088        atapi - ok

21:47:38.0038 5088        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

21:47:38.0048 5088        avgio - ok

21:47:38.0094 5088        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys

21:47:38.0146 5088        avgntflt - ok

21:47:38.0186 5088        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys

21:47:38.0195 5088        avipbb - ok

21:47:38.0254 5088        avmaudio        (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys

21:47:38.0265 5088        avmaudio - ok

21:47:38.0289 5088        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

21:47:38.0317 5088        Beep - ok

21:47:38.0371 5088        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

21:47:38.0404 5088        blbdrive - ok

21:47:38.0476 5088        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

21:47:38.0494 5088        bowser - ok

21:47:38.0518 5088        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

21:47:38.0544 5088        BrFiltLo - ok

21:47:38.0573 5088        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

21:47:38.0597 5088        BrFiltUp - ok

21:47:38.0654 5088        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

21:47:38.0702 5088        Brserid - ok

21:47:38.0744 5088        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

21:47:38.0792 5088        BrSerWdm - ok

21:47:38.0820 5088        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

21:47:38.0867 5088        BrUsbMdm - ok

21:47:38.0885 5088        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

21:47:38.0931 5088        BrUsbSer - ok

21:47:38.0965 5088        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

21:47:39.0014 5088        BTHMODEM - ok

21:47:39.0055 5088        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

21:47:39.0091 5088        cdfs - ok

21:47:39.0162 5088        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

21:47:39.0182 5088        cdrom - ok

21:47:39.0222 5088        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

21:47:39.0246 5088        circlass - ok

21:47:39.0312 5088        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

21:47:39.0327 5088        CLFS - ok

21:47:39.0353 5088        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

21:47:39.0386 5088        CmBatt - ok

21:47:39.0404 5088        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

21:47:39.0414 5088        cmdide - ok

21:47:39.0435 5088        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

21:47:39.0445 5088        Compbatt - ok

21:47:39.0474 5088        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

21:47:39.0487 5088        crcdisk - ok

21:47:39.0520 5088        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

21:47:39.0546 5088        Crusoe - ok

21:47:39.0668 5088        DCamUSBGene     (aea1f84bff5119374450df839a9fd1ba) C:\Windows\system32\DRIVERS\usbgene.sys

21:47:39.0681 5088        DCamUSBGene - ok

21:47:39.0756 5088        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

21:47:39.0771 5088        DfsC - ok

21:47:39.0859 5088        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

21:47:39.0873 5088        disk - ok

21:47:39.0929 5088        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

21:47:39.0949 5088        drmkaud - ok

21:47:40.0012 5088        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

21:47:40.0037 5088        DXGKrnl - ok

21:47:40.0084 5088        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

21:47:40.0110 5088        E1G60 - ok

21:47:40.0177 5088        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

21:47:40.0198 5088        Ecache - ok

21:47:40.0329 5088        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

21:47:40.0349 5088        elxstor - ok

21:47:40.0386 5088        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

21:47:40.0415 5088        ErrDev - ok

21:47:40.0497 5088        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

21:47:40.0512 5088        exfat - ok

21:47:40.0575 5088        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

21:47:40.0596 5088        fastfat - ok

21:47:40.0619 5088        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

21:47:40.0644 5088        fdc - ok

21:47:40.0666 5088        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

21:47:40.0678 5088        FileInfo - ok

21:47:40.0720 5088        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

21:47:40.0744 5088        Filetrace - ok

21:47:40.0777 5088        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

21:47:40.0802 5088        flpydisk - ok

21:47:40.0875 5088        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

21:47:40.0889 5088        FltMgr - ok

21:47:40.0915 5088        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

21:47:40.0941 5088        Fs_Rec - ok

21:47:40.0978 5088        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

21:47:40.0988 5088        gagp30kx - ok

21:47:41.0049 5088        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:47:41.0059 5088        GEARAspiWDM - ok

21:47:41.0127 5088        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

21:47:41.0173 5088        HdAudAddService - ok

21:47:41.0246 5088        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:47:41.0273 5088        HDAudBus - ok

21:47:41.0308 5088        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

21:47:41.0351 5088        HidBth - ok

21:47:41.0393 5088        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

21:47:41.0436 5088        HidIr - ok

21:47:41.0552 5088        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

21:47:41.0573 5088        HidUsb - ok

21:47:41.0629 5088        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

21:47:41.0641 5088        HpCISSs - ok

21:47:41.0727 5088        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

21:47:41.0777 5088        HTTP - ok

21:47:41.0843 5088        hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys

21:47:41.0857 5088        hwdatacard - ok

21:47:41.0892 5088        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

21:47:41.0907 5088        i2omp - ok

21:47:41.0937 5088        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

21:47:41.0957 5088        i8042prt - ok

21:47:42.0001 5088        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

21:47:42.0014 5088        iaStorV - ok

21:47:42.0052 5088        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

21:47:42.0066 5088        iirsp - ok

21:47:42.0179 5088        IntcAzAudAddService (43f5535aa4d6c75a37f70fb9c561cc9b) C:\Windows\system32\drivers\RTKVHDA.sys

21:47:42.0293 5088        IntcAzAudAddService - ok

21:47:42.0335 5088        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

21:47:42.0346 5088        intelide - ok

21:47:42.0372 5088        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

21:47:42.0401 5088        intelppm - ok

21:47:42.0427 5088        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:47:42.0457 5088        IpFilterDriver - ok

21:47:42.0473 5088        IpInIp - ok

21:47:42.0508 5088        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

21:47:42.0539 5088        IPMIDRV - ok

21:47:42.0576 5088        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

21:47:42.0606 5088        IPNAT - ok

21:47:42.0628 5088        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

21:47:42.0658 5088        IRENUM - ok

21:47:42.0688 5088        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

21:47:42.0698 5088        isapnp - ok

21:47:42.0758 5088        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

21:47:42.0773 5088        iScsiPrt - ok

21:47:42.0814 5088        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

21:47:42.0824 5088        iteatapi - ok

21:47:42.0842 5088        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

21:47:42.0858 5088        iteraid - ok

21:47:42.0887 5088        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

21:47:42.0897 5088        kbdclass - ok

21:47:42.0920 5088        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

21:47:42.0945 5088        kbdhid - ok

21:47:43.0030 5088        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

21:47:43.0053 5088        KSecDD - ok

21:47:43.0094 5088        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

21:47:43.0126 5088        lltdio - ok

21:47:43.0171 5088        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

21:47:43.0182 5088        LSI_FC - ok

21:47:43.0221 5088        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

21:47:43.0234 5088        LSI_SAS - ok

21:47:43.0258 5088        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

21:47:43.0269 5088        LSI_SCSI - ok

21:47:43.0294 5088        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

21:47:43.0319 5088        luafv - ok

21:47:43.0394 5088        MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys

21:47:43.0404 5088        MBAMProtector - ok

21:47:43.0461 5088        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

21:47:43.0471 5088        megasas - ok

21:47:43.0502 5088        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

21:47:43.0529 5088        MegaSR - ok

21:47:43.0557 5088        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

21:47:43.0582 5088        Modem - ok

21:47:43.0616 5088        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

21:47:43.0641 5088        monitor - ok

21:47:43.0666 5088        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

21:47:43.0677 5088        mouclass - ok

21:47:43.0704 5088        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

21:47:43.0733 5088        mouhid - ok

21:47:43.0771 5088        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

21:47:43.0782 5088        MountMgr - ok

21:47:43.0815 5088        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

21:47:43.0826 5088        mpio - ok

21:47:43.0851 5088        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

21:47:43.0878 5088        mpsdrv - ok

21:47:43.0924 5088        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

21:47:43.0937 5088        Mraid35x - ok

21:47:43.0998 5088        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

21:47:44.0027 5088        MRxDAV - ok

21:47:44.0097 5088        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:47:44.0116 5088        mrxsmb - ok

21:47:44.0191 5088        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:47:44.0206 5088        mrxsmb10 - ok

21:47:44.0229 5088        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:47:44.0245 5088        mrxsmb20 - ok

21:47:44.0313 5088        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys

21:47:44.0324 5088        msahci - ok

21:47:44.0361 5088        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

21:47:44.0376 5088        msdsm - ok

21:47:44.0399 5088        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

21:47:44.0426 5088        Msfs - ok

21:47:44.0448 5088        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

21:47:44.0461 5088        msisadrv - ok

21:47:44.0492 5088        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

21:47:44.0516 5088        MSKSSRV - ok

21:47:44.0552 5088        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

21:47:44.0576 5088        MSPCLOCK - ok

21:47:44.0605 5088        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

21:47:44.0630 5088        MSPQM - ok

21:47:44.0697 5088        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

21:47:44.0721 5088        MsRPC - ok

21:47:44.0750 5088        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

21:47:44.0760 5088        mssmbios - ok

21:47:44.0784 5088        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

21:47:44.0810 5088        MSTEE - ok

21:47:44.0837 5088        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

21:47:44.0853 5088        Mup - ok

21:47:44.0925 5088        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

21:47:44.0941 5088        NativeWifiP - ok

21:47:44.0973 5088        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

21:47:45.0021 5088        NDIS - ok

21:47:45.0063 5088        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

21:47:45.0084 5088        NdisTapi - ok

21:47:45.0133 5088        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

21:47:45.0160 5088        Ndisuio - ok

21:47:45.0233 5088        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

21:47:45.0260 5088        NdisWan - ok

21:47:45.0285 5088        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

21:47:45.0310 5088        NDProxy - ok

21:47:45.0335 5088        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

21:47:45.0370 5088        NetBIOS - ok

21:47:45.0447 5088        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

21:47:45.0469 5088        netbt - ok

21:47:45.0532 5088        netr28          (a0eabf18be01b173648959eba042c7f1) C:\Windows\system32\DRIVERS\netr28.sys

21:47:45.0554 5088        netr28 - ok

21:47:45.0590 5088        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

21:47:45.0600 5088        nfrd960 - ok

21:47:45.0695 5088        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

21:47:45.0714 5088        Npfs - ok

21:47:45.0731 5088        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

21:47:45.0761 5088        nsiproxy - ok

21:47:45.0850 5088        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

21:47:45.0913 5088        Ntfs - ok

21:47:45.0945 5088        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

21:47:45.0997 5088        ntrigdigi - ok

21:47:46.0025 5088        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

21:47:46.0059 5088        Null - ok

21:47:46.0278 5088        nvlddmkm        (cd10cf6c0200a6fe2f9ed9747ba123a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:47:46.0563 5088        nvlddmkm - ok

21:47:46.0603 5088        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

21:47:46.0617 5088        nvraid - ok

21:47:46.0657 5088        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

21:47:46.0674 5088        nvstor - ok

21:47:46.0734 5088        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

21:47:46.0763 5088        nv_agp - ok

21:47:46.0776 5088        NwlnkFlt - ok

21:47:46.0796 5088        NwlnkFwd - ok

21:47:46.0870 5088        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

21:47:46.0945 5088        ohci1394 - ok

21:47:46.0997 5088        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

21:47:47.0047 5088        Parport - ok

21:47:47.0252 5088        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

21:47:47.0298 5088        partmgr - ok

21:47:47.0421 5088        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

21:47:47.0478 5088        Parvdm - ok

21:47:47.0504 5088        pccsmcfd - ok

21:47:47.0601 5088        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

21:47:47.0614 5088        pci - ok

21:47:47.0703 5088        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

21:47:47.0715 5088        pciide - ok

21:47:47.0767 5088        pcmcia          (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

21:47:47.0780 5088        pcmcia - ok

21:47:47.0844 5088        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

21:47:47.0944 5088        PEAUTH - ok

21:47:48.0048 5088        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

21:47:48.0074 5088        PptpMiniport - ok

21:47:48.0117 5088        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

21:47:48.0146 5088        Processor - ok

21:47:48.0184 5088        Profos - ok

21:47:48.0543 5088        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

21:47:48.0576 5088        PSched - ok

21:47:48.0869 5088        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

21:47:48.0981 5088        ql2300 - ok

21:47:49.0303 5088        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

21:47:49.0319 5088        ql40xx - ok

21:47:49.0857 5088        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

21:47:49.0887 5088        QWAVEdrv - ok

21:47:49.0923 5088        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

21:47:49.0976 5088        RasAcd - ok

21:47:50.0008 5088        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:47:50.0038 5088        Rasl2tp - ok

21:47:50.0132 5088        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

21:47:50.0153 5088        RasPppoe - ok

21:47:50.0696 5088        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

21:47:50.0721 5088        RasSstp - ok

21:47:50.0893 5088        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

21:47:50.0930 5088        rdbss - ok

21:47:50.0956 5088        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:47:51.0001 5088        RDPCDD - ok

21:47:51.0050 5088        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

21:47:51.0096 5088        rdpdr - ok

21:47:51.0110 5088        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

21:47:51.0157 5088        RDPENCDD - ok

21:47:51.0220 5088        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

21:47:51.0253 5088        RDPWD - ok

21:47:51.0307 5088        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

21:47:51.0335 5088        rspndr - ok

21:47:51.0370 5088        RTL8169         (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys

21:47:51.0413 5088        RTL8169 - ok

21:47:51.0443 5088        RTSTOR          (4aa946a1af9759139719f311cd009578) C:\Windows\system32\drivers\RTSTOR.SYS

21:47:51.0470 5088        RTSTOR - ok

21:47:51.0512 5088        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

21:47:51.0522 5088        sbp2port - ok

21:47:51.0582 5088        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

21:47:51.0629 5088        secdrv - ok

21:47:51.0662 5088        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

21:47:51.0713 5088        Serenum - ok

21:47:51.0747 5088        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

21:47:51.0795 5088        Serial - ok

21:47:51.0825 5088        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

21:47:51.0854 5088        sermouse - ok

21:47:51.0904 5088        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

21:47:51.0924 5088        sffdisk - ok

21:47:51.0950 5088        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

21:47:51.0978 5088        sffp_mmc - ok

21:47:52.0010 5088        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

21:47:52.0044 5088        sffp_sd - ok

21:47:52.0075 5088        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

21:47:52.0135 5088        sfloppy - ok

21:47:52.0174 5088        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

21:47:52.0187 5088        sisagp - ok

21:47:52.0228 5088        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

21:47:52.0244 5088        SiSRaid2 - ok

21:47:52.0276 5088        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

21:47:52.0289 5088        SiSRaid4 - ok

21:47:52.0365 5088        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

21:47:52.0387 5088        Smb - ok

21:47:52.0476 5088        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

21:47:52.0486 5088        spldr - ok

21:47:52.0547 5088        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

21:47:52.0574 5088        srv - ok

21:47:52.0616 5088        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

21:47:52.0662 5088        srv2 - ok

21:47:52.0723 5088        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

21:47:52.0738 5088        srvnet - ok

21:47:52.0785 5088        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

21:47:52.0793 5088        ssmdrv - ok

21:47:52.0840 5088        ssm_bus         (df5c19f053eff7f8ba25d73aea899656) C:\Windows\system32\DRIVERS\ssm_bus.sys

21:47:52.0858 5088        ssm_bus - ok

21:47:52.0891 5088        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

21:47:52.0907 5088        swenum - ok

21:47:52.0947 5088        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

21:47:52.0957 5088        Symc8xx - ok

21:47:53.0001 5088        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

21:47:53.0011 5088        Sym_hi - ok

21:47:53.0040 5088        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

21:47:53.0054 5088        Sym_u3 - ok

21:47:53.0103 5088        SynTP           (be78198c69135ef1fa157e08fd5c90ff) C:\Windows\system32\DRIVERS\SynTP.sys

21:47:53.0114 5088        SynTP - ok

21:47:53.0194 5088        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

21:47:53.0251 5088        Tcpip - ok

21:47:53.0306 5088        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

21:47:53.0356 5088        Tcpip6 - ok

21:47:53.0415 5088        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

21:47:53.0442 5088        tcpipreg - ok

21:47:53.0485 5088        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

21:47:53.0510 5088        TDPIPE - ok

21:47:53.0544 5088        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

21:47:53.0571 5088        TDTCP - ok

21:47:53.0630 5088        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

21:47:53.0652 5088        tdx - ok

21:47:53.0796 5088        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

21:47:53.0812 5088        TermDD - ok

21:47:53.0872 5088        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:47:53.0904 5088        tssecsrv - ok

21:47:53.0982 5088        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

21:47:53.0996 5088        TuneUpUtilitiesDrv - ok

21:47:54.0027 5088        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

21:47:54.0064 5088        tunmp - ok

21:47:54.0103 5088        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

21:47:54.0118 5088        tunnel - ok

21:47:54.0149 5088        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

21:47:54.0160 5088        uagp35 - ok

21:47:54.0216 5088        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

21:47:54.0239 5088        udfs - ok

21:47:54.0297 5088        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

21:47:54.0308 5088        uliagpkx - ok

21:47:54.0351 5088        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

21:47:54.0365 5088        uliahci - ok

21:47:54.0400 5088        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

21:47:54.0412 5088        UlSata - ok

21:47:54.0445 5088        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

21:47:54.0456 5088        ulsata2 - ok

21:47:54.0502 5088        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

21:47:54.0532 5088        umbus - ok

21:47:54.0556 5088        upperdev - ok

21:47:54.0623 5088        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

21:47:54.0658 5088        USBAAPL - ok

21:47:54.0721 5088        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

21:47:54.0754 5088        usbccgp - ok

21:47:54.0784 5088        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

21:47:54.0845 5088        usbcir - ok

21:47:54.0913 5088        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

21:47:54.0933 5088        usbehci - ok

21:47:54.0970 5088        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

21:47:55.0003 5088        usbhub - ok

21:47:55.0045 5088        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

21:47:55.0092 5088        usbohci - ok

21:47:55.0151 5088        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

21:47:55.0180 5088        usbprint - ok

21:47:55.0225 5088        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:47:55.0253 5088        USBSTOR - ok

21:47:55.0295 5088        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

21:47:55.0317 5088        usbuhci - ok

21:47:55.0326 5088        uxddrv - ok

21:47:55.0374 5088        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

21:47:55.0403 5088        vga - ok

21:47:55.0440 5088        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

21:47:55.0468 5088        VgaSave - ok

21:47:55.0497 5088        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

21:47:55.0508 5088        viaagp - ok

21:47:55.0548 5088        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

21:47:55.0573 5088        ViaC7 - ok

21:47:55.0606 5088        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

21:47:55.0617 5088        viaide - ok

21:47:55.0641 5088        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

21:47:55.0652 5088        volmgr - ok

21:47:55.0732 5088        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

21:47:55.0751 5088        volmgrx - ok

21:47:55.0828 5088        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

21:47:55.0846 5088        volsnap - ok

21:47:55.0881 5088        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

21:47:55.0897 5088        vsmraid - ok

21:47:55.0943 5088        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

21:47:55.0987 5088        WacomPen - ok

21:47:56.0015 5088        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:47:56.0044 5088        Wanarp - ok

21:47:56.0051 5088        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:47:56.0071 5088        Wanarpv6 - ok

21:47:56.0103 5088        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

21:47:56.0114 5088        Wd - ok

21:47:56.0154 5088        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

21:47:56.0177 5088        Wdf01000 - ok

21:47:56.0294 5088        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

21:47:56.0317 5088        WmiAcpi - ok

21:47:56.0391 5088        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

21:47:56.0404 5088        WpdUsb - ok

21:47:56.0435 5088        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

21:47:56.0469 5088        ws2ifsl - ok

21:47:56.0512 5088        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:47:56.0543 5088        WUDFRd - ok

21:47:56.0660 5088        {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\HomeCinema\PlayMovie\000.fcl

21:47:56.0672 5088        {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok

21:47:56.0737 5088        {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD8\000.fcl

21:47:56.0748 5088        {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok

21:47:56.0776 5088        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

21:47:56.0893 5088        \Device\Harddisk0\DR0 - ok

21:47:56.0897 5088        Boot (0x1200)   (f2a7f679bdfe6896d0c41aabe5ad6574) \Device\Harddisk0\DR0\Partition0

21:47:56.0899 5088        \Device\Harddisk0\DR0\Partition0 - ok

21:47:56.0922 5088        Boot (0x1200)   (236600d6496174a9f1b634cc8041c2d6) \Device\Harddisk0\DR0\Partition1

21:47:56.0922 5088        \Device\Harddisk0\DR0\Partition1 - ok

21:47:56.0924 5088        ============================================================

21:47:56.0924 5088        Scan finished

21:47:56.0924 5088        ============================================================

21:47:56.0941 4792        Detected object count: 0

21:47:56.0941 4792        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 11-12-10.01 - Karin 11.12.2011  15:41:14.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1762 [GMT 1:00]

ausgeführt von:: c:\users\Karin\Desktop\ComboFix.exe

SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Karin\bass.dll

c:\users\Karin\EULA.txt

c:\users\Karin\Unwise.exe

c:\windows\IsUn0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-11 bis 2011-12-11  ))))))))))))))))))))))))))))))

.

.

2011-12-11 14:49 . 2011-12-11 14:49        --------        d-----w-        c:\users\Karin\AppData\Local\temp

2011-12-11 14:49 . 2011-12-11 14:49        --------        d-----w-        c:\users\Hardy\AppData\Local\temp

2011-12-11 14:49 . 2011-12-11 14:49        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-12-09 20:20 . 2011-11-21 10:47        6823496        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{844B71AF-9DD9-49CD-8941-43B5DA35F9A2}\mpengine.dll        ERROR(0x00000005)

2011-12-06 19:43 . 2011-12-06 19:43        --------        d-----w-        C:\_OTL

2011-12-01 20:14 . 2011-12-01 20:15        --------        d-----w-        c:\users\Karin\AppData\Local\FreePDF_XP

2011-12-01 20:11 . 2010-06-17 20:56        45056        ----a-w-        c:\windows\system32\unredmon.exe

2011-12-01 20:11 . 2010-06-17 20:56        116224        ----a-w-        c:\windows\system32\redmonnt.dll

2011-12-01 20:10 . 2011-12-01 20:10        --------        d-----w-        c:\users\Karin\AppData\Roaming\FreePDF

2011-12-01 20:10 . 2011-12-01 20:10        --------        d-----w-        c:\program files\FreePDF_XP

2011-12-01 20:10 . 2011-12-01 20:10        --------        d-----w-        c:\program files\gs

2011-12-01 18:05 . 2011-12-01 18:05        --------        d-----w-        c:\users\Karin\AppData\Local\Mozilla

2011-12-01 17:34 . 2011-12-01 17:34        --------        d-----w-        c:\program files\TeamViewer

2011-11-29 09:14 . 2011-11-29 09:14        --------        d-----w-        c:\program files\ESET

2011-11-29 08:50 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-11-29 08:50 . 2011-11-29 08:50        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-11-23 22:02 . 2011-11-23 22:07        1660        ----a-w-        c:\windows\system32\ASOROSet.bin

2011-11-23 21:35 . 2011-11-23 22:03        --------        d-----w-        c:\users\Karin\AppData\Roaming\Systweak

2011-11-23 21:35 . 2011-07-07 12:26        17280        ----a-w-        c:\windows\system32\roboot.exe

2011-11-23 19:30 . 2011-11-23 19:30        --------        d-----w-        c:\users\Karin\AppData\Roaming\Malwarebytes

2011-11-20 18:20 . 2011-11-20 18:20        --------        d-----w-        c:\users\Karin\Payback

2011-11-20 16:19 . 2000-01-14 16:17        45328        ----a-w-        c:\program files\Common Files\Microsoft Shared\Replication Manager 4.0\mstran40.exe

2011-11-20 16:19 . 2000-07-14 18:02        74000        ----a-w-        c:\program files\Common Files\Microsoft Shared\Replication Manager 4.0\msrpfs40.dll

2011-11-20 16:19 . 2000-01-14 16:22        37136        ----a-w-        c:\program files\Common Files\Microsoft Shared\Replication Manager 4.0\mstrai40.exe

2011-11-20 16:17 . 2011-11-20 16:17        --------        d-----w-        c:\program files\Business Objects

2011-11-20 16:17 . 2011-11-20 16:17        --------        d-----w-        c:\program files\Common Files\StarFinanz

2011-11-20 16:17 . 2011-12-05 17:27        --------        d-----w-        c:\program files\StarMoney 7.0

2011-11-19 18:07 . 2011-11-19 18:07        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2011-11-19 18:07 . 2011-11-19 18:07        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2011-11-19 18:07 . 2011-11-19 18:07        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2011-11-19 18:07 . 2011-11-19 18:07        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2011-11-19 18:07 . 2011-11-19 18:07        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2011-11-19 18:07 . 2011-11-19 18:07        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2011-11-19 18:07 . 2011-11-19 18:07        159744        ----a-w-        c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2011-11-19 18:06 . 2011-11-19 18:07        --------        d-----w-        c:\program files\QuickTime

2011-11-19 17:45 . 2011-11-19 17:45        --------        d-----w-        c:\program files\iPod

2011-11-19 17:45 . 2011-11-19 17:46        --------        d-----w-        c:\program files\iTunes

2011-11-19 17:08 . 2011-11-19 17:08        --------        d-----w-        c:\program files\Bonjour

2011-11-19 16:04 . 2011-11-15 07:53        21312        ----a-w-        c:\windows\system32\authuitu.dll

2011-11-19 16:04 . 2011-11-15 07:52        30016        ----a-w-        c:\windows\system32\uxtuneup.dll

2011-11-19 15:14 . 2011-10-17 11:41        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2011-11-19 15:06 . 2011-09-20 21:02        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-11-19 15:04 . 2011-09-30 15:57        707584        ----a-w-        c:\program files\Common Files\System\wab32.dll

2011-11-16 11:37 . 2011-11-16 11:37        --------        d-----w-        C:\MQAReport_q

2011-11-16 09:19 . 2011-11-16 09:19        --------        d-----w-        c:\program files\Common Files\CyberLink

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-21 10:47 . 2008-12-09 10:25        6823496        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll        ERROR(0x00000005)

2011-11-19 16:57 . 2011-06-21 08:14        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-16 09:18 . 2008-12-09 07:05        29480        ----a-w-        c:\windows\system32\msxml3a.dll

2011-11-15 07:56 . 2010-03-31 15:00        30528        ----a-w-        c:\windows\system32\TURegOpt.exe

2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx

2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\system32\QuickTime.qts

2011-10-03 04:06 . 2010-12-07 12:18        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-09-24 09:42 . 2011-09-24 09:42        161792        ----a-w-        c:\windows\system32\msls31.dll

2011-09-24 09:42 . 2011-09-24 09:42        76800        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe

2011-09-24 09:42 . 2011-09-24 09:42        74752        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe

2011-09-24 09:42 . 2011-09-24 09:42        48640        ----a-w-        c:\windows\system32\mshtmler.dll

2011-09-24 09:42 . 2011-09-24 09:42        86528        ----a-w-        c:\windows\system32\iesysprep.dll

2011-09-24 09:42 . 2011-09-24 09:42        63488        ----a-w-        c:\windows\system32\tdc.ocx

2011-09-24 09:42 . 2011-09-24 09:42        367104        ----a-w-        c:\windows\system32\html.iec

2011-09-24 09:42 . 2011-09-24 09:42        74752        ----a-w-        c:\windows\system32\iesetup.dll

2011-09-24 09:42 . 2011-09-24 09:42        420864        ----a-w-        c:\windows\system32\vbscript.dll

2011-09-24 09:42 . 2011-09-24 09:42        23552        ----a-w-        c:\windows\system32\licmgr10.dll

2011-09-24 09:42 . 2011-09-24 09:42        152064        ----a-w-        c:\windows\system32\wextract.exe

2011-09-24 09:42 . 2011-09-24 09:42        150528        ----a-w-        c:\windows\system32\iexpress.exe

2011-09-24 09:42 . 2011-09-24 09:42        1427456        ----a-w-        c:\windows\system32\inetcpl.cpl

2011-09-24 09:42 . 2011-09-24 09:42        35840        ----a-w-        c:\windows\system32\imgutil.dll

2011-09-24 09:42 . 2011-09-24 09:42        142848        ----a-w-        c:\windows\system32\ieUnatt.exe

2011-09-24 09:42 . 2011-09-24 09:42        11776        ----a-w-        c:\windows\system32\mshta.exe

2011-09-24 09:42 . 2011-09-24 09:42        110592        ----a-w-        c:\windows\system32\IEAdvpack.dll

2011-09-24 09:42 . 2011-09-24 09:42        101888        ----a-w-        c:\windows\system32\admparse.dll

2011-11-21 04:21 . 2011-12-01 18:05        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]

2011-03-18 12:50        154728        ----a-w-        c:\programdata\1und1InternetExplorerAddon\BHOXML.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-11-25 6691360]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-29 13560352]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-29 92704]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]

"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1328424]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-11-25 1833504]

"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2011-02-23 371200]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

"rfxsrvtray"="c:\program files\Tobit Radio.fx\Client\rfx-tray.exe"

"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"PlayMovie"="c:\program files\HomeCinema\PlayMovie\PMVService.exe"

"Google EULA Launcher"=c:\program files\Google\Google EULA\GoogleEULALauncher.exe GE

"BDRegion"=c:\program files\Cyberlink\Shared Files\brs.exe

"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

"OrderReminder"=c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

"Skytel"=c:\program files\Realtek\Audio\HDA\Skytel.exe

"sclauncher"=c:\program files\SimpleCenter\bin\win\sclauncher.exe

"UpdatePDRShortCut"="c:\program files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files\HomeCinema\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"

"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.exe"

"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe"

"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate1c9a4796d5c8be2;Google Update Service (gupdate1c9a4796d5c8be2);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 133104]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 133104]

R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]

R3 uxddrv;Dynamically loaded UxdDrv;f:\mqa_nb_ quick\uxddrv86.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2010/03/06 17:11];c:\program files\HomeCinema\PlayMovie\000.fcl [2009-09-14 11:39 87536]

S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/11/16 10:19];c:\program files\CyberLink\PowerDVD8\000.fcl [2009-08-28 17:36 87536]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-04 136360]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 Radio.fx;Radio.fx Server;c:\program files\Tobit Radio.fx\Server\rfx-server.exe [2011-11-18 3673944]

S2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]

S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2011-11-15 1052480]

S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [2011-08-11 101248]

S3 DCamUSBGene;Genesys Logic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2008-10-02 175360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]

S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2008-09-25 436224]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-03-23 10064]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

UxTuneUp

.

Inhalt des "geplante Tasks" Ordners

.

2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 07:49]

.

2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-14 07:49]

.

2011-12-11 c:\windows\Tasks\User_Feed_Synchronization-{86E5CCA8-6AC9-493A-B5A9-4366879E2D22}.job

- c:\windows\system32\msfeedssync.exe [2011-09-24 09:42]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.msn.de/

IE: Free YouTube to MP3 Converter - c:\users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4

IE: {{4840E489-677C-4a08-A1B5-FFAF5196531E} - {9613CB43-EA4C-48b5-878D-13DFE1818EFE} -

TCP: DhcpNameServer = 192.168.178.1

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\q7557nvl.default\

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{C424171E-592A-415A-9EB1-DFD6D95D3530} - (no file)

HKU-Default-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-12-11 15:49

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\HomeCinema\PlayMovie\000.fcl"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2011-12-11  15:52:11

ComboFix-quarantined-files.txt  2011-12-11 14:51

.

Vor Suchlauf: 17 Verzeichnis(se), 201.078.042.624 Bytes frei

Nach Suchlauf: 21 Verzeichnis(se), 201.010.606.080 Bytes frei

.

- - End Of File - - B70555340216F33EC714FE808964BC32

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

[code]
GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2011-12-13 20:58:49

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD3200BEVT-22ZCT0 rev.11.01A11

Running: rrcpedb8.exe; Driver: C:\Users\Karin\AppData\Local\Temp\pwldykog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8C16B0F6                                                                                              ZwCreateSection

SSDT            8C16B0FB                                                                                              ZwSetContextThread

SSDT            8C16B097                                                                                              ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                         820E2998 4 Bytes  [F6, B0, 16, 8C]

.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                         820E2CF0 4 Bytes  [FB, B0, 16, 8C]

.text           ntkrnlpa.exe!KeSetEvent + 621                                                                         820E2DA4 4 Bytes  [97, B0, 16, 8C]

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                              section is writeable [0x8E600320, 0x3F7257, 0xE8000020]

.text           C:\Program Files\HomeCinema\PlayMovie\000.fcl                                                         section is writeable [0x9D902000, 0x2892, 0xE8000020]

.vmp2           C:\Program Files\HomeCinema\PlayMovie\000.fcl                                                         entry point in ".vmp2" section [0x9D925050]

.text           C:\Program Files\CyberLink\PowerDVD8\000.fcl                                                          section is writeable [0x9D902000, 0x2892, 0xE8000020]

.vmp2           C:\Program Files\CyberLink\PowerDVD8\000.fcl                                                          entry point in ".vmp2" section [0x9D925050]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Windows\Explorer.EXE[808] SHELL32.dll!SHCoCreateInstance + 657                                     76A21B20 8 Bytes  [E0, 10, 60, 19, 00, 11, 60, ...] {LOOPNZ 0x12; PUSHA ; SBB [EAX], EAX; ADC [EAX+0x19], ESP}

.text           C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe[2608] kernel32.dll!SetUnhandledExceptionFilter  764CA8C5 5 Bytes  JMP 00641870 C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                  [74767817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                   [747BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]               [7476BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]         [7475F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                   [747675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                [7475E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]    [74798395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]       [7476DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]               [7475FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                [7475FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                 [747571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]         [747ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]            [7478C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]               [7475D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                         [74756853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                        [7475687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[808] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]           [74762AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                               Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:19:33 on 13.12.2011
 

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\Users\Karin\AppData\Local\Temp\catchme.sys  (File not found)

"Dynamically loaded UxdDrv" (uxddrv) - ? - F:\MQA_NB_ Quick\uxddrv86.sys  (File not found)

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\Windows\System32\DRIVERS\pccsmcfd.sys  (File not found)

"Profos" (Profos) - ? - C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys  (File not found)

"pwldykog" (pwldykog) - ? - C:\Users\Karin\AppData\Local\Temp\pwldykog.sys  (Hidden registry entry, rootkit activity | File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys

"upperdev" (upperdev) - ? - C:\Windows\System32\DRIVERS\usbser_lowerflt.sys  (File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\OFFICE11\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\OFFICE11\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll

{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll

{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} "Zylom Games Player" - "Zylom Games" - C:\Windows\Downloaded Program Files\zylomgamesplayer.dll / hxxp://game.zylom.com/activex/zylomgamesplayer.cab

{80AEEC0E-A2BE-4B8D-985F-350FE869DC40} "{80AEEC0E-A2BE-4B8D-985F-350FE869DC40}" - ? -   (File not found | COM-object registry key not found) / hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

{9613CB43-EA4C-48b5-878D-13DFE1818EFE} "PAYBACK Toolbar" - ? -   (File not found | COM-object registry key not found)

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{17166733-40EA-4432-A85C-AE672FF0E236} "WEB.DE Konfiguration" - "1&1 Mail & Media GmbH" - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Karin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared Files\brs.exe

"FreePDF Assistant" - "shbox.de" - "C:\Program Files\FreePDF_XP\fpassist.exe"

"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"

"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

"OrderReminder" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll

"HPLJ1018LM" - "Zenographics, Inc." - C:\Windows\system32\ZLhp1018.DLL

"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll

"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll

"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe

"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

"Google Update Service (gupdate1c9a4796d5c8be2)" (gupdate1c9a4796d5c8be2) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe

"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe

"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe

"Radio.fx Server" (Radio.fx) - ? - C:\Program Files\Tobit Radio.fx\Server\rfx-server.exe

"StarMoney 7.0 OnlineUpdate" (StarMoney 7.0 OnlineUpdate) - "Star Finanz - Software Entwicklung und Vertriebs GmbH" - C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe

"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe

"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

"Windows Live Setup Service" (WLSetupSvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-12-14 19:07:55

-----------------------------

19:07:55.251    OS Version: Windows 6.0.6002 Service Pack 2

19:07:55.252    Number of processors: 2 586 0xF0D

19:07:55.253    ComputerName: 24-01-09-PC  UserName: Karin

19:07:57.184    Initialize success

19:08:08.492    AVAST engine defs: 11121302

19:13:30.339    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4

19:13:30.342    Disk 0 Vendor: WDC_WD3200BEVT-22ZCT0 11.01A11 Size: 305245MB BusType: 3

19:13:32.364    Disk 0 MBR read successfully

19:13:32.367    Disk 0 MBR scan

19:13:32.372    Disk 0 Windows VISTA default MBR code

19:13:32.377    Disk 0 scanning sectors +625139712

19:13:32.553    Disk 0 scanning C:\Windows\system32\drivers

19:13:44.519    Service scanning

19:13:45.977    Modules scanning

19:14:02.965    Disk 0 trace - called modules:

19:14:03.018    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys 

19:14:03.021    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85efe870]

19:14:03.025    3 CLASSPNP.SYS[8a39d8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x857248a0]

19:14:04.684    AVAST engine scan C:\Windows

19:14:10.588    AVAST engine scan C:\Windows\system32

19:16:46.894    AVAST engine scan C:\Windows\system32\drivers

19:17:01.103    AVAST engine scan C:\Users\Karin

19:31:11.941    AVAST engine scan C:\ProgramData

19:33:49.607    Scan finished successfully

19:50:20.829    Disk 0 MBR has been saved successfully to "C:\Users\Karin\Documents\MBR.dat"

19:50:20.834    The log file has been saved successfully to "C:\Users\Karin\Documents\aswMBR.txt"

19:51:30.781    Disk 0 MBR has been saved successfully to "C:\Users\Karin\Desktop\MBR.dat"

19:51:30.859    The log file has been saved successfully to "C:\Users\Karin\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset