Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   csrss.exe & .tmp-Dateien in AppData/... (Google Suche entführt, Proxy verändert) (https://www.trojaner-board.de/107641-csrss-exe-tmp-dateien-appdata-google-suche-entfuehrt-proxy-veraendert.html)

KennyRie 05.01.2012 22:29
csrss.exe & .tmp-Dateien in AppData/... (Google Suche entführt, Proxy verändert)
 
Hallo zusammen,

kurz vor Weihnachten hat es mich leider erwischt, beim Besuchen einer Homepage über einen Link aus einer E-Mail (Flash-Seite, irishpubcentro.com) schlug der Windows Defender Alarm, eine Datei bat um Internetzugriff und dann war es passiert.

Vorweg: Ich habe mich anlässlich der Vorfalls entschieden, mir ein neues System zusammenzustellen und dementsprechen neu aufzusetzen. Das heißt die Festplatte kann/soll formatiert werden, jedoch müssen vorher noch einige Daten vom infizierten System gesichert werden und zwar so dass kein Mist mit ins neue System gebracht wird. Daher habe ich seit dem Befall auch keine ext. Festplatten / USB-Sticks an den Rechner angeschlossen.

Die Symptome die sich durch den Virus / Trojaner äußerten:
  • Es werden (gelegentlich) neue .tmp / .exe Dateien in einem "AppData"-Unterordner erstellt
  • Diese Dateien versuchten teilweise eine Verbindung mit dem Internet herzustellen
  • Diese Dateien tauchten auch gelegentlich als Prozess im Task-Manager auf, diese konnten (mit Ausnahme der csrss.exe) terminiert werden.
  • Neue Datei 6BA.exe (mittlerweile gelöscht) im Systemstart der msconfig
  • Windows Defender Dienst gelöscht
  • So lange die oben genannten Prozesse liefen, wurden Google-Suchen entführt (IE und FF)
  • Proxy-Einstellungen verändert
  • Veränderungen an der Firefox.exe, so dass der lokale Proxy auch geändert wird
Nach dem die AntiVir Definitionen den Virus Anfangs auch noch nicht kannten, (damals keine Detektion bei VirusTotal) haben diese die Dateien mittlerweile auch erkannt (darunter u.a. BDS/Cycbot.G.233, BDS/Cycbot.byma, TR/Dldr.Dofoil.32 und teilweise in Quarantäne gebracht / gelöscht.

Jetzt besteht noch folgendes Problem:
  • Unter AppData/Roaming wird die Datei csrss.exe erkannt
  • Dieser Prozess kann im Tash-Manager auch nicht beendet werden, da er (angeblich) ein Systemprozess ist, er läuft also nach wie vor
Im Anhang befindet sich ebenfalls das aktuelle Ergebnis von VirusTotal zu dieser Datei.

Was ist nun als nächstes zu tun? Leider weiß man bei so Trojanern / Viren ja nie so ganz ob das Zeug jetzt los ist oder nicht und ich möchte mir nichts mit ins neue System schleppen.

Vielen Dank schonmal für eure Hilfe!!

Weitere Informationen:
BS: Windows 7 Professional 64Bit
AV: AntiVir Free Antivirus
FW: Windows 7 Firewall Control
System-Festplatte komplett durch TrueCrypt verschlüsselt

Code:
OTL logfile created on: 05.01.2012 21:09:08 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 59,94% Memory free
4,00 Gb Paging File | 2,81 Gb Available in Paging File | 70,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 160,06 Gb Total Space | 37,94 Gb Free Space | 23,70% Space Free | Partition Type: NTFS
Drive D: | 436,01 Gb Total Space | 324,78 Gb Free Space | 74,49% Space Free | Partition Type: NTFS
Drive H: | 259,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: KONTROLLZENTRUM | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2012.01.05 20:45:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.09 12:39:54 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.04 08:53:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2011.03.04 02:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010.03.18 18:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
PRC - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.11.03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.03 05:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.29 15:43:12 | 000,545,792 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2008.04.24 12:41:06 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2007.11.08 00:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.04 08:53:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2011.03.04 02:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.04.27 08:53:52 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010.01.10 18:21:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.15 18:09:38 | 000,601,088 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE -- (HauppaugeTVServer)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 12:40:20 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 02:25:20 | 004,183,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere AF(UVC)
DRV:64bit: - [2011.03.04 02:23:54 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.18 19:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010.03.18 19:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010.03.18 19:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010.03.18 19:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.03.18 19:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.03.18 19:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.03.18 19:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.03.18 19:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.03.18 19:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.03.18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010.03.18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010.03.18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010.03.18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010.03.18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010.03.18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010.03.18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010.03.18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2010.03.03 05:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.03.03 05:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.03 04:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.01 22:15:24 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.01.28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.02 20:14:29 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.06 14:33:50 | 000,019,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc)
DRV:64bit: - [2009.07.06 14:32:36 | 000,658,432 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda)
DRV:64bit: - [2009.06.17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 17:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.10 11:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2009.06.10 11:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008.03.18 15:09:28 | 000,128,512 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2008.02.11 15:57:10 | 000,070,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2007.08.06 13:32:42 | 000,314,880 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2007.07.23 14:13:06 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2007.06.29 13:05:42 | 000,053,632 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2007.06.29 13:05:42 | 000,018,688 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2007.05.01 16:10:48 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0255.sys -- (SaiH0255)
DRV:64bit: - [2007.04.10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007.04.10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007.04.10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007.04.10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007.04.10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007.04.10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007.04.10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.01.01 20:40:04 | 000,222,160 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F A5 1B 35 72 BF CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52929
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.8
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.9.35
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.19
FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.01.110527
FF - prefs.js..extensions.enabledItems: rikaichan-jpde@polarcloud.com:2.01.110527
FF - prefs.js..extensions.enabledItems: rikaichan-jpnames@polarcloud.com:2.01.110527
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52929
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.26 21:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.14 00:07:25 | 000,000,000 | ---D | M]
 
[2010.01.01 21:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.01.05 14:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions
[2011.12.09 02:44:07 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.10.22 12:51:35 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2011.12.21 22:45:50 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.01.02 10:30:41 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011.12.26 01:12:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.11 19:10:42 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011.09.05 01:35:44 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\rikaichan-jpde@polarcloud.com
[2011.09.05 01:35:47 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\rikaichan-jpen@polarcloud.com
[2011.09.05 01:35:41 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\rikaichan-jpnames@polarcloud.com
[2011.08.26 21:27:37 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\youtube2mp3@mondayx.de
[2011.12.26 21:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5JNOOBGB.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5JNOOBGB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5JNOOBGB.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2011.12.26 21:35:06 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.14 00:07:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.14 00:07:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.14 00:07:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.14 00:07:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.14 00:07:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.14 00:07:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.07 20:44:04 | 000,397,087 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.208.10.249        gs.apple.com
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 13704 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3DFE879-9FA3-4F59-8E92-B9B762372CDA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c4e56e2-f7d3-11de-b57e-a53339aed2a4}\Shell - "" = AutoRun
O33 - MountPoints2\{4c4e56e2-f7d3-11de-b57e-a53339aed2a4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {91C0F22A-C85F-8657-4B77-4876B4560663} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk - C:\PROGRA~2\WinTV\WinTV7\WINTVT~2.EXE - (Hauppauge Computer Works, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig:64bit - StartUpReg: 6BA.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Eraser - hkey= - key= - C:\Programme\Eraser\Eraser.exe (The Eraser Project)
MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ProfilerU - hkey= - key= - C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.05 20:45:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.12.21 22:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.21 13:21:30 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2011.12.21 02:22:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2011.12.21 02:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.21 02:16:35 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.21 02:16:35 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.21 02:16:35 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.21 02:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.21 02:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.21 00:36:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011.12.21 00:22:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5EE07
[2011.12.21 00:22:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\6CE5E
[2010.03.18 18:18:32 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.03.18 17:59:50 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.05 21:12:39 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 21:12:39 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.05 21:05:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.05 21:05:17 | 1609,158,656 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.05 21:04:07 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.01.05 21:04:07 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.01.05 21:04:07 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.01.05 21:04:07 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.01.05 21:04:07 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.01.05 20:45:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.01.05 20:41:10 | 000,000,202 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.01.05 20:39:09 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.12.21 13:21:33 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2011.12.21 02:17:10 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.21 02:11:36 | 002,372,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.21 00:40:30 | 006,456,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.21 00:40:30 | 002,342,806 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.21 00:40:30 | 001,936,910 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.21 00:40:30 | 001,726,220 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.21 00:40:30 | 000,005,644 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.18 22:33:21 | 000,034,760 | ---- | M] () -- C:\Users\***\Desktop\Bestätigung KLM.pdf
[2011.12.13 23:53:37 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.12.11 15:57:21 | 000,003,584 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.09 12:40:20 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2012.01.05 20:41:10 | 000,000,202 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.01.05 20:39:08 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.12.21 02:17:10 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.18 22:33:21 | 000,034,760 | ---- | C] () -- C:\Users\***\Desktop\Bestätigung KLM.pdf
[2011.12.13 23:53:37 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.12.11 15:57:21 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.27 12:41:02 | 000,000,238 | ---- | C] () -- C:\Windows\Wininit.ini
[2011.09.09 08:42:57 | 000,036,352 | ---- | C] () -- C:\Users\***\AppData\Roaming\csrss.exe
[2011.08.25 13:46:46 | 000,005,628 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.03 15:39:38 | 000,001,994 | ---- | C] () -- C:\Users\***\AppData\Roaming\SAS7_000.DAT
[2011.03.04 02:26:22 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.03.04 02:26:22 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.03.04 02:26:16 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.01.08 02:53:50 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.01.07 09:41:01 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Roaming\winscp.rnd
[2010.04.27 08:53:11 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.04.27 08:53:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.04.09 20:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll
[2010.03.18 18:59:54 | 000,050,439 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.03.18 18:59:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.03.18 18:19:58 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2010.03.18 18:17:50 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2010.03.18 18:07:54 | 000,386,852 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.03.18 18:07:54 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.03.18 17:59:56 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2010.03.18 17:59:56 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2010.03.18 17:59:54 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010.02.23 17:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.01.18 18:10:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.01.16 19:29:17 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.01.16 19:29:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.01.16 19:29:16 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010.01.16 19:29:16 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.01.16 19:29:16 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.01.16 19:29:14 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.01.10 18:25:39 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.01.02 14:51:47 | 000,000,423 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.02 14:51:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.01.02 14:51:39 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2010.01.02 14:50:36 | 000,033,865 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.01.02 14:23:48 | 000,007,517 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010.01.02 12:58:12 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.01.02 00:19:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.01 20:53:55 | 000,007,587 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.01.01 20:33:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.08 14:10:56 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.08.13 19:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
[2007.04.12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll
 
========== LOP Check ==========
 
[2011.12.22 01:21:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5EE07
[2011.12.22 01:21:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\6CE5E
[2010.05.11 21:36:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2011.08.28 12:01:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DusanRodina
[2011.12.13 23:54:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.12.28 14:54:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.02.04 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro
[2010.12.29 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2011.10.13 17:32:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Kalypso Media
[2010.01.01 21:09:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.01.02 12:52:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2011.06.18 12:29:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MVTec
[2011.06.19 12:54:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2011.08.03 15:23:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance
[2011.05.28 00:00:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit
[2010.01.16 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PMS
[2011.09.27 12:42:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScummVM
[2010.12.04 17:52:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.11.24 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\The Longest Journey
[2010.01.01 22:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Trillian
[2010.01.02 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2011.11.08 22:38:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
<  >
 
< %SYSTEMDRIVE%\*. >
[2010.01.01 20:10:31 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.01.17 11:33:03 | 000,000,000 | ---D | M] -- C:\ATI
[2011.07.15 10:31:38 | 000,000,000 | ---D | M] -- C:\Burst
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.01.01 20:10:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.01.10 13:33:17 | 000,000,000 | ---D | M] -- C:\Downloads
[2010.01.02 14:21:28 | 000,000,000 | ---D | M] -- C:\Hauppauge
[2010.11.04 17:04:24 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.01.18 23:29:35 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.06 15:57:01 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.21 22:52:37 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.12.27 04:41:45 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.01.01 20:10:15 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.01.01 20:10:16 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.05 21:11:39 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.01.01 20:10:24 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.21 02:03:37 | 000,000,000 | ---D | M] -- C:\Windows
[2010.01.02 14:50:34 | 000,000,000 | ---D | M] -- C:\WinTV7
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >

KennyRie 06.01.2012 04:29
Das meint übrigens Malwarebytes dazu:
Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.05.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: *** [Administrator]

06.01.2012 02:29:42
mbam-log-2012-01-06 (04-29-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 723054
Laufzeit: 1 Stunde(n), 8 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Daten: http=127.0.0.1:52929 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Roaming\csrss.exe (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)

KennyRie 07.01.2012 03:18
Und die Logs vom ESET Online Scanner, nachdem ich die oben durch Malwarebytes behobenen Probleme habe beheben lassen: (Es ist eine Sammlung als allen Logs es ist also eine Histore zu erkennen):
Code:
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=12
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5917daa0dc7a6940bdab92d75dcff13e
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-21 11:23:17
# local_time=2011-12-22 12:23:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776638 66 94 107936 76134615 0 0
# compatibility_mode=8192 67108863 100 0 4008 4008 0 0
# scanned=320272
# found=0
# cleaned=0
# scan_time=5031
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5917daa0dc7a6940bdab92d75dcff13e
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-22 01:00:33
# local_time=2011-12-22 02:00:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776638 66 94 113032 76139711 0 0
# compatibility_mode=8192 67108863 100 0 9104 9104 0 0
# scanned=572038
# found=11
# cleaned=11
# scan_time=5771
C:\Program Files (x86)\LP\5186\6BA.exe        a variant of Win32/Kryptik.XRB trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2A3WEQ2\contacts[1].exe        a variant of Win32/Kryptik.XST trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Local\Mozilla\Firefox\Profiles\5jnoobgb.default\Cache\C\9E\82F22d01        JS/Exploit.Pdfka.PGZ trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Local\Temp\286E.tmp        a variant of Win32/Kryptik.XUK trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Local\Temp\AC9A.tmp        a variant of Win32/Kryptik.XRB trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Roaming\csrss.exe        a variant of Win32/Kryptik.XST trojan (deleted (after the next restart) - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Roaming\firefox.exe        a variant of Win32/Kryptik.XRB trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Roaming\5EE07\lvvm.exe        a variant of Win32/Kryptik.XRB trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Roaming\6CE5E\CFC51.exe        a variant of Win32/Kryptik.XRB trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Roaming\Microsoft\5186\3308.tmp        a variant of Win32/Kryptik.XRB trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Roaming\Microsoft\5186\6BA.exe        a variant of Win32/Kryptik.XUK trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5917daa0dc7a6940bdab92d75dcff13e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-27 04:52:19
# local_time=2011-12-27 05:52:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776638 66 94 556658 76583337 0 0
# compatibility_mode=8192 67108863 100 0 452730 452730 0 0
# scanned=572535
# found=9
# cleaned=9
# scan_time=8049
C:\ProgramData\expcfg.exe        a variant of Win32/Kryptik.XVI trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\ProgramData\exppaint.exe        a variant of Win32/Kryptik.XYW trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C2A3WEQ2\about[1].exe        a variant of Win32/Kryptik.XZN trojan (deleted - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Local\Mozilla\Firefox\Profiles\5jnoobgb.default\Cache\7\F1\A756Ad01        JS/Exploit.Pdfka.PFU trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Local\Temp\8EE2.tmp        a variant of Win32/Kryptik.XYW trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Local\Temp\helpfast.exe        a variant of Win32/Kryptik.XYW trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Roaming\balancerAdapter.exe        a variant of Win32/Kryptik.XYW trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Roaming\comcred.exe        a variant of Win32/Kryptik.XVI trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
C:\Users\Timo\AppData\Roaming\csrss.exe        a variant of Win32/Kryptik.XZN trojan (deleted (after the next restart) - quarantined)        00000000000000000000000000000000        C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5917daa0dc7a6940bdab92d75dcff13e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-29 05:34:27
# local_time=2011-12-29 06:34:27 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776638 66 94 726439 76753118 0 0
# compatibility_mode=8192 67108863 100 0 622511 622511 0 0
# scanned=562498
# found=1
# cleaned=1
# scan_time=13617
C:\Users\Timo\AppData\Local\Temp\3DFD.tmp        a variant of Win32/Kryptik.YBH trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5917daa0dc7a6940bdab92d75dcff13e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-06 10:41:37
# local_time=2012-01-06 11:41:37 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 614543 614543 0 0
# compatibility_mode=5893 16776638 66 94 1479484 77506163 0 0
# compatibility_mode=8192 67108863 100 0 1375556 1375556 0 0
# scanned=563448
# found=0
# cleaned=0
# scan_time=13386

cosinus 10.01.2012 10:40
Bitte Malwarebytes aktualisieren und einen neuen Vollscan machen. Der letzte ist schon 4 Tage her.

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

KennyRie 10.01.2012 22:41
Hallo Arne,

danke für deine Antwort, einen Scan mit Malwarebytes habe ich vor dem oben geposteten Log nicht gemacht. In der Zwischenzeit hab ich noch zwei weitere Scans gemacht (den jüngesten gerade eben), hier die Logs:

Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: *** [Administrator]

08.01.2012 12:55:48
mbam-log-2012-01-08 (14-46-51).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 719560
Laufzeit: 1 Stunde(n), 50 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\***\AppData\Local\Temp\jna2867142458925200430.tmp (Exploit.Drop.3) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Local\Temp\jna7955202307567174154.tmp (Exploit.Drop.3) -> Keine Aktion durchgeführt.
C:\Users\***\AppData\Local\Temp\jna534232288724768642.tmp (Exploit.Drop.3) -> Keine Aktion durchgeführt.

(Ende)

Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.10.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
*** :: *** [Administrator]

10.01.2012 18:59:29
mbam-log-2012-01-10 (18-59-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 718911
Laufzeit: 1 Stunde(n), 8 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 11.01.2012 10:15
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

KennyRie 11.01.2012 10:47
Gemacht, hier der Log:

Code:
OTL logfile created on: 11.01.2012 10:30:23 - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\****\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,19 Gb Available Physical Memory | 59,67% Memory free
4,00 Gb Paging File | 2,81 Gb Available in Paging File | 70,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 160,06 Gb Total Space | 36,05 Gb Free Space | 22,52% Space Free | Partition Type: NTFS
Drive D: | 436,01 Gb Total Space | 324,77 Gb Free Space | 74,49% Space Free | Partition Type: NTFS
Drive H: | 259,78 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: KONTROLLZENTRUM | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2012.01.05 20:45:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
PRC - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.09 12:39:54 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.04 08:53:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2011.03.04 02:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2010.03.18 18:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
PRC - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.11.03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.03.03 05:12:12 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.29 15:43:12 | 000,545,792 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2008.04.24 12:41:06 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2007.11.08 00:11:22 | 004,466,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.04 08:53:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2011.03.04 02:31:08 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010.04.27 08:53:52 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.12 09:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2010.01.10 18:21:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.15 18:09:38 | 000,601,088 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE -- (HauppaugeTVServer)
SRV - [2009.09.06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 12:40:20 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 02:25:20 | 004,183,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) QuickCam Orbit/Sphere AF(UVC)
DRV:64bit: - [2011.03.04 02:23:54 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.18 19:52:18 | 000,295,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2010.03.18 19:52:10 | 000,259,672 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2010.03.18 19:52:02 | 001,360,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2010.03.18 19:51:50 | 000,147,544 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.03.18 19:51:34 | 000,290,392 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.03.18 19:51:26 | 000,016,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.03.18 19:51:18 | 000,221,272 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.03.18 19:50:52 | 000,866,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.03.18 19:50:42 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.03.18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2010.03.18 19:40:10 | 000,141,912 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2010.03.18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2010.03.18 19:40:02 | 000,681,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2010.03.18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2010.03.18 19:39:54 | 000,706,648 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2010.03.18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2010.03.18 19:39:44 | 000,158,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2010.03.03 05:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.03.03 05:23:10 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.03.03 04:07:32 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2010.02.01 22:15:24 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2010.01.28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.01.02 20:14:29 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.06 14:33:50 | 000,019,456 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95rc.sys -- (hcw95rc)
DRV:64bit: - [2009.07.06 14:32:36 | 000,658,432 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw95bda.sys -- (hcw95bda)
DRV:64bit: - [2009.06.17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 17:53:34 | 000,030,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.10 11:14:36 | 000,043,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2009.06.10 11:14:36 | 000,016,000 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.05 12:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008.03.18 15:09:28 | 000,128,512 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2008.02.11 15:57:10 | 000,070,272 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2007.08.06 13:32:42 | 000,314,880 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2007.07.23 14:13:06 | 000,056,960 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshhl.sys -- (akshhl)
DRV:64bit: - [2007.06.29 13:05:42 | 000,053,632 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2007.06.29 13:05:42 | 000,018,688 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV:64bit: - [2007.05.01 16:10:48 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0255.sys -- (SaiH0255)
DRV:64bit: - [2007.04.10 04:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007.04.10 04:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007.04.10 04:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007.04.10 04:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007.04.10 04:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007.04.10 04:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007.04.10 04:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.01.01 20:40:04 | 000,222,160 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F A5 1B 35 72 BF CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.8
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.9.35
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.5
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.2.3
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.19
FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.01.110527
FF - prefs.js..extensions.enabledItems: rikaichan-jpde@polarcloud.com:2.01.110527
FF - prefs.js..extensions.enabledItems: rikaichan-jpnames@polarcloud.com:2.01.110527
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52929
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll (Wolfram Research, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.26 21:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.14 00:07:25 | 000,000,000 | ---D | M]
 
[2010.01.01 21:06:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2012.01.08 02:24:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions
[2011.12.09 02:44:07 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2011.10.22 12:51:35 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2012.01.08 02:24:11 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.01.02 10:30:41 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011.12.26 01:12:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.11 19:10:42 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011.09.05 01:35:44 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\rikaichan-jpde@polarcloud.com
[2011.09.05 01:35:47 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\rikaichan-jpen@polarcloud.com
[2011.09.05 01:35:41 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\rikaichan-jpnames@polarcloud.com
[2011.08.26 21:27:37 | 000,000,000 | ---D | M] (YouTube to MP3) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\5jnoobgb.default\extensions\youtube2mp3@mondayx.de
[2011.12.26 21:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5JNOOBGB.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5JNOOBGB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\****\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5JNOOBGB.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2011.12.26 21:35:06 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.11.14 00:07:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.14 00:07:23 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.14 00:07:23 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.14 00:07:23 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.14 00:07:23 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.14 00:07:23 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.07 20:44:04 | 000,397,087 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 74.208.10.249        gs.apple.com
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 13704 more lines...
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3DFE879-9FA3-4F59-8E92-B9B762372CDA}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c4e56e2-f7d3-11de-b57e-a53339aed2a4}\Shell - "" = AutoRun
O33 - MountPoints2\{4c4e56e2-f7d3-11de-b57e-a53339aed2a4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status..lnk - C:\PROGRA~2\WinTV\WinTV7\WINTVT~2.EXE - (Hauppauge Computer Works, Inc.)
MsConfig:64bit - StartUpFolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig:64bit - StartUpReg: 6BA.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Eraser - hkey= - key= - C:\Programme\Eraser\Eraser.exe (The Eraser Project)
MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: ProfilerU - hkey= - key= - C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {91C0F22A-C85F-8657-4B77-4876B4560663} - Browser Customizations
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.pspgru - C:\Windows\SysWow64\PSPGRU.acm (Philips Austria GmbH - Speech Processing)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.ZMBV - C:\Windows\SysWow64\zmbv.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.06 00:20:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2012.01.06 00:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.06 00:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.06 00:20:21 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.06 00:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.05 20:45:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2011.12.21 22:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.21 13:21:30 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2011.12.21 02:22:32 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Avira
[2011.12.21 02:17:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.21 02:16:35 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.21 02:16:35 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.21 02:16:35 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.21 02:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.21 02:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.21 00:36:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011.12.21 00:22:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\5EE07
[2011.12.21 00:22:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\6CE5E
[2010.03.18 18:18:32 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.03.18 17:59:50 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.11 10:34:13 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.11 10:34:13 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.11 10:26:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.11 10:26:55 | 1609,158,656 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.11 00:22:36 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.01.11 00:22:36 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.01.11 00:22:36 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.01.11 00:22:36 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.01.11 00:22:36 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000004-20021102}.rfx
[2012.01.07 12:42:17 | 000,000,512 | ---- | M] () -- C:\Users\****\Desktop\MBR.dat
[2012.01.06 00:20:22 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.05 22:24:06 | 000,041,024 | ---- | M] () -- C:\Users\****\Desktop\csrss.exe - VirusTotal - Free Online Virus, Malware and URL Scanner.pdf.zip
[2012.01.05 22:08:27 | 000,052,403 | ---- | M] () -- C:\Users\****\Desktop\csrss.exe - VirusTotal - Free Online Virus, Malware and URL Scanner.pdf
[2012.01.05 21:35:51 | 000,018,813 | ---- | M] () -- C:\Users\****\Desktop\OTL.zip
[2012.01.05 20:45:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2012.01.05 20:41:10 | 000,000,202 | ---- | M] () -- C:\Users\****\defogger_reenable
[2012.01.05 20:39:09 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\Defogger.exe
[2011.12.21 13:21:33 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\****\Desktop\aswMBR.exe
[2011.12.21 02:17:10 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.21 02:11:36 | 002,372,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.21 00:40:30 | 006,456,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.21 00:40:30 | 002,342,806 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.21 00:40:30 | 001,936,910 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.21 00:40:30 | 001,726,220 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.21 00:40:30 | 000,005,644 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.18 22:33:21 | 000,034,760 | ---- | M] () -- C:\Users\****\Desktop\Bestätigung KLM.pdf
[2011.12.13 23:53:37 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.07 12:42:17 | 000,000,512 | ---- | C] () -- C:\Users\****\Desktop\MBR.dat
[2012.01.06 00:20:22 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.05 22:24:06 | 000,041,024 | ---- | C] () -- C:\Users\****\Desktop\csrss.exe - VirusTotal - Free Online Virus, Malware and URL Scanner.pdf.zip
[2012.01.05 22:08:26 | 000,052,403 | ---- | C] () -- C:\Users\****\Desktop\csrss.exe - VirusTotal - Free Online Virus, Malware and URL Scanner.pdf
[2012.01.05 21:35:51 | 000,018,813 | ---- | C] () -- C:\Users\****\Desktop\OTL.zip
[2012.01.05 20:41:10 | 000,000,202 | ---- | C] () -- C:\Users\****\defogger_reenable
[2012.01.05 20:39:08 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\Defogger.exe
[2011.12.21 02:17:10 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.18 22:33:21 | 000,034,760 | ---- | C] () -- C:\Users\****\Desktop\Bestätigung KLM.pdf
[2011.12.13 23:53:37 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.12.11 15:57:21 | 000,003,584 | ---- | C] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.27 12:41:02 | 000,000,238 | ---- | C] () -- C:\Windows\Wininit.ini
[2011.08.25 13:46:46 | 000,005,628 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.03 15:39:38 | 000,001,994 | ---- | C] () -- C:\Users\****\AppData\Roaming\SAS7_000.DAT
[2011.03.04 02:26:22 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.03.04 02:26:22 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.03.04 02:26:16 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.01.08 02:53:50 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Local\PUTTY.RND
[2011.01.07 09:41:01 | 000,000,600 | ---- | C] () -- C:\Users\****\AppData\Roaming\winscp.rnd
[2010.04.27 08:53:11 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.04.27 08:53:11 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.04.09 20:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\zmbv.dll
[2010.03.18 18:59:54 | 000,050,439 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.03.18 18:59:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.03.18 18:19:58 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2010.03.18 18:17:50 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2010.03.18 18:07:54 | 000,386,852 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.03.18 18:07:54 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.03.18 17:59:56 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2010.03.18 17:59:56 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2010.03.18 17:59:54 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010.02.23 17:15:02 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.01.18 18:10:53 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.01.16 19:29:17 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.01.16 19:29:17 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.01.16 19:29:16 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010.01.16 19:29:16 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.01.16 19:29:16 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.01.16 19:29:14 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.01.10 18:25:39 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010.01.02 14:51:47 | 000,000,423 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.02 14:51:47 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.01.02 14:51:39 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
[2010.01.02 14:50:36 | 000,033,865 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.01.02 14:23:48 | 000,007,517 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2010.01.02 12:58:12 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.01.02 00:19:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.01 20:53:55 | 000,007,587 | ---- | C] () -- C:\Users\****\AppData\Local\Resmon.ResmonCfg
[2010.01.01 20:33:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.08 14:10:56 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.08.13 19:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
[2007.04.12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll
 
========== LOP Check ==========
 
[2011.12.22 01:21:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\5EE07
[2011.12.22 01:21:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\6CE5E
[2010.05.11 21:36:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2011.08.28 12:01:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DusanRodina
[2011.12.13 23:54:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\elsterformular
[2011.12.28 14:54:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2010.02.04 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2010.12.29 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ImgBurn
[2011.10.13 17:32:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Kalypso Media
[2010.01.01 21:09:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2010.01.02 12:52:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mp3tag
[2011.06.18 12:29:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MVTec
[2011.06.19 12:54:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++
[2011.08.03 15:23:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nuance
[2011.05.28 00:00:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2010.01.16 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PMS
[2011.09.27 12:42:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ScummVM
[2010.12.04 17:52:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2011.11.24 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\The Longest Journey
[2010.01.01 22:05:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Trillian
[2010.01.02 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TrueCrypt
[2011.11.08 22:38:14 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.22 01:21:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\5EE07
[2011.12.22 01:21:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\6CE5E
[2011.07.15 21:09:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Adobe
[2010.01.02 01:03:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Apple Computer
[2010.01.17 11:40:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ATI
[2011.12.21 02:22:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Avira
[2010.05.11 21:36:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Canneverbe Limited
[2010.01.18 07:51:38 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Download Manager
[2011.08.28 12:01:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DusanRodina
[2010.06.03 22:17:27 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\dvdcss
[2011.12.13 23:54:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\elsterformular
[2011.12.28 14:54:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FileZilla
[2011.08.03 15:23:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FLEXnet
[2010.02.04 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\GrabPro
[2010.02.03 01:05:05 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Hamachi
[2010.01.01 20:10:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Identities
[2010.12.29 16:45:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ImgBurn
[2011.07.09 19:17:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\InstallShield
[2011.10.13 17:32:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Kalypso Media
[2010.01.01 21:09:33 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2010.01.01 21:09:42 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Logitech
[2010.01.01 21:28:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Macromedia
[2012.01.06 00:20:31 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2011.10.06 16:02:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mathematica
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Center Programs
[2010.06.29 09:30:34 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Media Player Classic
[2011.12.21 00:22:06 | 000,000,000 | --SD | M] -- C:\Users\****\AppData\Roaming\Microsoft
[2011.12.21 01:23:17 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mozilla
[2010.01.02 12:52:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Mp3tag
[2011.06.18 12:29:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\MVTec
[2011.06.19 12:54:49 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Notepad++
[2011.08.03 15:23:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Nuance
[2011.05.28 00:00:43 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Orbit
[2010.01.16 19:16:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\PMS
[2011.09.27 12:42:55 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ScummVM
[2012.01.03 07:59:12 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Skype
[2011.10.31 21:04:22 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\skypePM
[2010.12.04 17:52:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TeamViewer
[2011.11.24 16:44:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\The Longest Journey
[2010.01.01 22:05:07 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Trillian
[2010.01.02 10:41:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TrueCrypt
[2010.11.09 00:42:00 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\vlc
[2011.04.01 09:17:46 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.04.27 08:37:50 | 000,010,134 | R--- | M] () -- C:\Users\****\AppData\Roaming\Microsoft\Installer\{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0FF263E8

< End of report >

cosinus 11.01.2012 12:00
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52929
FF - prefs.js..network.proxy.type: 0
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4c4e56e2-f7d3-11de-b57e-a53339aed2a4}\Shell - "" = AutoRun
O33 - MountPoints2\{4c4e56e2-f7d3-11de-b57e-a53339aed2a4}\Shell\AutoRun\command - "" = E:\AutoRun.exe
[2011.12.21 00:36:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LP
[2011.12.21 00:22:16 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\5EE07
[2011.12.21 00:22:06 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\6CE5E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:0FF263E8
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

KennyRie 11.01.2012 12:25
Done :), im Anhang der Log

Achja der FF startet immer noch mit geändertem Proxy, weiß nicht ob das durch das Script hätte geändert sein sollen (durch manuelles abstellen des Proxys kann ich aber normal aufs Internet zugreifen)

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 52929 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}\ deleted successfully.
C:\Program Files (x86)\Orbitdownloader\orbitcth.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{074C1DC5-9320-4A9A-947D-C042949C6216}\ deleted successfully.
C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\PROGRA~2\SPYBOT~1\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE7CD045-E861-484f-8273-0445EE161910}\ not found.
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
File C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}\ deleted successfully.
File C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
File C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c4e56e2-f7d3-11de-b57e-a53339aed2a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c4e56e2-f7d3-11de-b57e-a53339aed2a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c4e56e2-f7d3-11de-b57e-a53339aed2a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c4e56e2-f7d3-11de-b57e-a53339aed2a4}\ not found.
File E:\AutoRun.exe not found.
C:\Program Files (x86)\LP\5186 folder moved successfully.
C:\Program Files (x86)\LP folder moved successfully.
C:\Users\***\AppData\Roaming\5EE07 folder moved successfully.
C:\Users\***\AppData\Roaming\6CE5E folder moved successfully.
ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: ***
->Temp folder emptied: 1405197339 bytes
->Temporary Internet Files folder emptied: 109757051 bytes
->Java cache emptied: 64479686 bytes
->FireFox cache emptied: 722977584 bytes
->Flash cache emptied: 276362 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 629376496 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 746 bytes
RecycleBin emptied: 1496340385 bytes
 
Total Files Cleaned = 4.223,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01112012_121717

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 11.01.2012 12:49
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

KennyRie 11.01.2012 20:24
Der Scan ging schnell durch :)
Hier der Log:
Code:
20:18:28.0577 4776        TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
20:18:28.0639 4776        ============================================================
20:18:28.0639 4776        Current date / time: 2012/01/11 20:18:28.0639
20:18:28.0639 4776        SystemInfo:
20:18:28.0639 4776       
20:18:28.0639 4776        OS Version: 6.1.7601 ServicePack: 1.0
20:18:28.0639 4776        Product type: Workstation
20:18:28.0639 4776        ComputerName: ***
20:18:28.0639 4776        UserName: ***
20:18:28.0639 4776        Windows directory: C:\Windows
20:18:28.0639 4776        System windows directory: C:\Windows
20:18:28.0639 4776        Running under WOW64
20:18:28.0639 4776        Processor architecture: Intel x64
20:18:28.0639 4776        Number of processors: 4
20:18:28.0639 4776        Page size: 0x1000
20:18:28.0639 4776        Boot type: Normal boot
20:18:28.0639 4776        ============================================================
20:18:29.0279 4776        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000, SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
20:18:29.0279 4776        Drive \Device\Harddisk1\DR1 - Size: 0x950B056000, SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
20:18:29.0310 4776        Initialize success
20:22:36.0729 1128        ============================================================
20:22:36.0729 1128        Scan started
20:22:36.0729 1128        Mode: Manual; SigCheck; TDLFS;
20:22:36.0729 1128        ============================================================
20:22:37.0619 1128        1394ohci - ok
20:22:37.0665 1128        acedrv11 - ok
20:22:37.0681 1128        ACPI - ok
20:22:37.0681 1128        AcpiPmi - ok
20:22:37.0728 1128        adp94xx - ok
20:22:37.0728 1128        adpahci - ok
20:22:37.0743 1128        adpu320 - ok
20:22:37.0759 1128        AFD - ok
20:22:37.0759 1128        agp440 - ok
20:22:37.0775 1128        aksdf - ok
20:22:37.0790 1128        aksfridge - ok
20:22:37.0806 1128        akshasp - ok
20:22:37.0806 1128        akshhl - ok
20:22:37.0806 1128        aksusb - ok
20:22:37.0821 1128        aliide - ok
20:22:37.0837 1128        amdide - ok
20:22:37.0837 1128        AmdK8 - ok
20:22:37.0868 1128        amdkmdag - ok
20:22:37.0884 1128        amdkmdap - ok
20:22:37.0899 1128        AmdPPM - ok
20:22:37.0899 1128        amdsata - ok
20:22:37.0899 1128        amdsbs - ok
20:22:37.0915 1128        amdxata - ok
20:22:37.0962 1128        AppID - ok
20:22:38.0009 1128        arc - ok
20:22:38.0024 1128        arcsas - ok
20:22:38.0024 1128        AsyncMac - ok
20:22:38.0024 1128        atapi - ok
20:22:38.0087 1128        AtiHdmiService - ok
20:22:38.0102 1128        atikmdag - ok
20:22:38.0149 1128        AtiPcie - ok
20:22:38.0165 1128        avgntflt - ok
20:22:38.0180 1128        avipbb - ok
20:22:38.0211 1128        avkmgr - ok
20:22:38.0243 1128        b06bdrv - ok
20:22:38.0258 1128        b57nd60a - ok
20:22:38.0289 1128        Beep - ok
20:22:38.0336 1128        blbdrive - ok
20:22:38.0336 1128        bowser - ok
20:22:38.0352 1128        BrFiltLo - ok
20:22:38.0367 1128        BrFiltUp - ok
20:22:38.0367 1128        Brserid - ok
20:22:38.0367 1128        BrSerWdm - ok
20:22:38.0367 1128        BrUsbMdm - ok
20:22:38.0383 1128        BrUsbSer - ok
20:22:38.0383 1128        BTHMODEM - ok
20:22:38.0414 1128        cdfs - ok
20:22:38.0430 1128        cdrom - ok
20:22:38.0461 1128        circlass - ok
20:22:38.0461 1128        CLFS - ok
20:22:38.0492 1128        CmBatt - ok
20:22:38.0492 1128        cmdide - ok
20:22:38.0508 1128        CNG - ok
20:22:38.0508 1128        COMMONFX - ok
20:22:38.0508 1128        COMMONFX.DLL - ok
20:22:38.0539 1128        COMMONFX.SYS - ok
20:22:38.0539 1128        Compbatt - ok
20:22:38.0555 1128        CompositeBus - ok
20:22:38.0570 1128        crcdisk - ok
20:22:38.0617 1128        CSC - ok
20:22:38.0633 1128        CT20XUT.DLL - ok
20:22:38.0648 1128        ctac32k - ok
20:22:38.0648 1128        ctaud2k - ok
20:22:38.0648 1128        CTAUDFX - ok
20:22:38.0648 1128        CTAUDFX.DLL - ok
20:22:38.0664 1128        CTAUDFX.SYS - ok
20:22:38.0711 1128        CTEAPSFX.DLL - ok
20:22:38.0711 1128        CTEDSPFX.DLL - ok
20:22:38.0726 1128        CTEDSPIO.DLL - ok
20:22:38.0742 1128        CTEDSPSY.DLL - ok
20:22:38.0742 1128        CTERFXFX - ok
20:22:38.0742 1128        CTERFXFX.DLL - ok
20:22:38.0757 1128        CTERFXFX.SYS - ok
20:22:38.0757 1128        CTEXFIFX.DLL - ok
20:22:38.0757 1128        CTHWIUT.DLL - ok
20:22:38.0757 1128        ctprxy2k - ok
20:22:38.0757 1128        CTSBLFX - ok
20:22:38.0757 1128        CTSBLFX.DLL - ok
20:22:38.0773 1128        CTSBLFX.SYS - ok
20:22:38.0773 1128        ctsfm2k - ok
20:22:38.0789 1128        DfsC - ok
20:22:38.0789 1128        discache - ok
20:22:38.0820 1128        Disk - ok
20:22:38.0867 1128        drmkaud - ok
20:22:38.0882 1128        DXGKrnl - ok
20:22:38.0882 1128        ebdrv - ok
20:22:38.0898 1128        elxstor - ok
20:22:38.0898 1128        emupia - ok
20:22:38.0898 1128        ErrDev - ok
20:22:38.0913 1128        exfat - ok
20:22:38.0913 1128        fastfat - ok
20:22:38.0929 1128        fdc - ok
20:22:38.0929 1128        FileInfo - ok
20:22:38.0945 1128        Filetrace - ok
20:22:38.0960 1128        flpydisk - ok
20:22:38.0960 1128        FltMgr - ok
20:22:38.0976 1128        FsDepends - ok
20:22:38.0976 1128        Fs_Rec - ok
20:22:39.0007 1128        fvevol - ok
20:22:39.0023 1128        gagp30kx - ok
20:22:39.0069 1128        GEARAspiWDM - ok
20:22:39.0069 1128        ha10kx2k - ok
20:22:39.0116 1128        hamachi - ok
20:22:39.0116 1128        hap16v2k - ok
20:22:39.0116 1128        hap17v2k - ok
20:22:39.0132 1128        Hardlock - ok
20:22:39.0163 1128        hcw85cir - ok
20:22:39.0179 1128        hcw95bda - ok
20:22:39.0194 1128        hcw95rc - ok
20:22:39.0210 1128        HdAudAddService - ok
20:22:39.0225 1128        HDAudBus - ok
20:22:39.0225 1128        HidBatt - ok
20:22:39.0241 1128        HidBth - ok
20:22:39.0241 1128        HidIr - ok
20:22:39.0272 1128        HidUsb - ok
20:22:39.0272 1128        HpSAMD - ok
20:22:39.0288 1128        HTTP - ok
20:22:39.0288 1128        hwpolicy - ok
20:22:39.0303 1128        i8042prt - ok
20:22:39.0319 1128        iaStorV - ok
20:22:39.0381 1128        iirsp - ok
20:22:39.0381 1128        intelide - ok
20:22:39.0428 1128        intelppm - ok
20:22:39.0428 1128        IpFilterDriver - ok
20:22:39.0444 1128        IPMIDRV - ok
20:22:39.0444 1128        IPNAT - ok
20:22:39.0491 1128        IRENUM - ok
20:22:39.0506 1128        isapnp - ok
20:22:39.0506 1128        iScsiPrt - ok
20:22:39.0506 1128        kbdclass - ok
20:22:39.0506 1128        kbdhid - ok
20:22:39.0522 1128        KSecDD - ok
20:22:39.0522 1128        KSecPkg - ok
20:22:39.0537 1128        ksthunk - ok
20:22:39.0553 1128        L8042Kbd - ok
20:22:39.0600 1128        LHidFilt - ok
20:22:39.0615 1128        lltdio - ok
20:22:39.0615 1128        LMouFilt - ok
20:22:39.0631 1128        LSI_FC - ok
20:22:39.0631 1128        LSI_SAS - ok
20:22:39.0647 1128        LSI_SAS2 - ok
20:22:39.0662 1128        LSI_SCSI - ok
20:22:39.0678 1128        luafv - ok
20:22:39.0693 1128        LUsbFilt - ok
20:22:39.0756 1128        LVRS64 - ok
20:22:39.0771 1128        LVUVC64 - ok
20:22:39.0787 1128        megasas - ok
20:22:39.0787 1128        MegaSR - ok
20:22:39.0787 1128        Modem - ok
20:22:39.0787 1128        monitor - ok
20:22:39.0803 1128        mouclass - ok
20:22:39.0818 1128        mouhid - ok
20:22:39.0818 1128        mountmgr - ok
20:22:39.0818 1128        mpio - ok
20:22:39.0818 1128        mpsdrv - ok
20:22:39.0818 1128        MRxDAV - ok
20:22:39.0834 1128        mrxsmb - ok
20:22:39.0834 1128        mrxsmb10 - ok
20:22:39.0834 1128        mrxsmb20 - ok
20:22:39.0834 1128        msahci - ok
20:22:39.0834 1128        msdsm - ok
20:22:39.0849 1128        Msfs - ok
20:22:39.0849 1128        mshidkmdf - ok
20:22:39.0849 1128        msisadrv - ok
20:22:39.0881 1128        MSKSSRV - ok
20:22:39.0881 1128        MSPCLOCK - ok
20:22:39.0896 1128        MSPQM - ok
20:22:39.0912 1128        MsRPC - ok
20:22:39.0912 1128        mssmbios - ok
20:22:39.0927 1128        MSTEE - ok
20:22:39.0974 1128        MTConfig - ok
20:22:40.0021 1128        MTsensor - ok
20:22:40.0021 1128        Mup - ok
20:22:40.0021 1128        NativeWifiP - ok
20:22:40.0037 1128        NDIS - ok
20:22:40.0052 1128        NdisCap - ok
20:22:40.0052 1128        NdisTapi - ok
20:22:40.0068 1128        Ndisuio - ok
20:22:40.0068 1128        NdisWan - ok
20:22:40.0068 1128        NDProxy - ok
20:22:40.0083 1128        NetBIOS - ok
20:22:40.0083 1128        NetBT - ok
20:22:40.0099 1128        nfrd960 - ok
20:22:40.0130 1128        Npfs - ok
20:22:40.0146 1128        nsiproxy - ok
20:22:40.0146 1128        Ntfs - ok
20:22:40.0146 1128        Null - ok
20:22:40.0146 1128        nvraid - ok
20:22:40.0161 1128        nvstor - ok
20:22:40.0161 1128        nv_agp - ok
20:22:40.0161 1128        ohci1394 - ok
20:22:40.0224 1128        ossrv - ok
20:22:40.0239 1128        Parport - ok
20:22:40.0239 1128        partmgr - ok
20:22:40.0255 1128        pci - ok
20:22:40.0255 1128        pciide - ok
20:22:40.0255 1128        pcmcia - ok
20:22:40.0255 1128        pcw - ok
20:22:40.0255 1128        PEAUTH - ok
20:22:40.0395 1128        ppaqaowa - ok
20:22:40.0395 1128        PptpMiniport - ok
20:22:40.0395 1128        Processor - ok
20:22:40.0427 1128        Psched - ok
20:22:40.0427 1128        ql2300 - ok
20:22:40.0427 1128        ql40xx - ok
20:22:40.0442 1128        QWAVEdrv - ok
20:22:40.0442 1128        RasAcd - ok
20:22:40.0442 1128        RasAgileVpn - ok
20:22:40.0458 1128        Rasl2tp - ok
20:22:40.0473 1128        RasPppoe - ok
20:22:40.0473 1128        RasSstp - ok
20:22:40.0473 1128        rdbss - ok
20:22:40.0489 1128        rdpbus - ok
20:22:40.0489 1128        RDPCDD - ok
20:22:40.0489 1128        RDPDR - ok
20:22:40.0551 1128        RDPENCDD - ok
20:22:40.0551 1128        RDPREFMP - ok
20:22:40.0551 1128        RDPWD - ok
20:22:40.0567 1128        rdyboost - ok
20:22:40.0583 1128        rspndr - ok
20:22:40.0598 1128        RTL8167 - ok
20:22:40.0614 1128        s3cap - ok
20:22:40.0645 1128        SaiH0255 - ok
20:22:40.0676 1128        SaiMini - ok
20:22:40.0707 1128        SaiNtBus - ok
20:22:40.0707 1128        sbp2port - ok
20:22:40.0723 1128        scfilter - ok
20:22:40.0739 1128        secdrv - ok
20:22:40.0754 1128        Serenum - ok
20:22:40.0785 1128        Serial - ok
20:22:40.0801 1128        sermouse - ok
20:22:40.0817 1128        sffdisk - ok
20:22:40.0817 1128        sffp_mmc - ok
20:22:40.0817 1128        sffp_sd - ok
20:22:40.0817 1128        sfloppy - ok
20:22:40.0832 1128        SiSRaid2 - ok
20:22:40.0832 1128        SiSRaid4 - ok
20:22:40.0848 1128        Smb - ok
20:22:40.0879 1128        speedfan - ok
20:22:40.0895 1128        spldr - ok
20:22:41.0019 1128        sptd - ok
20:22:41.0051 1128        srv - ok
20:22:41.0051 1128        srv2 - ok
20:22:41.0051 1128        srvnet - ok
20:22:41.0082 1128        StarOpen - ok
20:22:41.0097 1128        stexstor - ok
20:22:41.0113 1128        storflt - ok
20:22:41.0113 1128        storvsc - ok
20:22:41.0113 1128        swenum - ok
20:22:41.0129 1128        Tcpip - ok
20:22:41.0129 1128        TCPIP6 - ok
20:22:41.0129 1128        tcpipreg - ok
20:22:41.0129 1128        TDPIPE - ok
20:22:41.0144 1128        TDTCP - ok
20:22:41.0144 1128        tdx - ok
20:22:41.0144 1128        TermDD - ok
20:22:41.0191 1128        truecrypt - ok
20:22:41.0191 1128        tssecsrv - ok
20:22:41.0222 1128        TsUsbFlt - ok
20:22:41.0238 1128        tunnel - ok
20:22:41.0253 1128        uagp35 - ok
20:22:41.0253 1128        udfs - ok
20:22:41.0269 1128        uliagpkx - ok
20:22:41.0269 1128        umbus - ok
20:22:41.0285 1128        UmPass - ok
20:22:41.0316 1128        USBAAPL64 - ok
20:22:41.0331 1128        usbaudio - ok
20:22:41.0331 1128        usbccgp - ok
20:22:41.0347 1128        usbcir - ok
20:22:41.0347 1128        usbehci - ok
20:22:41.0347 1128        usbhub - ok
20:22:41.0363 1128        usbohci - ok
20:22:41.0363 1128        usbprint - ok
20:22:41.0363 1128        USBSTOR - ok
20:22:41.0363 1128        usbuhci - ok
20:22:41.0378 1128        usbvideo - ok
20:22:41.0378 1128        vdrvroot - ok
20:22:41.0394 1128        vga - ok
20:22:41.0394 1128        VgaSave - ok
20:22:41.0409 1128        vhdmp - ok
20:22:41.0409 1128        viaide - ok
20:22:41.0409 1128        vmbus - ok
20:22:41.0409 1128        VMBusHID - ok
20:22:41.0409 1128        volmgr - ok
20:22:41.0409 1128        volmgrx - ok
20:22:41.0425 1128        volsnap - ok
20:22:41.0425 1128        vsmraid - ok
20:22:41.0425 1128        vwifibus - ok
20:22:41.0425 1128        WacomPen - ok
20:22:41.0441 1128        WANARP - ok
20:22:41.0441 1128        Wanarpv6 - ok
20:22:41.0441 1128        Wd - ok
20:22:41.0456 1128        Wdf01000 - ok
20:22:41.0503 1128        WfpLwf - ok
20:22:41.0503 1128        WIMMount - ok
20:22:41.0565 1128        WinUsb - ok
20:22:41.0565 1128        WmiAcpi - ok
20:22:41.0597 1128        ws2ifsl - ok
20:22:41.0597 1128        WudfPf - ok
20:22:41.0612 1128        WUDFRd - ok
20:22:41.0612 1128        MBR (0x1B8)    (ae6210ede7872e45b1cc30b020cd29c8) \Device\Harddisk0\DR0
20:22:42.0423 1128        \Device\Harddisk0\DR0 - ok
20:22:42.0907 1128        MBR (0x1B8)    (205060f860aa1ec25b607a1b5b40a40c) \Device\Harddisk1\DR1
20:22:43.0359 1128        \Device\Harddisk1\DR1 - ok
20:22:43.0375 1128        Boot (0x1200)  (77b6345ebc60e081d87c5fb1f10d0cce) \Device\Harddisk0\DR0\Partition0
20:22:43.0375 1128        \Device\Harddisk0\DR0\Partition0 - ok
20:22:43.0391 1128        Boot (0x1200)  (de92f99aafffe6b699ac7a391ab7225d) \Device\Harddisk0\DR0\Partition1
20:22:43.0391 1128        \Device\Harddisk0\DR0\Partition1 - ok
20:22:43.0406 1128        Boot (0x1200)  (c17411305315417162d759f5ba743898) \Device\Harddisk0\DR0\Partition2
20:22:43.0406 1128        \Device\Harddisk0\DR0\Partition2 - ok
20:22:43.0422 1128        Boot (0x1200)  (4625e02b2ec590b8feb2960ebe0910c8) \Device\Harddisk1\DR1\Partition0
20:22:43.0422 1128        \Device\Harddisk1\DR1\Partition0 - ok
20:22:43.0437 1128        Boot (0x1200)  (97dfaff21fde68e0e5a59e8713f65020) \Device\Harddisk1\DR1\Partition1
20:22:43.0437 1128        \Device\Harddisk1\DR1\Partition1 - ok
20:22:43.0469 1128        Boot (0x1200)  (ca57bdf16f12130a960c7e7aa7f5110d) \Device\Harddisk1\DR1\Partition2
20:22:43.0469 1128        \Device\Harddisk1\DR1\Partition2 - ok
20:22:43.0469 1128        ============================================================
20:22:43.0469 1128        Scan finished
20:22:43.0469 1128        ============================================================
20:22:43.0469 5004        Detected object count: 0
20:22:43.0469 5004        Actual detected object count: 0

cosinus 11.01.2012 20:25
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

KennyRie 11.01.2012 20:55
ComboFix ist durch :) :
Code:
ComboFix 12-01-10.02 - *** 11.01.2012  20:36:27.1.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2046.1302 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\corecon\1.0\1031\NonSDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\1031\SDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\1033\NonSDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\1033\SDKAddonLangVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\NonSDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\addons\SDKAddonVer.dll
c:\programdata\Microsoft\corecon\1.0\SDKFilesVer.dll
c:\users\***\AppData\Local\assembly\tmp
c:\windows\system32\java.exe
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-11 bis 2012-01-11  ))))))))))))))))))))))))))))))
.
.
2012-01-11 19:43 . 2012-01-11 19:43        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-11 11:17 . 2012-01-11 11:17        --------        d-----w-        C:\_OTL
2012-01-05 23:20 . 2012-01-05 23:20        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-01-05 23:20 . 2012-01-05 23:20        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-05 23:20 . 2012-01-05 23:20        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-05 23:20 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-26 20:35 . 2011-12-26 20:35        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-26 20:35 . 2011-12-26 20:35        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-26 20:35 . 2011-12-26 20:35        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-26 20:35 . 2011-12-26 20:35        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-21 21:52 . 2011-12-21 21:52        --------        d-----w-        c:\program files (x86)\ESET
2011-12-21 01:22 . 2011-12-21 01:22        --------        d-----w-        c:\users\***\AppData\Roaming\Avira
2011-12-21 01:16 . 2011-12-09 11:40        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2011-12-21 01:16 . 2011-12-09 11:40        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-12-21 01:16 . 2011-12-09 11:40        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-12-21 01:16 . 2011-12-21 01:16        --------        d-----w-        c:\programdata\Avira
2011-12-21 01:16 . 2011-12-21 01:16        --------        d-----w-        c:\program files (x86)\Avira
2011-12-21 00:53 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-12-21 00:53 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-21 00:53 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 11:40 . 2011-12-01 09:25        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C75F413D-DC0E-481B-8DA6-6CE0026528C1}\mpengine.dll
2011-11-13 23:26 . 2011-11-13 23:26        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2011-11-13 23:17 . 2011-07-15 22:25        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files (x86)\TrueCrypt\TrueCrypt.exe" [2010-01-01 1415632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-1 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R1 ppaqaowa;ppaqaowa;c:\windows\system32\drivers\ppaqaowa.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-27 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SaiH0255;SaiH0255;c:\windows\system32\DRIVERS\SaiH0255.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-09 86224]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-03-04 428640]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2009-06-29 545792]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [x]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [x]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2009-06-29 1021440]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 194560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5jnoobgb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52929
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-11  20:49:09 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-11 19:49
.
Vor Suchlauf: 12 Verzeichnis(se), 41.513.521.152 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 40.905.515.008 Bytes frei
.
- - End Of File - - F216E9256599178A5DA4140C6064AA8E

cosinus 11.01.2012 21:00
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
c:\windows\system32\drivers\ppaqaowa.sys

Driver::
ppaqaowa
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

KennyRie 11.01.2012 21:23
Gemacht:
Code:
ComboFix 12-01-10.02 - *** 11.01.2012  21:06:43.2.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.2046.1311 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\ppaqaowa.sys"
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ppaqaowa
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-11 bis 2012-01-11  ))))))))))))))))))))))))))))))
.
.
2012-01-11 20:13 . 2012-01-11 20:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-01-11 11:17 . 2012-01-11 11:17        --------        d-----w-        C:\_OTL
2012-01-05 23:20 . 2012-01-05 23:20        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2012-01-05 23:20 . 2012-01-05 23:20        --------        d-----w-        c:\programdata\Malwarebytes
2012-01-05 23:20 . 2012-01-05 23:20        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-05 23:20 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-26 20:35 . 2011-12-26 20:35        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-26 20:35 . 2011-12-26 20:35        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-26 20:35 . 2011-12-26 20:35        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-26 20:35 . 2011-12-26 20:35        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-21 21:52 . 2011-12-21 21:52        --------        d-----w-        c:\program files (x86)\ESET
2011-12-21 01:22 . 2011-12-21 01:22        --------        d-----w-        c:\users\***\AppData\Roaming\Avira
2011-12-21 01:16 . 2011-12-09 11:40        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2011-12-21 01:16 . 2011-12-09 11:40        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-12-21 01:16 . 2011-12-09 11:40        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-12-21 01:16 . 2011-12-21 01:16        --------        d-----w-        c:\programdata\Avira
2011-12-21 01:16 . 2011-12-21 01:16        --------        d-----w-        c:\program files (x86)\Avira
2011-12-21 00:53 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys
2011-12-21 00:53 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-21 00:53 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 11:40 . 2011-12-01 09:25        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C75F413D-DC0E-481B-8DA6-6CE0026528C1}\mpengine.dll
2011-11-13 23:26 . 2011-11-13 23:26        525544        ----a-w-        c:\windows\system32\deployJava1.dll
2011-11-13 23:17 . 2011-07-15 22:25        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-01-11_19.44.42  )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-01 20:43 . 2012-01-11 19:54        42888              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-11 19:54        34512              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-01 19:35 . 2012-01-11 19:54        10340              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1542983635-4154027510-1059719550-1000_UserData.bin
- 2010-01-01 19:31 . 2012-01-11 19:17        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-01 19:31 . 2012-01-11 20:09        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-01 19:31 . 2012-01-11 19:17        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-01 19:31 . 2012-01-11 20:09        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-11 20:15 . 2012-01-11 20:15        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-11 19:44 . 2012-01-11 19:44        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-11 20:15 . 2012-01-11 20:15        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-01-11 19:43        487424              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-11 20:14        487424              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-01-02 00:34 . 2012-01-11 20:14        488192              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1542983635-4154027510-1059719550-1000-8192.dat
- 2010-01-02 00:34 . 2012-01-11 19:43        488192              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1542983635-4154027510-1059719550-1000-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueCrypt"="c:\program files (x86)\TrueCrypt\TrueCrypt.exe" [2010-01-01 1415632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 98304]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-18 47104]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-1 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-04-27 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [x]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [x]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;QuickCam Orbit/Sphere AF(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SaiH0255;SaiH0255;c:\windows\system32\DRIVERS\SaiH0255.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-09 86224]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-04 296808]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe  -run [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-03-04 428640]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2009-06-29 545792]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [x]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [x]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2009-06-29 1021440]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2009-06-03 194560]
"combofix"="c:\combofix\CF2114.3XE" [2010-11-20 345088]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page =
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: In Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\5jnoobgb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 52929
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-11  21:20:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-11 20:20
ComboFix2.txt  2012-01-11 19:49
.
Vor Suchlauf: 16 Verzeichnis(se), 41.033.195.520 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 40.398.217.216 Bytes frei
.
- - End Of File - - 534B932A2D9BF991939188FB712DB910


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:12 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22