Trojaner-Board - Virus blockt teils Internet verbindung

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Virus blockt teils Internet verbindung (https://www.trojaner-board.de/108148-virus-blockt-teils-internet-verbindung.html)

Virus blockt teils Internet verbindung

Hallo,

Ich habe ein problem , und zwar scheint sich auf meinem PC ein Virus zu befinden der teils den Kontakt zwischen einigen Programmen und dem Internet blockiert

so kann mein Avira sich keine Updates mehr runterladen (Fehler beim verbinden mit dem Proxyserver).

Immer wenn ich Firefox starte, kommt folgende Fehlermeldung:

Fehler: Proxy-Server verweigert die Verbindung

Firefox wurde konfiguriert, einen Proxy-Server zu nutzen, der die Verbindung zurückweist.

* Überprüfen Sie bitte, ob die Proxy-Einstellungen korrekt sind

* Kontaktieren Sie bitte Ihren Netzwerk-Administrator, um sicherzustellen, dass der Proxy-Server funktioniert

Stellt sich bei jedem Neustart automatisch wieder ein :glaskugel2:

OTL hab ich laufen lasen, hier die Logs

Code:

OTL logfile created on: 16.01.2012 09:01:20 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jana\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19170)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 47,15% Memory free

6,21 Gb Paging File | 4,77 Gb Available in Paging File | 76,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 372,60 Gb Total Space | 265,66 Gb Free Space | 71,30% Space Free | Partition Type: NTFS

Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Jana\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe (Gladinet, INC)

PRC - C:\Program Files\Gladinet\Gladinet Cloud Desktop\WOSVSSSvr.exe ()

PRC - C:\Program Files\Verbindungsassistent\wtgservice.exe ()

PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)

PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Programme\C&E\OSD\osd.exe (C&E)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Genesys PC Camera Device\GenePccMon.exe ()

PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\902ba03598b46f478f3d7561ece592e6\Microsoft.VisualBasic.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Windows\System32\msjetoledb40.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Program Files\Genesys PC Camera Device\GenePccMon.exe ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56ita.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56esp.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56brz.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56kor.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56ger.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56fra.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56dnk.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56jpn.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56cht.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56chs.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (GladFileMonSvc) -- C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe (Gladinet, INC)

SRV - (WTGService) -- C:\Program Files\Verbindungsassistent\wtgservice.exe ()

SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()

SRV - (OsdService) -- C:\Programme\C&E\OSD\OsdService\OsdService.exe ()

SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)

DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)

DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)

DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)

DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)

DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (CEBFilter) -- C:\Programme\C&E\OSD\OsdService\cebuffer.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (CEIO) -- C:\Programme\C&E\OSD\OsdService\ceio.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (cKBFilter) -- C:\Programme\C&E\OSD\OsdService\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation)

DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)

DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)

DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)

DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)

DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)

DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1

IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60525

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 60525

FF - prefs.js..network.proxy.no_proxies_on: ""

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.13 23:01:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.13 23:01:42 | 000,000,000 | ---D | M]

 

[2009.08.29 16:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana\AppData\Roaming\mozilla\Extensions

[2012.01.15 19:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\1ssh4blq.default\extensions

[2009.09.06 16:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\1ssh4blq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.01.03 12:11:12 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\1ssh4blq.default\extensions\personas@christopher.beard

[2012.01.10 15:40:28 | 000,000,955 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1ssh4blq.default\searchplugins\icqplugin.xml

[2012.01.15 22:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2010.11.30 23:28:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009.09.06 17:19:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.12.01 08:58:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011.07.25 14:13:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2009.08.30 23:27:29 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.08.16 21:09:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.08.16 21:09:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.08.16 21:09:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.08.16 21:09:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.08.16 21:09:55 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.01.08 19:52:55 | 000,439,947 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 15129 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Eraser] "C:\PROGRA~2\Eraser\Eraser.exe" --atRestart File not found

O4 - HKLM..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [OSD] C:\Programme\C&E\OSD\osd.exe (C&E)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06F9EAF8-0D78-4724-A948-2080EDC3BFB8}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A376A356-EDD6-47CC-92B6-E3729A19D424}: DhcpNameServer = 139.7.30.125 139.7.30.126

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F0CC34-9A49-42B4-94BD-61C67BE406F4}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2a4c9589-53a2-11e0-822d-00a0c6000000}\Shell - "" = AutoRun

O33 - MountPoints2\{2a4c9589-53a2-11e0-822d-00a0c6000000}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{452ed3ff-f62e-11e0-8be6-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{452ed3ff-f62e-11e0-8be6-001060d0787c}\Shell\AutoRun\command - "" = F:\Setup.exe

O33 - MountPoints2\{4c475e0c-f985-11df-99a1-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{4c475e0c-f985-11df-99a1-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{4c475e0e-f985-11df-99a1-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{4c475e0e-f985-11df-99a1-001060d0787c}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{647fdc93-fc12-11df-bfe3-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{647fdc93-fc12-11df-bfe3-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{a7e9c2c1-fd5e-11df-bdfd-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{a7e9c2c1-fd5e-11df-bdfd-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{a7e9c2d4-fd5e-11df-bdfd-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{a7e9c2d4-fd5e-11df-bdfd-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{fdd028a3-f8c4-11df-b0ed-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{fdd028a3-f8c4-11df-b0ed-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{fdd028b6-f8c4-11df-b0ed-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{fdd028b6-f8c4-11df-b0ed-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.15 21:09:14 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Malwarebytes

[2012.01.15 21:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.15 21:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.15 21:09:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.01.15 21:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.01.11 15:53:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll

[2012.01.11 15:53:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012.01.11 15:53:04 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012.01.11 15:52:44 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012.01.11 15:52:44 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012.01.08 20:14:45 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Avira

[2012.01.08 20:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.01.08 20:13:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.01.08 20:13:00 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.01.08 20:13:00 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.01.08 20:13:00 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.01.08 20:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.01.08 20:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.01.08 19:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012.01.08 19:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012.01.08 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012.01.08 12:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\LP

[2012.01.08 11:50:45 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\A846C

[2012.01.08 11:50:11 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\142A8

[2012.01.08 10:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2012.01.08 10:36:46 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\DVDVideoSoft

[2012.01.08 10:36:43 | 000,000,000 | ---D | C] -- C:\Users\Jana\Documents\DVDVideoSoft

[2012.01.08 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft

[2012.01.08 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

[2012.01.07 19:13:27 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\spike mov

[2011.12.25 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\buecherkiste

[2009.12.23 18:07:46 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll

[2009.12.23 18:07:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.16 08:19:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.15 22:53:33 | 000,027,240 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\nvModes.001

[2012.01.15 22:52:11 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.15 22:52:11 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.15 22:51:57 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.15 22:40:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.01.15 21:09:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.15 19:46:40 | 000,027,240 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\nvModes.dat

[2012.01.15 11:05:06 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{95C7E885-0D28-49D3-B93D-770A31A8E2C5}.job

[2012.01.12 03:03:48 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI

[2012.01.10 16:01:54 | 003,700,432 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.10 16:01:54 | 001,546,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.10 16:01:54 | 001,133,558 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.10 16:01:54 | 001,022,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.01.09 18:40:31 | 003,772,238 | ---- | M] () -- C:\Users\Jana\Desktop\AdeleRollingInTheDeepOfficialLyricsOnScreenHqhd_2558.mp3

[2012.01.09 03:11:22 | 000,094,208 | ---- | M] () -- C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.01.08 23:54:07 | 278,977,672 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.01.08 20:13:23 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.08 19:52:55 | 000,439,947 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012.01.08 12:19:05 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At1.job

[2011.12.26 18:30:52 | 000,021,929 | ---- | M] () -- C:\Users\Jana\.recently-used.xbel

 
 ========== Files Created - No Company Name ==========

 

[2012.01.15 21:09:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.12 03:03:48 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2012.01.09 18:40:02 | 003,772,238 | ---- | C] () -- C:\Users\Jana\Desktop\AdeleRollingInTheDeepOfficialLyricsOnScreenHqhd_2558.mp3

[2012.01.08 20:13:23 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.08 12:18:21 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At1.job

[2011.12.26 18:30:52 | 000,021,929 | ---- | C] () -- C:\Users\Jana\.recently-used.xbel

[2011.08.07 01:13:33 | 000,017,985 | ---- | C] () -- C:\Windows\War3Unin.dat

[2010.02.07 18:34:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010.02.07 18:34:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.02.07 18:33:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010.02.07 18:33:08 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009.12.23 18:07:53 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe

[2009.12.23 18:07:45 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini

[2009.10.15 19:17:10 | 000,130,520 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

[2009.09.06 16:52:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.08.30 23:32:30 | 000,094,208 | ---- | C] () -- C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.08.29 15:22:44 | 000,027,240 | ---- | C] () -- C:\Users\Jana\AppData\Roaming\nvModes.001

[2009.08.29 14:34:34 | 000,027,240 | ---- | C] () -- C:\Users\Jana\AppData\Roaming\nvModes.dat

[2009.08.25 08:09:00 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI

[2009.08.23 00:21:25 | 003,700,432 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.08.23 00:21:25 | 001,133,558 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.08.23 00:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.08.23 00:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.08.22 15:19:27 | 000,000,680 | ---- | C] () -- C:\Users\Jana\AppData\Local\d3d9caps.dat

[2009.08.22 14:28:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:43 | 000,258,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 11:33:01 | 001,546,160 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 001,022,216 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

 
 ========== LOP Check ==========

 

[2012.01.12 04:41:22 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\142A8

[2012.01.15 22:41:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\A846C

[2012.01.08 10:36:59 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\DVDVideoSoft

[2011.12.18 23:30:36 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\gtk-2.0

[2009.09.06 17:26:51 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\ICQ

[2010.12.01 09:10:42 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\OpenOffice.org

[2010.11.26 21:38:37 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\TrueCrypt

[2011.03.04 07:40:03 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent

[2011.03.21 16:14:01 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Vodafone

[2012.01.08 12:19:05 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At1.job

[2012.01.15 22:40:30 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.01.15 11:05:06 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{95C7E885-0D28-49D3-B93D-770A31A8E2C5}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012.01.12 04:41:22 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\142A8

[2012.01.15 22:41:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\A846C

[2011.02.20 22:08:05 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Adobe

[2011.09.13 23:05:12 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Apple Computer

[2012.01.08 20:14:45 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Avira

[2010.06.05 17:58:36 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\DivX

[2011.02.19 15:58:30 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\dvdcss

[2012.01.08 10:36:59 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\DVDVideoSoft

[2011.03.21 16:28:40 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\FLEXnet

[2011.12.18 23:30:36 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\gtk-2.0

[2009.09.06 17:26:51 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\ICQ

[2009.08.22 15:20:02 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Identities

[2009.08.25 07:24:29 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\InstallShield

[2009.08.29 16:17:39 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Macromedia

[2012.01.15 21:09:14 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Malwarebytes

[2012.01.08 20:11:41 | 000,000,000 | --SD | M] -- C:\Users\Jana\AppData\Roaming\Microsoft

[2011.05.19 19:24:23 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Mozilla

[2010.12.01 09:10:42 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\OpenOffice.org

[2012.01.13 04:21:14 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Skype

[2010.08.10 20:02:08 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\skypePM

[2011.01.19 14:18:24 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Sony Corporation

[2010.11.26 21:38:37 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\TrueCrypt

[2011.03.04 07:40:03 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent

[2009.08.30 23:59:29 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\vlc

[2011.03.21 16:14:01 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Vodafone

 
 < %APPDATA%\*.exe /s >

[2012.01.12 04:37:27 | 000,175,104 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\142A8\D0787.exe

[2011.09.02 09:59:37 | 003,088,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Jana\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2009.01.14 11:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe

[2009.03.03 12:44:48 | 000,030,160 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe

[2009.03.03 12:44:55 | 000,251,344 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe

[2009.03.03 12:45:08 | 000,693,712 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe

[2009.03.03 12:45:05 | 001,091,024 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe

[2009.03.03 12:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe

[2009.03.04 08:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe

[2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe

[2009.03.03 12:45:15 | 000,243,152 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:AGP440.sys

[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:AGP440.sys

[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp2.cab:AGP440.sys

[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\ServicePackFiles\i386\agp440.sys

[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\system32\drivers\agp440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\Windows.old\Windows\$NtServicePackUninstall$\agp440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2003.04.02 15:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp1.cab:atapi.sys

[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys

[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys

[2002.08.29 02:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp1.cab:atapi.sys

[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp2.cab:atapi.sys

[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2007.08.22 09:46:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys

[2007.08.22 09:46:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys

[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\ServicePackFiles\i386\atapi.sys

[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\dllcache\atapi.sys

[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys

[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\ReinstallBackups\0019\DriverFiles\i386\atapi.sys

[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\Windows.old\Windows\ServicePackFiles\i386\eventlog.dll

[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\Windows.old\Windows\system32\eventlog.dll

[2004.08.03 23:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\Windows.old\Windows\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: EXPLORER.EXE  >

[2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\Windows.old\Windows\$NtServicePackUninstall$\explorer.exe

[2009.08.31 03:12:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\Windows.old\Windows\explorer.exe

[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\Windows.old\Windows\ServicePackFiles\i386\explorer.exe

[2009.08.31 03:12:52 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2009.08.31 03:12:52 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2009.08.31 03:12:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: IASTORV.SYS  >

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\Windows.old\Windows\ServicePackFiles\i386\netlogon.dll

[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\Windows.old\Windows\system32\netlogon.dll

[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\Windows.old\Windows\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys

[2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\Windows.old\Windows\ServicePackFiles\i386\scecli.dll

[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\Windows.old\Windows\system32\scecli.dll

[2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\Windows.old\Windows\$NtServicePackUninstall$\scecli.dll

[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2004.08.03 23:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\Windows.old\Windows\$NtServicePackUninstall$\user32.dll

[2007.08.22 09:51:14 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2007.08.22 09:51:14 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\Windows.old\Windows\ServicePackFiles\i386\user32.dll

[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\Windows.old\Windows\system32\user32.dll

[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\Windows.old\Windows\ServicePackFiles\i386\userinit.exe

[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\Windows.old\Windows\system32\userinit.exe

[2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\Windows.old\Windows\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\Windows.old\Windows\$NtServicePackUninstall$\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\Windows.old\Windows\ServicePackFiles\i386\winlogon.exe

[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\Windows.old\Windows\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2003.04.02 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\dllcache\ws2ifsl.sys

[2003.04.02 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\drivers\ws2ifsl.sys

[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 64 bytes -> C:\Users\Jana\Desktop\aoe-narnia.avi:TOC.WMV
 

< End of report >

extras:

Code:

OTL Extras logfile created on: 16.01.2012 09:01:20 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jana\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19170)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 47,15% Memory free

6,21 Gb Paging File | 4,77 Gb Available in Paging File | 76,76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 372,60 Gb Total Space | 265,66 Gb Free Space | 71,30% Space Free | Partition Type: NTFS

Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2882031318-3679011231-4054081171-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{033E5971-C95F-4745-9F62-F9700C305618}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvrxp32.exe | 

"{0A5EDFA3-0DEF-4F6F-A35F-9471B0BFB1DD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{1A2BE969-3983-4110-BD6D-E35C872E57D7}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{330CBBD3-DC1C-4CE8-9805-686D76B05071}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr.exe | 

"{52BF47B1-513B-4FBC-806B-715C19E18F4F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{6875B1E5-7A14-4B7A-8CEA-4EB40C4F1A91}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvrxp32.exe | 

"{88F0C75D-3AD0-4FBF-8844-9EB996BEEDAE}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr2003.exe | 

"{A29D5125-2FE3-4BEA-84C7-3D96730E9EE0}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr2003.exe | 

"{AA33D1C7-4E24-4C0B-B45B-EF65511B84BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{D3D84649-94B2-4D95-AE11-0DC7AD17E361}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr.exe | 

"{DF36310D-057A-4068-89F9-A0C19AA04AD0}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 

"{E73E39EE-C0BF-4272-9ED2-D891AFF28734}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 

"TCP Query User{5C816E2D-A23C-47CA-A8FA-F8B353A96898}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{63F98864-5177-4A77-851D-87C9FB7ACD73}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 

"TCP Query User{E3B429EF-7589-4A4F-95AE-F16684D4F87B}C:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 

"UDP Query User{857F4369-C288-4925-9DDF-360D58FD73F6}C:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 

"UDP Query User{BC6CE77A-A693-4D1B-B5D5-B7C035B340B5}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 

"UDP Query User{FCDF13C6-8F0B-499D-BD70-79E1C5928CEF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1C1DF401-0A3E-49C8-85AD-EB3C9F82A275}" = 3531-W-I32-D SATARAID5

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26

"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273

"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime

"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2

"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FA457433-3A99-4A25-8E20-EBA2D89FAC4A}" = Gladinet Cloud Desktop

"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira Free Antivirus

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.4.1228

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"ICQToolbar" = ICQ Toolbar

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)

"NVIDIA Drivers" = NVIDIA Drivers

"SMSERIAL" = Motorola SM56 Data Fax Modem

"Sony MHS Camera Driver" = Sony MHS Camera Driver

"TrueCrypt" = TrueCrypt

"Verbindungsassistent" = Verbindungsassistent

"VLC media player" = VLC media player 0.9.8a

"Warcraft III" = Warcraft III

"WinGimp-2.0_is1" = GIMP 2.6.10

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 11.01.2012 23:41:56 | Computer Name = Jana-PC | Source = VSS | ID = 12289

Description = 

 

Error - 11.01.2012 23:42:13 | Computer Name = Jana-PC | Source = VSS | ID = 12289

Description = 

 

Error - 11.01.2012 23:42:13 | Computer Name = Jana-PC | Source = VSS | ID = 12289

Description = 

 

Error - 11.01.2012 23:42:25 | Computer Name = Jana-PC | Source = VSS | ID = 12289

Description = 

 

Error - 12.01.2012 23:19:12 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 12.01.2012 23:26:10 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 13.01.2012 10:19:49 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 15.01.2012 17:40:24 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = GetProcessOwner

 

Error - 15.01.2012 17:41:50 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 15.01.2012 17:52:23 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

[ System Events ]

Error - 15.01.2012 19:39:56 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5005

Description = \DEVICE\{06F9EAF8-0D78-4724-A948-2080EDC3BFB8} : Interner Fehler aufgetreten.

 

Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002

Description = \DEVICE\{06F9EAF8-0D78-4724-A948-2080EDC3BFB8} : Fehlfunktion des 

Netzwerkadapters wurde ermittelt.

 

Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002

Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des

 Netzwerkadapters wurde ermittelt.

 

Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002

Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des

 Netzwerkadapters wurde ermittelt.

 

Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002

Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des

 Netzwerkadapters wurde ermittelt.

 

Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002

Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des

 Netzwerkadapters wurde ermittelt.

 

Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002

Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des

 Netzwerkadapters wurde ermittelt.

 

Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002

Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des

 Netzwerkadapters wurde ermittelt.

 

Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002

Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des

 Netzwerkadapters wurde ermittelt.

 

Error - 16.01.2012 03:26:19 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5005

Description = \DEVICE\{06F9EAF8-0D78-4724-A948-2080EDC3BFB8} : Interner Fehler aufgetreten.

 

 

< End of report >

Bitte um Hilfe :heulen:

:hallo:

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld :)

Gruß,
PsYcHoTiC

:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scans durchführen zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1: TeaTimer deaktivieren

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind): Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 2: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

:OTL

IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1

IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60525

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 60525

FF - prefs.js..network.proxy.type: 4

[2012.01.08 11:50:45 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\A846C

[2012.01.08 11:50:11 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\142A8

[2012.01.12 04:37:27 | 000,175,104 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\142A8\D0787.exe

:files

C:\Windows\Tasks\AT*.job

:COMMANDS

[EMPTYTEMP]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3: Defogger

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Schritt 4: GMER

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Hallo Marius,

vielen vielen lieben Dank für deine Hilfe! :bussi:

Hab jetzt soweit alles gemacht:

OTL:

Code:

All processes killed

========== OTL ==========

HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Prefs.js: "127.0.0.1" removed from network.proxy.http

Prefs.js: 60525 removed from network.proxy.http_port

Prefs.js: 4 removed from network.proxy.type

C:\Users\Jana\AppData\Roaming\A846C folder moved successfully.

C:\Users\Jana\AppData\Roaming\142A8 folder moved successfully.

File C:\Users\Jana\AppData\Roaming\142A8\D0787.exe not found.

========== FILES ==========

C:\Windows\Tasks\At1.job moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Jana

->Temp folder emptied: 674734344 bytes

->Temporary Internet Files folder emptied: 94808255 bytes

->Java cache emptied: 9557119 bytes

->FireFox cache emptied: 107919871 bytes

->Flash cache emptied: 3142995 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 22059125 bytes

RecycleBin emptied: 1179222999 bytes

 

Total Files Cleaned = 1.995,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 01162012_230650
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Defogger:

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 23:39 on 16/01/2012 (Jana)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

GMER:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-01-17 00:22:36

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MJA2400BH_G2 rev.00000018

Running: 56wbhnkv.exe; Driver: C:\Users\Jana\AppData\Local\Temp\kxldypow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8B1B84DE                                                                                         ZwCreateSection

SSDT            8B1B84E8                                                                                         ZwRequestWaitReplyPort

SSDT            8B1B84E3                                                                                         ZwSetContextThread

SSDT            8B1B84ED                                                                                         ZwSetSecurityObject

SSDT            8B1B84F2                                                                                         ZwSystemDebugControl

SSDT            8B1B847F                                                                                         ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                    822B6998 4 Bytes  [DE, 84, 1B, 8B]

.text           ntkrnlpa.exe!KeSetEvent + 539                                                                    822B6CBC 4 Bytes  CALL 95B68845 

.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                    822B6CF0 4 Bytes  [E3, 84, 1B, 8B]

.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                    822B6D54 4 Bytes  [ED, 84, 1B, 8B]

.text           ntkrnlpa.exe!KeSetEvent + 619                                                                    822B6D9C 4 Bytes  [F2, 84, 1B, 8B]

.text           ...                                                                                              

.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                         section is writeable [0x8E601340, 0x3448B7, 0xE8000020]
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                           SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          kbfiltr.sys
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0787c                      

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0787c (not active ControlSet)  
 

---- EOF - GMER 1.0.15 ----

Guten Morgen - Kein Ding! :)

Schritt 1: MBAM

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2: Neues OTL-Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Macht der Rechner noch Probleme?

MBAM:

Code:

Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.17.01
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 8.0.6001.19170

Jana :: JANA-PC [Administrator]
 

Schutz: Aktiviert
 

17.01.2012 08:35:56

mbam-log-2012-01-17 (08-35-56).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 163646

Laufzeit: 4 Minute(n), 15 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

OTL:

Code:

OTL logfile created on: 17.01.2012 08:41:56 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jana\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19170)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,64% Memory free

6,21 Gb Paging File | 4,92 Gb Available in Paging File | 79,24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 372,60 Gb Total Space | 268,27 Gb Free Space | 72,00% Space Free | Partition Type: NTFS

Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Jana\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe (Gladinet, INC)

PRC - C:\Program Files\Gladinet\Gladinet Cloud Desktop\WOSVSSSvr.exe ()

PRC - C:\Program Files\Verbindungsassistent\wtgservice.exe ()

PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)

PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)

PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Programme\C&E\OSD\osd.exe (C&E)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

PRC - C:\Program Files\Genesys PC Camera Device\GenePccMon.exe ()

PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\902ba03598b46f478f3d7561ece592e6\Microsoft.VisualBasic.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()

MOD - C:\Windows\System32\msjetoledb40.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Program Files\Genesys PC Camera Device\GenePccMon.exe ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56ita.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56esp.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56brz.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56kor.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56ger.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56fra.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56dnk.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56jpn.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56cht.dll ()

MOD - C:\Programme\Motorola\SMSERIAL\sm56chs.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (GladFileMonSvc) -- C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe (Gladinet, INC)

SRV - (WTGService) -- C:\Program Files\Verbindungsassistent\wtgservice.exe ()

SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()

SRV - (OsdService) -- C:\Programme\C&E\OSD\OsdService\OsdService.exe ()

SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)

DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)

DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)

DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)

DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)

DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)

DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)

DRV - (CEBFilter) -- C:\Programme\C&E\OSD\OsdService\cebuffer.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (CEIO) -- C:\Programme\C&E\OSD\OsdService\ceio.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (cKBFilter) -- C:\Programme\C&E\OSD\OsdService\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation)

DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)

DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)

DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)

DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)

DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)

DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)

DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)

DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)

DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)

DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)

DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)

DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)

DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 60525

FF - prefs.js..network.proxy.no_proxies_on: ""

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.13 23:01:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.13 23:01:42 | 000,000,000 | ---D | M]

 

[2009.08.29 16:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana\AppData\Roaming\mozilla\Extensions

[2012.01.15 19:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\1ssh4blq.default\extensions

[2009.09.06 16:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\1ssh4blq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.01.03 12:11:12 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\1ssh4blq.default\extensions\personas@christopher.beard

[2012.01.10 15:40:28 | 000,000,955 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1ssh4blq.default\searchplugins\icqplugin.xml

[2012.01.15 22:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2010.11.30 23:28:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2009.09.06 17:19:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.12.01 08:58:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011.07.25 14:13:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2009.08.30 23:27:29 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2010.08.16 21:09:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.08.16 21:09:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.08.16 21:09:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.08.16 21:09:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.08.16 21:09:55 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.01.08 19:52:55 | 000,439,947 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.0scan.com

O1 - Hosts: 127.0.0.1        0scan.com

O1 - Hosts: 127.0.0.1        1000gratisproben.com

O1 - Hosts: 127.0.0.1        www.1000gratisproben.com

O1 - Hosts: 127.0.0.1        1001namen.com

O1 - Hosts: 127.0.0.1        www.1001namen.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        www.1-2005-search.com

O1 - Hosts: 15129 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Eraser] "C:\PROGRA~2\Eraser\Eraser.exe" --atRestart File not found

O4 - HKLM..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [OSD] C:\Programme\C&E\OSD\osd.exe (C&E)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)

O4 - Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06F9EAF8-0D78-4724-A948-2080EDC3BFB8}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A376A356-EDD6-47CC-92B6-E3729A19D424}: DhcpNameServer = 139.7.30.125 139.7.30.126

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F0CC34-9A49-42B4-94BD-61C67BE406F4}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Jana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Jana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{2a4c9589-53a2-11e0-822d-00a0c6000000}\Shell - "" = AutoRun

O33 - MountPoints2\{2a4c9589-53a2-11e0-822d-00a0c6000000}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{452ed3ff-f62e-11e0-8be6-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{452ed3ff-f62e-11e0-8be6-001060d0787c}\Shell\AutoRun\command - "" = F:\Setup.exe

O33 - MountPoints2\{4c475e0c-f985-11df-99a1-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{4c475e0c-f985-11df-99a1-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{4c475e0e-f985-11df-99a1-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{4c475e0e-f985-11df-99a1-001060d0787c}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{647fdc93-fc12-11df-bfe3-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{647fdc93-fc12-11df-bfe3-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{a7e9c2c1-fd5e-11df-bdfd-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{a7e9c2c1-fd5e-11df-bdfd-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{a7e9c2d4-fd5e-11df-bdfd-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{a7e9c2d4-fd5e-11df-bdfd-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{fdd028a3-f8c4-11df-b0ed-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{fdd028a3-f8c4-11df-b0ed-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{fdd028b6-f8c4-11df-b0ed-001060d0787c}\Shell - "" = AutoRun

O33 - MountPoints2\{fdd028b6-f8c4-11df-b0ed-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.16 23:06:50 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.01.16 08:31:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe

[2012.01.15 21:09:14 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Malwarebytes

[2012.01.15 21:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.15 21:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.15 21:09:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.01.15 21:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.01.11 15:53:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll

[2012.01.11 15:53:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2012.01.11 15:53:04 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll

[2012.01.11 15:52:44 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2012.01.11 15:52:44 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll

[2012.01.08 20:14:45 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Avira

[2012.01.08 20:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.01.08 20:13:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.01.08 20:13:00 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.01.08 20:13:00 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.01.08 20:13:00 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.01.08 20:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.01.08 20:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.01.08 19:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2012.01.08 19:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2012.01.08 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2012.01.08 12:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\LP

[2012.01.08 10:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2012.01.08 10:36:46 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\DVDVideoSoft

[2012.01.08 10:36:43 | 000,000,000 | ---D | C] -- C:\Users\Jana\Documents\DVDVideoSoft

[2012.01.08 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft

[2012.01.08 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

[2012.01.07 19:13:27 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\spike mov

[2011.12.25 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\buecherkiste

[2009.12.23 18:07:46 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll

[2009.12.23 18:07:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.17 08:32:32 | 000,027,240 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\nvModes.001

[2012.01.17 08:32:09 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.17 08:32:09 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.17 08:32:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.17 08:31:59 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.17 00:30:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.01.16 23:41:19 | 000,302,592 | ---- | M] () -- C:\Users\Jana\Desktop\56wbhnkv.exe

[2012.01.16 23:39:11 | 000,000,000 | ---- | M] () -- C:\Users\Jana\defogger_reenable

[2012.01.16 23:37:35 | 000,050,477 | ---- | M] () -- C:\Users\Jana\Desktop\Defogger.exe

[2012.01.16 22:54:11 | 000,027,240 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\nvModes.dat

[2012.01.16 12:56:37 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{95C7E885-0D28-49D3-B93D-770A31A8E2C5}.job

[2012.01.16 08:31:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe

[2012.01.15 21:09:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.12 03:03:48 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI

[2012.01.10 16:01:54 | 003,700,432 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.10 16:01:54 | 001,546,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.10 16:01:54 | 001,133,558 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.10 16:01:54 | 001,022,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.01.09 18:40:31 | 003,772,238 | ---- | M] () -- C:\Users\Jana\Desktop\AdeleRollingInTheDeepOfficialLyricsOnScreenHqhd_2558.mp3

[2012.01.09 03:11:22 | 000,094,208 | ---- | M] () -- C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.01.08 23:54:07 | 278,977,672 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012.01.08 20:13:23 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012.01.08 19:52:55 | 000,439,947 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.12.26 18:30:52 | 000,021,929 | ---- | M] () -- C:\Users\Jana\.recently-used.xbel

 
 ========== Files Created - No Company Name ==========

 

[2012.01.16 23:41:15 | 000,302,592 | ---- | C] () -- C:\Users\Jana\Desktop\56wbhnkv.exe

[2012.01.16 23:39:11 | 000,000,000 | ---- | C] () -- C:\Users\Jana\defogger_reenable

[2012.01.16 23:37:34 | 000,050,477 | ---- | C] () -- C:\Users\Jana\Desktop\Defogger.exe

[2012.01.15 21:09:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.12 03:03:48 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2012.01.09 18:40:02 | 003,772,238 | ---- | C] () -- C:\Users\Jana\Desktop\AdeleRollingInTheDeepOfficialLyricsOnScreenHqhd_2558.mp3

[2012.01.08 20:13:23 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2011.12.26 18:30:52 | 000,021,929 | ---- | C] () -- C:\Users\Jana\.recently-used.xbel

[2011.08.07 01:13:33 | 000,017,985 | ---- | C] () -- C:\Windows\War3Unin.dat

[2010.02.07 18:34:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010.02.07 18:34:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.02.07 18:33:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010.02.07 18:33:08 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009.12.23 18:07:53 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe

[2009.12.23 18:07:45 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini

[2009.10.15 19:17:10 | 000,130,520 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

[2009.09.06 16:52:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009.08.30 23:32:30 | 000,094,208 | ---- | C] () -- C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.08.29 15:22:44 | 000,027,240 | ---- | C] () -- C:\Users\Jana\AppData\Roaming\nvModes.001

[2009.08.29 14:34:34 | 000,027,240 | ---- | C] () -- C:\Users\Jana\AppData\Roaming\nvModes.dat

[2009.08.25 08:09:00 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI

[2009.08.23 00:21:25 | 003,700,432 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.08.23 00:21:25 | 001,133,558 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.08.23 00:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.08.23 00:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.08.22 15:19:27 | 000,000,680 | ---- | C] () -- C:\Users\Jana\AppData\Local\d3d9caps.dat

[2009.08.22 14:28:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll

[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:43 | 000,258,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 11:33:01 | 001,546,160 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 001,022,216 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 64 bytes -> C:\Users\Jana\Desktop\aoe-narnia.avi:TOC.WMV
 

< End of report >

Extra:

Code:

OTL Extras logfile created on: 17.01.2012 08:41:56 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jana\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19170)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,64% Memory free

6,21 Gb Paging File | 4,92 Gb Available in Paging File | 79,24% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 372,60 Gb Total Space | 268,27 Gb Free Space | 72,00% Space Free | Partition Type: NTFS

Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{033E5971-C95F-4745-9F62-F9700C305618}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvrxp32.exe | 

"{0A5EDFA3-0DEF-4F6F-A35F-9471B0BFB1DD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{1A2BE969-3983-4110-BD6D-E35C872E57D7}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{330CBBD3-DC1C-4CE8-9805-686D76B05071}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr.exe | 

"{52BF47B1-513B-4FBC-806B-715C19E18F4F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{6875B1E5-7A14-4B7A-8CEA-4EB40C4F1A91}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvrxp32.exe | 

"{88F0C75D-3AD0-4FBF-8844-9EB996BEEDAE}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr2003.exe | 

"{A29D5125-2FE3-4BEA-84C7-3D96730E9EE0}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr2003.exe | 

"{AA33D1C7-4E24-4C0B-B45B-EF65511B84BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{D3D84649-94B2-4D95-AE11-0DC7AD17E361}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr.exe | 

"{DF36310D-057A-4068-89F9-A0C19AA04AD0}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 

"{E73E39EE-C0BF-4272-9ED2-D891AFF28734}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 

"TCP Query User{5C816E2D-A23C-47CA-A8FA-F8B353A96898}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 

"TCP Query User{63F98864-5177-4A77-851D-87C9FB7ACD73}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 

"TCP Query User{E3B429EF-7589-4A4F-95AE-F16684D4F87B}C:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 

"UDP Query User{857F4369-C288-4925-9DDF-360D58FD73F6}C:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 

"UDP Query User{BC6CE77A-A693-4D1B-B5D5-B7C035B340B5}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 

"UDP Query User{FCDF13C6-8F0B-499D-BD70-79E1C5928CEF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1C1DF401-0A3E-49C8-85AD-EB3C9F82A275}" = 3531-W-I32-D SATARAID5

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26

"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273

"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba

"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime

"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2

"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FA457433-3A99-4A25-8E20-EBA2D89FAC4A}" = Gladinet Cloud Desktop

"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira Free Antivirus

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.4.1228

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"ICQToolbar" = ICQ Toolbar

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)

"NVIDIA Drivers" = NVIDIA Drivers

"SMSERIAL" = Motorola SM56 Data Fax Modem

"Sony MHS Camera Driver" = Sony MHS Camera Driver

"TrueCrypt" = TrueCrypt

"Verbindungsassistent" = Verbindungsassistent

"VLC media player" = VLC media player 0.9.8a

"Warcraft III" = Warcraft III

"WinGimp-2.0_is1" = GIMP 2.6.10

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 15.01.2012 17:41:50 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 15.01.2012 17:52:23 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 16.01.2012 07:56:45 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = GetProcessOwner

 

Error - 16.01.2012 17:53:42 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 16.01.2012 18:01:26 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = GetProcessOwner

 

Error - 16.01.2012 18:02:32 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 16.01.2012 18:08:57 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 16.01.2012 18:45:58 | Computer Name = Jana-PC | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung 56wbhnkv.exe, Version 1.0.15.15641, Zeitstempel

 0x4e21f2b1, fehlerhaftes Modul 56wbhnkv.exe, Version 1.0.15.15641, Zeitstempel 

0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676,  Prozess-ID 0xf40, Anwendungsstartzeit

 01ccd4a06bc82dfe.

 

Error - 16.01.2012 18:49:19 | Computer Name = Jana-PC | Source = Perflib | ID = 1010

Description = 

 

Error - 17.01.2012 03:32:14 | Computer Name = Jana-PC | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

[ System Events ]

Error - 16.01.2012 06:42:55 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002

Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des

 Netzwerkadapters wurde ermittelt.

 

Error - 16.01.2012 06:42:56 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5005

Description = \DEVICE\{06F9EAF8-0D78-4724-A948-2080EDC3BFB8} : Interner Fehler aufgetreten.

 

Error - 16.01.2012 17:53:43 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 16.01.2012 17:54:01 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7034

Description = 

 

Error - 16.01.2012 18:02:32 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 16.01.2012 18:02:42 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7034

Description = 

 

Error - 16.01.2012 18:08:55 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 16.01.2012 18:09:06 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7034

Description = 

 

Error - 17.01.2012 03:32:12 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 17.01.2012 03:32:24 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7034

Description = 

 

 

< End of report >

Der FF wechselt immernoch automatisch den Proxy, der IE funktioniert aucvh nicht hab ich festgestellt :(

LG

Schritt 1: Scan mit TDSS-Killer

Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Schritt 2: Scan mit aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Huhu :heilig:

TDSSKiller

Code:

08:22:12.0542 4100        TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24

08:22:12.0870 4100        ============================================================

08:22:12.0870 4100        Current date / time: 2012/01/18 08:22:12.0870

08:22:12.0870 4100        SystemInfo:

08:22:12.0870 4100        

08:22:12.0870 4100        OS Version: 6.0.6002 ServicePack: 2.0

08:22:12.0870 4100        Product type: Workstation

08:22:12.0870 4100        ComputerName: JANA-PC

08:22:12.0870 4100        UserName: Jana

08:22:12.0870 4100        Windows directory: C:\Windows

08:22:12.0870 4100        System windows directory: C:\Windows

08:22:12.0870 4100        Processor architecture: Intel x86

08:22:12.0870 4100        Number of processors: 2

08:22:12.0870 4100        Page size: 0x1000

08:22:12.0870 4100        Boot type: Normal boot

08:22:12.0870 4100        ============================================================

08:22:14.0024 4100        Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

08:22:14.0055 4100        Initialize success

08:22:22.0791 5928        ============================================================

08:22:22.0791 5928        Scan started

08:22:22.0791 5928        Mode: Manual; 

08:22:22.0791 5928        ============================================================

08:22:24.0398 5928        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

08:22:24.0398 5928        ACPI - ok

08:22:24.0616 5928        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

08:22:24.0616 5928        adp94xx - ok

08:22:24.0757 5928        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

08:22:24.0757 5928        adpahci - ok

08:22:25.0069 5928        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

08:22:25.0069 5928        adpu160m - ok

08:22:25.0474 5928        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

08:22:25.0474 5928        adpu320 - ok

08:22:25.0677 5928        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

08:22:25.0677 5928        AFD - ok

08:22:25.0771 5928        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

08:22:25.0771 5928        agp440 - ok

08:22:25.0786 5928        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

08:22:25.0802 5928        aic78xx - ok

08:22:25.0911 5928        aliide          (496eda16a127ac9a38bb285bef17dbb5) C:\Windows\system32\drivers\aliide.sys

08:22:25.0911 5928        aliide - ok

08:22:25.0974 5928        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

08:22:25.0974 5928        amdagp - ok

08:22:26.0083 5928        amdide          (6f65f4147c54398d7280b18cebbed215) C:\Windows\system32\drivers\amdide.sys

08:22:26.0083 5928        amdide - ok

08:22:26.0130 5928        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

08:22:26.0130 5928        AmdK7 - ok

08:22:26.0395 5928        AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

08:22:26.0395 5928        AmdK8 - ok

08:22:27.0097 5928        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

08:22:27.0097 5928        arc - ok

08:22:27.0268 5928        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

08:22:27.0268 5928        arcsas - ok

08:22:27.0674 5928        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

08:22:27.0674 5928        AsyncMac - ok

08:22:28.0048 5928        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

08:22:28.0048 5928        atapi - ok

08:22:28.0236 5928        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

08:22:28.0251 5928        avgntflt - ok

08:22:28.0360 5928        avipbb          (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys

08:22:28.0376 5928        avipbb - ok

08:22:28.0407 5928        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

08:22:28.0407 5928        avkmgr - ok

08:22:28.0657 5928        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

08:22:28.0657 5928        Beep - ok

08:22:28.0844 5928        blbdrive - ok

08:22:29.0000 5928        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

08:22:29.0000 5928        bowser - ok

08:22:29.0109 5928        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

08:22:29.0109 5928        BrFiltLo - ok

08:22:29.0140 5928        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

08:22:29.0140 5928        BrFiltUp - ok

08:22:29.0265 5928        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

08:22:29.0265 5928        Brserid - ok

08:22:29.0515 5928        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

08:22:29.0515 5928        BrSerWdm - ok

08:22:29.0718 5928        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

08:22:29.0718 5928        BrUsbMdm - ok

08:22:29.0936 5928        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

08:22:29.0936 5928        BrUsbSer - ok

08:22:30.0076 5928        BthEnum         (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys

08:22:30.0076 5928        BthEnum - ok

08:22:30.0170 5928        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

08:22:30.0170 5928        BTHMODEM - ok

08:22:30.0248 5928        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys

08:22:30.0248 5928        BthPan - ok

08:22:30.0451 5928        BTHPORT         (4a74bbb2b6761789f42a6613479bdb1d) C:\Windows\system32\Drivers\BTHport.sys

08:22:30.0451 5928        BTHPORT - ok

08:22:30.0747 5928        BTHUSB          (1a407f9b707a06f55aa150f9aa072b09) C:\Windows\system32\Drivers\BTHUSB.sys

08:22:30.0747 5928        BTHUSB - ok

08:22:31.0153 5928        camfilt2        (088c0978203d59425a12b2a53fccd02b) C:\Windows\system32\DRIVERS\camfilt2.sys

08:22:31.0153 5928        camfilt2 - ok

08:22:31.0278 5928        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

08:22:31.0278 5928        cdfs - ok

08:22:31.0402 5928        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

08:22:31.0418 5928        cdrom - ok

08:22:31.0512 5928        CEBFilter       (039f27ea2344c541cb6a0ef288bc8996) C:\Program Files\C&E\OSD\OsdService\cebuffer.sys

08:22:31.0512 5928        CEBFilter - ok

08:22:31.0527 5928        CEIO            (147019abeb922507f2fa107032c480ce) C:\Program Files\C&E\OSD\OsdService\ceio.sys

08:22:31.0527 5928        CEIO - ok

08:22:31.0746 5928        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

08:22:31.0746 5928        circlass - ok

08:22:31.0902 5928        cKBFilter       (cb11e608025aa6e601ff0c097e6009bd) C:\Program Files\C&E\OSD\OsdService\kbfiltr.sys

08:22:31.0902 5928        cKBFilter - ok

08:22:32.0214 5928        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

08:22:32.0214 5928        CLFS - ok

08:22:32.0338 5928        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

08:22:32.0338 5928        CmBatt - ok

08:22:32.0385 5928        cmdide          (59172a0724f2ab769f31d61b0571d75b) C:\Windows\system32\drivers\cmdide.sys

08:22:32.0385 5928        cmdide - ok

08:22:32.0479 5928        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

08:22:32.0494 5928        Compbatt - ok

08:22:32.0541 5928        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

08:22:32.0541 5928        crcdisk - ok

08:22:32.0650 5928        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

08:22:32.0650 5928        Crusoe - ok

08:22:32.0838 5928        CSC             (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

08:22:32.0838 5928        CSC - ok

08:22:33.0040 5928        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

08:22:33.0040 5928        DfsC - ok

08:22:33.0181 5928        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

08:22:33.0181 5928        disk - ok

08:22:33.0290 5928        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

08:22:33.0290 5928        drmkaud - ok

08:22:33.0399 5928        DXGKrnl         (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys

08:22:33.0399 5928        DXGKrnl - ok

08:22:33.0508 5928        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

08:22:33.0508 5928        E1G60 - ok

08:22:33.0649 5928        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

08:22:33.0649 5928        Ecache - ok

08:22:33.0758 5928        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

08:22:33.0774 5928        elxstor - ok

08:22:33.0867 5928        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

08:22:33.0867 5928        exfat - ok

08:22:34.0086 5928        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

08:22:34.0101 5928        fastfat - ok

08:22:34.0195 5928        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

08:22:34.0195 5928        fdc - ok

08:22:34.0335 5928        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

08:22:34.0335 5928        FileInfo - ok

08:22:34.0538 5928        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

08:22:34.0538 5928        Filetrace - ok

08:22:34.0632 5928        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

08:22:34.0632 5928        flpydisk - ok

08:22:34.0866 5928        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

08:22:34.0866 5928        FltMgr - ok

08:22:34.0975 5928        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

08:22:34.0975 5928        Fs_Rec - ok

08:22:35.0146 5928        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

08:22:35.0146 5928        gagp30kx - ok

08:22:35.0318 5928        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:22:35.0318 5928        GEARAspiWDM - ok

08:22:35.0458 5928        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

08:22:35.0474 5928        HdAudAddService - ok

08:22:35.0630 5928        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

08:22:35.0646 5928        HDAudBus - ok

08:22:35.0724 5928        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

08:22:35.0724 5928        HidBth - ok

08:22:35.0848 5928        HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

08:22:35.0848 5928        HidIr - ok

08:22:35.0958 5928        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

08:22:35.0958 5928        HidUsb - ok

08:22:36.0129 5928        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

08:22:36.0129 5928        HpCISSs - ok

08:22:36.0550 5928        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

08:22:36.0550 5928        HTTP - ok

08:22:36.0894 5928        hwdatacard      (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys

08:22:36.0894 5928        hwdatacard - ok

08:22:37.0065 5928        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

08:22:37.0081 5928        i2omp - ok

08:22:37.0206 5928        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

08:22:37.0206 5928        i8042prt - ok

08:22:37.0346 5928        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

08:22:37.0346 5928        iaStorV - ok

08:22:37.0440 5928        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

08:22:37.0440 5928        iirsp - ok

08:22:37.0549 5928        IntcAzAudAddService (5d854cbac8b7b4b964406f9808c95fae) C:\Windows\system32\drivers\RTKVHDA.sys

08:22:37.0564 5928        IntcAzAudAddService - ok

08:22:37.0674 5928        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

08:22:37.0674 5928        intelide - ok

08:22:37.0689 5928        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

08:22:37.0689 5928        intelppm - ok

08:22:37.0814 5928        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:22:37.0814 5928        IpFilterDriver - ok

08:22:37.0830 5928        IpInIp - ok

08:22:37.0923 5928        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

08:22:37.0923 5928        IPMIDRV - ok

08:22:37.0986 5928        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

08:22:37.0986 5928        IPNAT - ok

08:22:38.0110 5928        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

08:22:38.0110 5928        IRENUM - ok

08:22:38.0173 5928        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

08:22:38.0173 5928        isapnp - ok

08:22:38.0251 5928        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

08:22:38.0251 5928        iScsiPrt - ok

08:22:38.0313 5928        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

08:22:38.0313 5928        iteatapi - ok

08:22:38.0391 5928        itecir          (e4b04a0d8b237ecf026d849439f1bcce) C:\Windows\system32\DRIVERS\itecir.sys

08:22:38.0391 5928        itecir - ok

08:22:38.0454 5928        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

08:22:38.0454 5928        iteraid - ok

08:22:38.0500 5928        JRAID           (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys

08:22:38.0500 5928        JRAID - ok

08:22:38.0594 5928        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

08:22:38.0594 5928        kbdclass - ok

08:22:38.0672 5928        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

08:22:38.0672 5928        kbdhid - ok

08:22:38.0766 5928        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

08:22:38.0766 5928        KSecDD - ok

08:22:38.0859 5928        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

08:22:38.0859 5928        lltdio - ok

08:22:38.0937 5928        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

08:22:38.0937 5928        LSI_FC - ok

08:22:38.0984 5928        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

08:22:38.0984 5928        LSI_SAS - ok

08:22:39.0062 5928        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

08:22:39.0062 5928        LSI_SCSI - ok

08:22:39.0140 5928        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

08:22:39.0140 5928        luafv - ok

08:22:39.0249 5928        massfilter      (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\DRIVERS\massfilter.sys

08:22:39.0249 5928        massfilter - ok

08:22:39.0312 5928        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

08:22:39.0312 5928        MBAMProtector - ok

08:22:39.0390 5928        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

08:22:39.0390 5928        megasas - ok

08:22:39.0468 5928        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

08:22:39.0468 5928        Modem - ok

08:22:39.0561 5928        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

08:22:39.0561 5928        monitor - ok

08:22:39.0639 5928        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

08:22:39.0639 5928        mouclass - ok

08:22:39.0702 5928        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

08:22:39.0702 5928        mouhid - ok

08:22:39.0780 5928        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

08:22:39.0780 5928        MountMgr - ok

08:22:39.0858 5928        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

08:22:39.0858 5928        mpio - ok

08:22:39.0936 5928        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

08:22:39.0936 5928        mpsdrv - ok

08:22:40.0014 5928        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

08:22:40.0014 5928        Mraid35x - ok

08:22:40.0092 5928        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

08:22:40.0092 5928        MRxDAV - ok

08:22:40.0185 5928        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:22:40.0185 5928        mrxsmb - ok

08:22:40.0279 5928        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:22:40.0279 5928        mrxsmb10 - ok

08:22:40.0372 5928        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:22:40.0372 5928        mrxsmb20 - ok

08:22:40.0419 5928        msahci          (86068b8b54a5eb092f51657f00b2222a) C:\Windows\system32\drivers\msahci.sys

08:22:40.0419 5928        msahci - ok

08:22:40.0513 5928        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

08:22:40.0513 5928        msdsm - ok

08:22:40.0575 5928        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

08:22:40.0575 5928        Msfs - ok

08:22:40.0700 5928        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

08:22:40.0700 5928        msisadrv - ok

08:22:40.0778 5928        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

08:22:40.0778 5928        MSKSSRV - ok

08:22:40.0872 5928        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

08:22:40.0872 5928        MSPCLOCK - ok

08:22:40.0903 5928        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

08:22:40.0903 5928        MSPQM - ok

08:22:40.0996 5928        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

08:22:40.0996 5928        MsRPC - ok

08:22:41.0059 5928        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

08:22:41.0059 5928        mssmbios - ok

08:22:41.0152 5928        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

08:22:41.0152 5928        MSTEE - ok

08:22:41.0230 5928        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

08:22:41.0230 5928        Mup - ok

08:22:41.0340 5928        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

08:22:41.0340 5928        NativeWifiP - ok

08:22:41.0433 5928        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

08:22:41.0433 5928        NDIS - ok

08:22:41.0542 5928        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

08:22:41.0542 5928        NdisTapi - ok

08:22:41.0620 5928        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

08:22:41.0620 5928        Ndisuio - ok

08:22:41.0714 5928        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

08:22:41.0714 5928        NdisWan - ok

08:22:42.0010 5928        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

08:22:42.0010 5928        NDProxy - ok

08:22:42.0120 5928        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

08:22:42.0120 5928        NetBIOS - ok

08:22:42.0182 5928        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

08:22:42.0182 5928        netbt - ok

08:22:42.0322 5928        NETw3v32        (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys

08:22:42.0322 5928        NETw3v32 - ok

08:22:42.0447 5928        NETw4v32        (1d73499a6664b4da05d750ff83fdb274) C:\Windows\system32\DRIVERS\NETw4v32.sys

08:22:42.0463 5928        NETw4v32 - ok

08:22:42.0510 5928        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

08:22:42.0510 5928        nfrd960 - ok

08:22:42.0603 5928        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

08:22:42.0603 5928        Npfs - ok

08:22:42.0697 5928        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

08:22:42.0697 5928        nsiproxy - ok

08:22:42.0806 5928        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

08:22:42.0822 5928        Ntfs - ok

08:22:42.0853 5928        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

08:22:42.0853 5928        ntrigdigi - ok

08:22:43.0040 5928        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

08:22:43.0040 5928        Null - ok

08:22:43.0258 5928        nvlddmkm        (e3e9e8cce32ff51c3928f71a0d4dad81) C:\Windows\system32\DRIVERS\nvlddmkm.sys

08:22:43.0305 5928        nvlddmkm - ok

08:22:43.0555 5928        nvraid          (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys

08:22:43.0555 5928        nvraid - ok

08:22:43.0570 5928        nvstor          (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys

08:22:43.0570 5928        nvstor - ok

08:22:43.0648 5928        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

08:22:43.0648 5928        nv_agp - ok

08:22:43.0680 5928        NwlnkFlt - ok

08:22:43.0711 5928        NwlnkFwd - ok

08:22:43.0820 5928        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

08:22:43.0820 5928        ohci1394 - ok

08:22:43.0882 5928        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

08:22:43.0882 5928        Parport - ok

08:22:43.0960 5928        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

08:22:43.0960 5928        partmgr - ok

08:22:44.0007 5928        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

08:22:44.0007 5928        Parvdm - ok

08:22:44.0085 5928        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

08:22:44.0085 5928        pci - ok

08:22:44.0163 5928        pciide          (304048c2565a803d091cca1ac945f593) C:\Windows\system32\drivers\pciide.sys

08:22:44.0163 5928        pciide - ok

08:22:44.0194 5928        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

08:22:44.0194 5928        pcmcia - ok

08:22:44.0304 5928        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

08:22:44.0304 5928        PEAUTH - ok

08:22:44.0397 5928        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

08:22:44.0413 5928        PptpMiniport - ok

08:22:44.0491 5928        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

08:22:44.0491 5928        Processor - ok

08:22:44.0569 5928        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

08:22:44.0569 5928        PSched - ok

08:22:44.0662 5928        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

08:22:44.0678 5928        ql2300 - ok

08:22:44.0694 5928        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

08:22:44.0694 5928        ql40xx - ok

08:22:44.0803 5928        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

08:22:44.0803 5928        QWAVEdrv - ok

08:22:44.0865 5928        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

08:22:44.0865 5928        RasAcd - ok

08:22:44.0974 5928        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:22:44.0990 5928        Rasl2tp - ok

08:22:45.0052 5928        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

08:22:45.0068 5928        RasPppoe - ok

08:22:45.0146 5928        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

08:22:45.0146 5928        RasSstp - ok

08:22:45.0224 5928        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

08:22:45.0224 5928        rdbss - ok

08:22:45.0333 5928        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:22:45.0333 5928        RDPCDD - ok

08:22:45.0411 5928        rdpdr           (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

08:22:45.0411 5928        rdpdr - ok

08:22:45.0505 5928        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

08:22:45.0505 5928        RDPENCDD - ok

08:22:45.0598 5928        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

08:22:45.0598 5928        RDPWD - ok

08:22:45.0708 5928        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys

08:22:45.0708 5928        RFCOMM - ok

08:22:45.0801 5928        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

08:22:45.0801 5928        rspndr - ok

08:22:45.0879 5928        RTL8169         (b8b159fa669c6386a458fcd468ebb1e6) C:\Windows\system32\DRIVERS\Rtlh86.sys

08:22:45.0879 5928        RTL8169 - ok

08:22:45.0942 5928        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

08:22:45.0942 5928        sbp2port - ok

08:22:46.0051 5928        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

08:22:46.0051 5928        secdrv - ok

08:22:46.0098 5928        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

08:22:46.0098 5928        Serenum - ok

08:22:46.0160 5928        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

08:22:46.0160 5928        Serial - ok

08:22:46.0238 5928        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

08:22:46.0238 5928        sermouse - ok

08:22:46.0316 5928        sffdisk         (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

08:22:46.0316 5928        sffdisk - ok

08:22:46.0363 5928        sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

08:22:46.0363 5928        sffp_mmc - ok

08:22:46.0441 5928        sffp_sd         (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

08:22:46.0441 5928        sffp_sd - ok

08:22:46.0488 5928        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

08:22:46.0488 5928        sfloppy - ok

08:22:46.0581 5928        Si3531          (8613e8fe6c190f377240a3989fad5d5e) C:\Windows\system32\DRIVERS\Si3531.sys

08:22:46.0581 5928        Si3531 - ok

08:22:46.0612 5928        SiFilter        (72cf151fb410e544904dbc7d7f29b796) C:\Windows\system32\DRIVERS\SiWinAcc.sys

08:22:46.0628 5928        SiFilter - ok

08:22:46.0659 5928        SiRemFil        (41a59f484188be629087ba391ff60d74) C:\Windows\system32\DRIVERS\SiRemFil.sys

08:22:46.0659 5928        SiRemFil - ok

08:22:46.0753 5928        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

08:22:46.0753 5928        sisagp - ok

08:22:46.0831 5928        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

08:22:46.0831 5928        SiSRaid2 - ok

08:22:46.0893 5928        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

08:22:46.0893 5928        SiSRaid4 - ok

08:22:46.0971 5928        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

08:22:46.0971 5928        Smb - ok

08:22:47.0049 5928        smserial        (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys

08:22:47.0065 5928        smserial - ok

08:22:47.0314 5928        SNPSTD3         (9cd6ffc9f5b999eb5df69b9177d9848f) C:\Windows\system32\DRIVERS\snpstd3.sys

08:22:47.0377 5928        SNPSTD3 - ok

08:22:47.0673 5928        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

08:22:47.0673 5928        spldr - ok

08:22:47.0736 5928        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

08:22:47.0736 5928        srv - ok

08:22:47.0845 5928        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

08:22:47.0860 5928        srv2 - ok

08:22:47.0923 5928        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

08:22:47.0923 5928        srvnet - ok

08:22:48.0016 5928        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

08:22:48.0016 5928        ssmdrv - ok

08:22:48.0094 5928        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

08:22:48.0094 5928        swenum - ok

08:22:48.0172 5928        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

08:22:48.0172 5928        Symc8xx - ok

08:22:48.0204 5928        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

08:22:48.0204 5928        Sym_hi - ok

08:22:48.0297 5928        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

08:22:48.0297 5928        Sym_u3 - ok

08:22:48.0360 5928        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

08:22:48.0360 5928        Tcpip - ok

08:22:48.0453 5928        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

08:22:48.0453 5928        Tcpip6 - ok

08:22:48.0531 5928        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

08:22:48.0531 5928        tcpipreg - ok

08:22:48.0625 5928        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

08:22:48.0625 5928        TDPIPE - ok

08:22:48.0672 5928        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

08:22:48.0672 5928        TDTCP - ok

08:22:48.0734 5928        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

08:22:48.0734 5928        tdx - ok

08:22:48.0828 5928        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

08:22:48.0828 5928        TermDD - ok

08:22:48.0890 5928        tosporte        (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys

08:22:48.0890 5928        tosporte - ok

08:22:48.0952 5928        tosrfbd         (266df087a8c24da34ff40cf3df86ccfb) C:\Windows\system32\DRIVERS\tosrfbd.sys

08:22:48.0952 5928        tosrfbd - ok

08:22:49.0030 5928        tosrfbnp        (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys

08:22:49.0030 5928        tosrfbnp - ok

08:22:49.0093 5928        Tosrfcom        (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\Windows\system32\Drivers\tosrfcom.sys

08:22:49.0093 5928        Tosrfcom - ok

08:22:49.0155 5928        Tosrfhid        (7c807ba9660e2995cc0217a14a24094c) C:\Windows\system32\DRIVERS\Tosrfhid.sys

08:22:49.0155 5928        Tosrfhid - ok

08:22:49.0202 5928        tosrfnds        (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys

08:22:49.0202 5928        tosrfnds - ok

08:22:49.0264 5928        Tosrfusb        (cdda265c7617a2745b48e0de572012a6) C:\Windows\system32\DRIVERS\tosrfusb.sys

08:22:49.0264 5928        Tosrfusb - ok

08:22:49.0358 5928        truecrypt       (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys

08:22:49.0358 5928        truecrypt - ok

08:22:49.0436 5928        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:22:49.0436 5928        tssecsrv - ok

08:22:49.0530 5928        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

08:22:49.0530 5928        tunmp - ok

08:22:49.0608 5928        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

08:22:49.0608 5928        tunnel - ok

08:22:49.0686 5928        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

08:22:49.0686 5928        uagp35 - ok

08:22:49.0764 5928        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

08:22:49.0764 5928        udfs - ok

08:22:49.0842 5928        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

08:22:49.0857 5928        uliagpkx - ok

08:22:49.0904 5928        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

08:22:49.0904 5928        uliahci - ok

08:22:49.0966 5928        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

08:22:49.0966 5928        UlSata - ok

08:22:50.0013 5928        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

08:22:50.0013 5928        ulsata2 - ok

08:22:50.0091 5928        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

08:22:50.0091 5928        umbus - ok

08:22:50.0169 5928        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

08:22:50.0169 5928        USBAAPL - ok

08:22:50.0278 5928        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

08:22:50.0278 5928        usbaudio - ok

08:22:50.0372 5928        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

08:22:50.0372 5928        usbccgp - ok

08:22:50.0419 5928        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

08:22:50.0419 5928        usbcir - ok

08:22:50.0528 5928        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

08:22:50.0528 5928        usbehci - ok

08:22:50.0575 5928        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

08:22:50.0575 5928        usbhub - ok

08:22:50.0637 5928        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

08:22:50.0637 5928        usbohci - ok

08:22:50.0684 5928        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

08:22:50.0684 5928        usbprint - ok

08:22:50.0793 5928        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:22:50.0793 5928        USBSTOR - ok

08:22:50.0871 5928        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

08:22:50.0871 5928        usbuhci - ok

08:22:50.0965 5928        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

08:22:50.0996 5928        vga - ok

08:22:51.0105 5928        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

08:22:51.0105 5928        VgaSave - ok

08:22:51.0152 5928        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

08:22:51.0152 5928        viaagp - ok

08:22:51.0214 5928        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

08:22:51.0214 5928        ViaC7 - ok

08:22:51.0246 5928        viaide          (7aa7ec9a08dc2c39649c413b1a26e298) C:\Windows\system32\drivers\viaide.sys

08:22:51.0246 5928        viaide - ok

08:22:51.0370 5928        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

08:22:51.0370 5928        volmgr - ok

08:22:51.0448 5928        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

08:22:51.0448 5928        volmgrx - ok

08:22:51.0558 5928        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

08:22:51.0558 5928        volsnap - ok

08:22:51.0604 5928        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

08:22:51.0604 5928        vsmraid - ok

08:22:51.0667 5928        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

08:22:51.0682 5928        WacomPen - ok

08:22:51.0745 5928        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:22:51.0745 5928        Wanarp - ok

08:22:51.0760 5928        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

08:22:51.0760 5928        Wanarpv6 - ok

08:22:51.0854 5928        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

08:22:51.0854 5928        Wd - ok

08:22:51.0932 5928        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

08:22:51.0932 5928        Wdf01000 - ok

08:22:52.0072 5928        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

08:22:52.0072 5928        WmiAcpi - ok

08:22:52.0166 5928        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys

08:22:52.0166 5928        WpdUsb - ok

08:22:52.0275 5928        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

08:22:52.0275 5928        ws2ifsl - ok

08:22:52.0400 5928        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:22:52.0400 5928        WUDFRd - ok

08:22:52.0462 5928        ZTEusbmdm6k     (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys

08:22:52.0462 5928        ZTEusbmdm6k - ok

08:22:52.0525 5928        ZTEusbnet       (b7836ca4a95e12135e7e49fec9c29f2a) C:\Windows\system32\DRIVERS\ZTEusbnet.sys

08:22:52.0525 5928        ZTEusbnet - ok

08:22:52.0618 5928        ZTEusbnmea      (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys

08:22:52.0618 5928        ZTEusbnmea - ok

08:22:52.0712 5928        ZTEusbser6k     (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys

08:22:52.0712 5928        ZTEusbser6k - ok

08:22:52.0774 5928        ZTEusbvoice     (86187fb5d81781501558f8742dee4197) C:\Windows\system32\DRIVERS\ZTEusbvoice.sys

08:22:52.0774 5928        ZTEusbvoice - ok

08:22:52.0821 5928        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

08:22:52.0837 5928        \Device\Harddisk0\DR0 - ok

08:22:52.0837 5928        Boot (0x1200)   (b53666e8e36940e93041d42d1b116347) \Device\Harddisk0\DR0\Partition0

08:22:52.0837 5928        \Device\Harddisk0\DR0\Partition0 - ok

08:22:52.0852 5928        ============================================================

08:22:52.0852 5928        Scan finished

08:22:52.0852 5928        ============================================================

08:22:52.0852 5020        Detected object count: 0

08:22:52.0852 5020        Actual detected object count: 0

aswMBR:

Code:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-18 08:44:53

-----------------------------

08:44:53.146    OS Version: Windows 6.0.6002 Service Pack 2

08:44:53.146    Number of processors: 2 586 0x170A

08:44:53.146    ComputerName: JANA-PC  UserName: Jana

08:44:54.316    Initialize success

08:44:59.324    AVAST engine defs: 12011701

08:45:04.566    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

08:45:04.566    Disk 0 Vendor: FUJITSU_MJA2400BH_G2 00000018 Size: 381554MB BusType: 3

08:45:04.581    Disk 0 MBR read successfully

08:45:04.581    Disk 0 MBR scan

08:45:04.597    Disk 0 Windows VISTA default MBR code

08:45:04.612    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       381543 MB offset 63

08:45:04.612    Disk 0 scanning sectors +781401600

08:45:04.706    Disk 0 scanning C:\Windows\system32\drivers

08:45:24.300    Service scanning

08:45:25.548    Modules scanning

08:45:37.154    Disk 0 trace - called modules:

08:45:37.201    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys 

08:45:37.201    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8652aac8]

08:45:37.216    3 CLASSPNP.SYS[8a7a08b3] -> nt!IofCallDriver -> [0x85929858]

08:45:37.216    5 acpi.sys[806926bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85904930]

08:45:38.184    AVAST engine scan C:\Windows

08:45:41.631    AVAST engine scan C:\Windows\system32

08:48:11.500    AVAST engine scan C:\Windows\system32\drivers

08:48:28.208    AVAST engine scan C:\Users\Jana

08:55:46.662    AVAST engine scan C:\ProgramData

08:56:47.845    Scan finished successfully

08:56:55.068    Disk 0 MBR has been saved successfully to "C:\Users\Jana\Desktop\MBR.dat"

08:56:55.068    The log file has been saved successfully to "C:\Users\Jana\Desktop\aswMBR.txt"

Prog musste ich 2 mal starten, kam ne Fehlermeldung beim scannen.

LG

ComboFix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

LOG:

Code:

ComboFix 12-01-18.04 - Jana 19.01.2012   0:05.1.2 - x86

Microsoft® Windows Vista™ Business   6.0.6002.2.1252.49.1031.18.3070.1847 [GMT 1:00]

ausgeführt von:: c:\users\Jana\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\LP

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-18 bis 2012-01-18  ))))))))))))))))))))))))))))))

.

.

2012-01-18 23:11 . 2012-01-18 23:11        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-01-18 07:19 . 2011-11-17 06:48        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-01-18 07:19 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\system32\winhttp.dll

2012-01-18 07:19 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll

2012-01-18 07:19 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\system32\schannel.dll

2012-01-18 07:19 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll

2012-01-18 07:19 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe

2012-01-16 22:06 . 2012-01-16 22:06        --------        d-----w-        C:\_OTL

2012-01-15 20:09 . 2012-01-15 20:09        --------        d-----w-        c:\users\Jana\AppData\Roaming\Malwarebytes

2012-01-15 20:09 . 2012-01-15 20:09        --------        d-----w-        c:\programdata\Malwarebytes

2012-01-15 20:09 . 2012-01-15 20:09        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-01-15 20:09 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-01-11 14:53 . 2011-10-14 16:03        189952        ----a-w-        c:\windows\system32\winmm.dll

2012-01-11 14:53 . 2011-10-14 16:00        23552        ----a-w-        c:\windows\system32\mciseq.dll

2012-01-11 14:53 . 2011-11-18 20:23        1205064        ----a-w-        c:\windows\system32\ntdll.dll

2012-01-11 14:53 . 2011-11-18 17:47        66560        ----a-w-        c:\windows\system32\packager.dll

2012-01-11 14:53 . 2011-11-25 15:59        376320        ----a-w-        c:\windows\system32\winsrv.dll

2012-01-11 14:52 . 2011-10-25 15:58        1314816        ----a-w-        c:\windows\system32\quartz.dll

2012-01-11 14:52 . 2011-10-25 15:58        497152        ----a-w-        c:\windows\system32\qdvd.dll

2012-01-08 19:14 . 2012-01-08 19:14        --------        d-----w-        c:\users\Jana\AppData\Roaming\Avira

2012-01-08 19:13 . 2011-12-15 14:00        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-01-08 19:13 . 2011-12-15 14:00        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-01-08 19:13 . 2011-12-15 14:00        134856        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-01-08 19:12 . 2012-01-08 19:12        --------        d-----w-        c:\programdata\Avira

2012-01-08 19:12 . 2012-01-08 19:12        --------        d-----w-        c:\program files\Avira

2012-01-08 18:44 . 2012-01-08 19:07        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2012-01-08 18:44 . 2012-01-08 18:47        --------        d-----w-        c:\program files\Spybot - Search & Destroy

2012-01-08 09:36 . 2012-01-08 09:36        --------        d-----w-        c:\users\Jana\AppData\Roaming\DVDVideoSoft

2012-01-08 09:36 . 2012-01-08 09:36        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft

2012-01-08 09:36 . 2012-01-08 09:36        --------        d-----w-        c:\program files\DVDVideoSoft

2012-01-06 12:34 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{C009EA0E-F387-4801-9760-DA900D2D7041}\mpengine.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-23 13:37 . 2011-12-14 14:58        2043904        ----a-w-        c:\windows\system32\win32k.sys

2011-11-08 14:42 . 2011-12-14 14:58        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-11-03 06:22 . 2011-12-14 14:58        916992        ----a-w-        c:\windows\system32\wininet.dll

2011-11-03 06:17 . 2011-12-14 14:58        43520        ----a-w-        c:\windows\system32\licmgr10.dll

2011-11-03 06:17 . 2011-12-14 14:58        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl

2011-11-03 06:17 . 2011-12-14 14:58        71680        ----a-w-        c:\windows\system32\iesetup.dll

2011-11-03 06:17 . 2011-12-14 14:58        109056        ----a-w-        c:\windows\system32\iesysprep.dll

2011-11-03 05:22 . 2011-12-14 14:58        385024        ----a-w-        c:\windows\system32\html.iec

2011-11-03 04:45 . 2011-12-14 14:58        133632        ----a-w-        c:\windows\system32\ieUnatt.exe

2011-11-03 04:43 . 2011-12-14 14:58        1638912        ----a-w-        c:\windows\system32\mshtml.tlb

2011-10-27 08:01 . 2011-12-14 14:58        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-10-27 08:01 . 2011-12-14 14:58        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-10-25 15:56 . 2011-12-14 14:58        49152        ----a-w-        c:\windows\system32\csrsrv.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]

@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"

[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]

2011-07-07 09:46        194416        ----a-w-        c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]

@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"

[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]

2011-07-07 09:48        194416        ----a-w-        c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-09-02 25623336]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 4468736]

"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]

"OSD"="c:\program files\C&E\OSD\osd.exe" [2007-09-20 561152]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"GenePccMon.exe"="c:\program files\Genesys PC Camera Device\GenePccMon.exe" [2007-02-13 36864]

"Skytel"="Skytel.exe" [2007-05-07 1826816]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-05-22 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-22 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-22 81920]

"Eraser"="c:\progra~2\Eraser\Eraser.exe" [2010-11-04 980368]

"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2009-09-18 2412032]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-18 421736]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]

"MRT"="c:\windows\system32\MRT.exe" [2012-01-04 52128560]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

.

c:\users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

PMB Medien-Prüfung.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2011-1-19 333088]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

bthsvcs        REG_MULTI_SZ           BthServ

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-18 c:\windows\Tasks\User_Feed_Synchronization-{95C7E885-0D28-49D3-B93D-770A31A8E2C5}.job

- c:\windows\system32\msfeedssync.exe [2011-12-14 04:44]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://start.icq.com/

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1ssh4blq.default\

FF - prefs.js: browser.search.selectedEngine - ICQ Search

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\program files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-01-19 00:11

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  GenePccMon.exe = c:\program files\Genesys PC Camera Device\GenePccMon.exe??????????????????????????????????????????????????????????????????????????????????????????????????????? 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(3596)

c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll

c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll

.

Zeit der Fertigstellung: 2012-01-19  00:15:38

ComboFix-quarantined-files.txt  2012-01-18 23:15

.

Vor Suchlauf: 10 Verzeichnis(se), 288.950.857.728 Bytes frei

Nach Suchlauf: 14 Verzeichnis(se), 288.975.912.960 Bytes frei

.

- - End Of File - - 47F2177B48A351EC62828DF08205E372

Ein Neustart wurde nicht verlangt bzw durchgeführt :)

Onlinescan zur Kontrolle

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Frage: Macht der Rechner noch Probleme?

Gruß

Wenn ich den Browser schliesse und wieder öffne springt automatisch die Proxy weiterleitung ein, beim IE komm ich gar nicht mehr ins Netz :(

LOG

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=a0535b9db7b2fb48bc33d4a075b64e68

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-19 10:54:43

# local_time=2012-01-19 11:54:43 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 919542 919542 0 0

# compatibility_mode=5892 16776638 66 100 948011 164498613 0 0

# compatibility_mode=8192 67108863 100 0 4225 4225 0 0

# scanned=142329

# found=1

# cleaned=0

# scan_time=4572

C:\_OTL\MovedFiles\01162012_230650\C_Users\Jana\AppData\Roaming\142A8\D0787.exe        a variant of Win32/Kryptik.YVH trojan (unable to clean)        00000000000000000000000000000000        I

Schritt 1: Proxy deaktivieren

Deaktiviere im Internet Explorer den Proxy:

Klicke im Menü auf Extras-->Internetoptionen.
Wechsel auf den Reiter Verbindungen.
Klicke auf die Schaltfläche LAN-Einstellungen.
Entferne im Bereich Proxyserver den Haken bei Proxyserver für LAN verwenden.
Bestätige mit OK, schließe die Internetoptionen.

Kannst du nun mit dem IE ins Internet?

Schritt 2: Neues FF-Profil

Drücke bei gedrückter Windows-Taste“ auf R.
Im sich öffenden Textfeld, gebe folgendes ein:

Code:

"C:\Program Files\Mozilla Firefox\firefox.exe –ProfileManager"
Klicke auf OK.
Klicke auf Profil erstellen-->Weiter-->Fertig stellen.
Doppelklicke auf Standard-Benutzer.

Daraufhin wechselt „Firefox“ ins neue Profil.

Funktioniert der FF mit dem neuen Profil normal?

Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen