Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   50-€ Virus infiziert (https://www.trojaner-board.de/110144-50-virus-infiziert.html)

ricu123 19.02.2012 04:40
50-€ Virus infiziert
 
Hallo,
bin ebenfalls von dem Virus "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert". Ein schwarzer Bildschirm und ich muss 50€ zahlen um den Virus loszuwerden :headbang:
Hab schonmal Malwarebytes und OTL wie HIER(http://www.trojaner-board.de/109693-...blockiert.html) durchgeführt: hier die Logs:

Malwarebytes:
Zitat:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.18.08

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Poppel :: ACER-A9CE03BBC6 [Administrator]

19.02.2012 04:04:42
mbam-log-2012-02-19 (04-04-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 191845
Laufzeit: 6 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZUMIESEARCH_SERVICE (PUP.Zwangi) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Microsoft\torrent.exe (Trojan.VUPX.PL1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\0.06353048701918118.exe (Trojan.VUPX.PL1) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
ORL.txt:

OTL Logfile:
Code:
OTL logfile created on: 19.02.2012 04:37:49 - Run 1
OTL by OldTimer - Version 3.2.33.0    Folder = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,44 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 64,56% Memory free
2,72 Gb Paging File | 2,12 Gb Available in Paging File | 77,72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53,68 Gb Total Space | 2,56 Gb Free Space | 4,77% Space Free | Partition Type: FAT32
Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32
 
Computer Name: ACER-A9CE03BBC6 | User Name: Poppel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.19 04:35:44 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\OTL.exe
PRC - [2011.08.25 15:25:00 | 000,886,760 | ---- | M] (Search-Results) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.11.30 20:06:04 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 21:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.09 17:42:06 | 000,342,016 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006.08.08 14:15:14 | 000,634,880 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
PRC - [2006.06.13 16:23:50 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2006.06.07 20:18:12 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2006.06.01 14:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2006.04.27 12:09:50 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2001.12.12 01:32:56 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.11 15:57:58 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_22279648\mscorlib.dll
MOD - [2012.01.11 15:57:56 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_21750a87\system.drawing.dll
MOD - [2012.01.11 15:57:48 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cec5e857\system.xml.dll
MOD - [2012.01.11 15:57:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_278b595e\system.windows.forms.dll
MOD - [2012.01.11 15:57:28 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7e1616a1\system.dll
MOD - [2012.01.11 15:57:18 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.01.11 15:57:16 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011.02.06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.01.28 12:57:54 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.08.25 14:58:00 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2006.08.25 14:57:58 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006.08.25 14:57:58 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006.08.25 14:57:58 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2006.08.25 14:57:58 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006.08.25 14:57:20 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.08.25 14:57:20 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\system.serviceprocess.resources.dll
MOD - [2006.08.15 21:10:00 | 001,403,904 | ---- | M] () -- C:\WINDOWS\system32\UIVCL.dll
MOD - [2006.08.09 17:40:50 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\APISlice.dll
MOD - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MOD - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
MOD - [2006.06.02 14:08:58 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll
MOD - [2006.05.19 16:09:40 | 000,352,256 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2006.04.27 12:10:38 | 000,192,616 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2006.04.27 12:10:38 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2006.04.27 12:10:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2006.04.27 12:10:38 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2006.03.30 00:05:20 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system\BisonCam.dll
MOD - [2006.03.16 12:03:24 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll
MOD - [2006.01.12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll
MOD - [2005.11.04 17:07:22 | 000,151,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
MOD - [2005.11.04 17:02:18 | 000,007,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\locPcd.dll
MOD - [2005.11.04 16:46:42 | 000,258,048 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaEmail.dll
MOD - [2005.11.04 16:35:44 | 000,090,112 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2005.11.04 16:31:46 | 000,708,608 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
MOD - [2005.11.04 16:31:16 | 000,094,208 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
MOD - [2005.11.04 16:28:56 | 000,008,704 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
MOD - [2005.11.04 15:43:18 | 000,327,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2005.11.04 15:42:12 | 000,393,216 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2005.11.04 15:23:16 | 000,421,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaEmail.esx
MOD - [2005.11.04 15:21:02 | 000,266,240 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2005.11.04 15:20:38 | 000,091,648 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2005.11.04 15:19:06 | 000,162,304 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2005.11.04 15:18:12 | 000,203,776 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2005.11.04 15:17:58 | 000,046,592 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2005.11.04 15:17:14 | 000,074,752 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2005.11.04 15:17:04 | 000,684,032 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2005.11.04 15:15:42 | 000,131,072 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2005.11.04 15:13:52 | 000,693,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2005.11.04 15:13:24 | 000,076,800 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2005.11.04 15:12:08 | 000,095,232 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\kpri40.dll
MOD - [2005.11.04 15:07:16 | 000,186,880 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2005.11.04 15:06:54 | 000,262,144 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2005.11.04 15:06:12 | 000,059,392 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2005.11.04 15:06:00 | 000,299,520 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2005.11.04 15:05:18 | 000,032,768 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
MOD - [2005.11.04 15:04:44 | 000,101,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2005.11.04 15:04:42 | 000,215,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2005.10.20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005.10.11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005.07.13 10:21:08 | 000,503,808 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCommon30.dll
MOD - [2005.07.13 10:20:50 | 000,319,488 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxProc30.dll
MOD - [2005.07.13 10:20:32 | 000,565,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxXML30.dll
MOD - [2005.07.13 10:20:12 | 000,311,296 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxFF30.dll
MOD - [2005.07.13 10:20:00 | 001,126,400 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCmp30.dll
MOD - [2005.07.13 10:19:12 | 000,438,272 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxIm30.dll
MOD - [2005.07.13 10:18:50 | 000,516,096 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxBase30.dll
MOD - [2005.03.04 08:26:10 | 000,024,576 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KcmsMgr.dll
MOD - [2003.06.07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ)
SRV - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.03.30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.07 18:36:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.06.28 19:47:42 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:47:42 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 11:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.04 12:01:56 | 000,201,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.10.04 12:01:56 | 000,081,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.10.04 12:01:56 | 000,028,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006.07.24 02:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.06.30 10:40:40 | 000,775,936 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006.06.25 22:19:54 | 000,564,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.06.08 17:54:24 | 000,017,664 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2006.06.06 18:36:30 | 000,090,112 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2006.06.02 13:59:54 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006.06.02 13:59:52 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006.06.02 13:59:50 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006.05.17 18:32:38 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006.05.10 11:27:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.03.07 05:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.03.04 06:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.04 06:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.01.27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005.10.24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.10.18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.06.16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005.03.31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005.03.31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005.03.31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005.03.31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005.03.31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search-results.com/?l=dis&o=41648036
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
 
[2006.12.15 19:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions
[2011.12.24 21:01:34 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com
[2011.08.25 15:21:20 | 000,003,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml
[2006.12.15 19:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.22 21:25:44 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2006.10.30 14:34:52 | 000,010,582 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml
[2006.11.28 18:03:38 | 000,005,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml
[2008.10.22 21:25:36 | 000,002,390 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\zumie.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0} - No CLSID value found.
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (no name) - {E859E13A-569E-463D-BE84-A259AD7DB843} - No CLSID value found.
O2 - BHO: (no name) - {F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe ( )
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent File not found
O4 - HKLM..\RunOnceEx: []  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Poppel\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C6B3C2-A7C9-4320-BE0A-DD7D6D0200AA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\byXQKefG: DllName - (byXQKefG.dll) -  File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awttqnMe) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell - "" = AutoRun
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "AntiVirService"
MsConfig - Services: "AntiVirSchedulerService"
MsConfig - StartUpReg: 557839895 - hkey= - key= -  File not found
MsConfig - StartUpReg: BisonBar - hkey= - key= - C:\WINDOWS\BUtilityBar\BisonBar.exe ()
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: MSPY2002 - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found
MsConfig - StartUpReg: portwexexe.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: {D6F5BC5F-543D-5AFB-146E-FE8A27A8AC05} - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.16 18:13:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Poppel\Recent
[2012.02.15 18:30:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\didi
[2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Programme\LSoft Technologies
[2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Active@ ISO Burner
[2012.02.05 18:30:38 | 023,229,504 | ---- | C] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe
[2012.01.31 16:48:58 | 002,548,777 | ---- | C] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe
[2012.01.31 16:30:38 | 004,179,293 | ---- | C] (Lavalys, Inc.                                              ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe
[2012.01.29 17:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\BilderLernwerkstatt Mathe
[2012.01.20 13:28:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Meine empfangenen Dateien
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.19 04:41:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job
[2012.02.19 04:24:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.19 04:20:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.19 04:19:56 | 010,082,304 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mbb
[2012.02.19 04:19:52 | 007,117,824 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mb
[2012.02.19 04:18:10 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2012.02.19 04:18:08 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.02.19 04:17:46 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.19 04:17:44 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WefiStartup.job
[2012.02.19 04:17:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.19 04:17:16 | 1542,107,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.19 04:03:16 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.19 04:02:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2012.02.19 04:02:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2012.02.19 04:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.02.16 18:51:32 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.16 18:50:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2012.02.16 18:50:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2012.02.16 18:13:02 | 001,281,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg
[2012.02.16 18:03:44 | 000,009,289 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt
[2012.02.15 22:48:16 | 000,000,153 | -H-- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt#
[2012.02.15 22:46:42 | 000,012,468 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt
[2012.02.15 19:31:34 | 000,013,364 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt
[2012.02.15 16:35:26 | 000,011,157 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt
[2012.02.14 18:22:02 | 000,013,814 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt
[2012.02.08 01:19:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2012.02.08 01:19:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2012.02.06 21:52:42 | 006,381,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf
[2012.02.05 23:35:14 | 000,227,980 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf
[2012.02.05 18:32:44 | 023,229,504 | ---- | M] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe
[2012.02.05 18:04:54 | 000,825,374 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp
[2012.02.05 18:02:36 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp
[2012.02.05 18:00:12 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp
[2012.02.05 17:57:52 | 001,255,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg
[2012.02.05 16:40:34 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp
[2012.02.05 16:32:26 | 000,038,745 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG
[2012.02.05 16:28:14 | 000,012,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt
[2012.02.02 00:58:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2012.02.02 00:58:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2012.01.31 16:49:18 | 002,548,777 | ---- | M] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe
[2012.01.31 16:31:00 | 004,179,293 | ---- | M] (Lavalys, Inc.                                              ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe
[2012.01.24 18:24:16 | 000,010,391 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt
[2012.01.23 23:39:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2012.01.23 23:39:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2012.01.22 14:08:30 | 000,010,875 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt
 
========== Files Created - No Company Name ==========
 
[2012.02.19 04:37:46 | 000,013,364 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt
[2012.02.19 04:37:46 | 000,011,157 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt
[2012.02.19 04:37:46 | 000,009,289 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt
[2012.02.19 04:03:14 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.19 04:02:09 | 000,000,268 | -H-- | C] () -- C:\sqmdata16.sqm
[2012.02.19 04:02:09 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2012.02.16 18:50:03 | 000,000,268 | -H-- | C] () -- C:\sqmdata15.sqm
[2012.02.16 18:50:03 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2012.02.16 18:11:38 | 001,281,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg
[2012.02.16 18:09:40 | 000,001,090 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.16 18:09:40 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.15 22:48:15 | 000,000,153 | -H-- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt#
[2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.02.14 17:05:59 | 000,013,814 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt
[2012.02.08 01:19:06 | 000,000,268 | -H-- | C] () -- C:\sqmdata14.sqm
[2012.02.08 01:19:06 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2012.02.06 21:52:31 | 006,381,354 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf
[2012.02.05 23:35:11 | 000,227,980 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf
[2012.02.05 18:04:53 | 000,825,374 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp
[2012.02.05 18:02:34 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp
[2012.02.05 18:00:10 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp
[2012.02.05 17:57:57 | 001,255,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg
[2012.02.05 16:40:33 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp
[2012.02.05 16:32:24 | 000,038,745 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG
[2012.02.05 16:01:51 | 000,012,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt
[2012.02.02 01:01:54 | 000,012,468 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt
[2012.02.02 00:58:00 | 000,000,268 | -H-- | C] () -- C:\sqmdata13.sqm
[2012.02.02 00:58:00 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2012.01.24 18:07:39 | 000,010,391 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt
[2012.01.23 23:39:57 | 000,000,268 | -H-- | C] () -- C:\sqmdata12.sqm
[2012.01.23 23:39:57 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2012.01.22 14:08:28 | 000,010,875 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt
[2011.07.11 23:11:09 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\winscp.rnd
[2011.03.11 06:36:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007.11.03 11:38:50 | 000,094,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.15 05:34:20 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2006.08.29 11:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2006.12.15 19:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox
[2008.04.11 07:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg
[2009.05.17 07:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ImagesWords
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EasyPCGate
[2009.11.13 19:20:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2011.03.09 17:07:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006.12.15 19:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Opera
[2006.12.26 18:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\FileMaker
[2006.12.29 12:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\RTPlayer
[2007.07.08 13:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free
[2008.10.04 18:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Spamihilator
[2008.10.24 16:43:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\ImagesWords
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\EasyPCGate
[2009.11.09 20:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CoSoSys
[2010.11.22 18:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\BBZ
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx
[2010.11.28 22:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org
[2010.11.28 23:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Foxit Software
[2011.02.15 19:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\SampleDecks
[2011.06.16 20:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.08.21 04:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\LolClient
[2012.02.19 04:17:44 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WefiStartup.job
[2012.02.19 04:41:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job
[2012.02.19 04:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2004.09.13 12:09:24 | 000,000,000 | ---D | M] -- C:\I386
[2004.09.13 12:13:12 | 000,000,000 | ---D | M] -- C:\DOCS
[2004.09.13 12:13:12 | 000,000,000 | ---D | M] -- C:\DOTNETFX
[2004.09.13 12:13:22 | 000,000,000 | ---D | M] -- C:\SUPPORT
[2004.09.13 12:13:26 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2004.09.13 12:14:16 | 000,000,000 | ---D | M] -- C:\ELEMENTS
[2004.09.13 12:20:38 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2004.09.13 12:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2004.09.13 12:32:24 | 000,000,000 | ---D | M] -- C:\Programme
[2006.08.25 14:21:04 | 000,000,000 | ---D | M] -- C:\BOOK
[2006.08.25 14:21:18 | 000,000,000 | ---D | M] -- C:\Sysinfo
[2006.08.29 10:59:16 | 000,000,000 | -HSD | M] -- C:\system volume information
[2006.08.29 11:21:18 | 000,000,000 | ---D | M] -- C:\My Music
[2006.12.15 05:37:44 | 000,000,000 | ---D | M] -- C:\Program Files
[2006.12.15 05:38:56 | 000,000,000 | ---D | M] -- C:\Acer
[2006.12.15 19:03:42 | 000,000,000 | -HSD | M] -- C:\Recycled
[2006.12.26 19:11:44 | 000,000,000 | ---D | M] -- C:\KPCMS
[2006.12.29 00:43:56 | 000,000,000 | ---D | M] -- C:\musik
[2008.01.15 17:55:36 | 000,000,000 | ---D | M] -- C:\Games
[2006.12.29 00:38:44 | 000,000,000 | R--D | M] -- C:\Eigene Musik
[2010.03.03 18:38:00 | 000,000,000 | ---D | M] -- C:\scripts
[2010.03.03 18:38:00 | 000,000,000 | ---D | M] -- C:\logs
[2008.11.02 20:56:28 | 000,000,000 | ---D | M] -- C:\Belkin
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2005.04.07 19:47:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=64322E8399B205B7281FF883737A9B03 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2004.08.04 05:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\I386\REGEDIT.EXE
[2004.08.04 05:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-16 15:56:59

< End of report >
--- --- ---

[/QUOTE]

und die Extras.Txt:

OTL Logfile:
Code:
OTL Extras logfile created on: 19.02.2012 04:37:49 - Run 1
OTL by OldTimer - Version 3.2.33.0    Folder = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,44 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 64,56% Memory free
2,72 Gb Paging File | 2,12 Gb Available in Paging File | 77,72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53,68 Gb Total Space | 2,56 Gb Free Space | 4,77% Space Free | Partition Type: FAT32
Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32
 
Computer Name: ACER-A9CE03BBC6 | User Name: Poppel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\ART\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher
"8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher
"6945:TCP" = 6945:TCP:*:Enabled:League of Legends Launcher
"6945:UDP" = 6945:UDP:*:Enabled:League of Legends Launcher
"8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher
"8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6994:TCP" = 6994:TCP:*:Enabled:League of Legends Launcher
"6994:UDP" = 6994:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe:*:Enabled:GMX Update
"C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts
"C:\Programme\EA GAMES\MOHAA\MOHAA.exe" = C:\Programme\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)
"C:\WINDOWS\System32\java.exe" = C:\WINDOWS\System32\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player Beta
"C:\Programme\AVG\AVG9\avgemc.exe" = C:\Programme\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe
"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Java\JRE6\launch4j-tmp\UltraMixer.exe" = C:\Programme\Java\JRE6\launch4j-tmp\UltraMixer.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"\" = C:\WINDOWS\system\dwm.exe:*:Enabled:KL
"C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{D0AB9921-CB80-4C1E-9509-637FB524AFA9}\bin\javaw.exe" = C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{D0AB9921-CB80-4C1E-9509-637FB524AFA9}\bin\javaw.exe:*:Enabled:xp2p
"C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{1D243D6A-A01D-4029-B447-0E7ABAF3B541}\bin\javaw.exe" = C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{1D243D6A-A01D-4029-B447-0E7ABAF3B541}\bin\javaw.exe:*:Enabled:xp2p
"D:\Programme\EA GAMES\Battlefield 2\BF2.exe" = D:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
"D:\Programme\Wolfenstein - Enemy Territory\ET.exe" = D:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Dokumente und Einstellungen\Poppel\Desktop\Battlefield 2\BF2.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\Battlefield 2\BF2.exe:*:Enabled:BF2
"C:\Dokumente und Einstellungen\Poppel\Desktop\Wolfenstein - Enemy Territory\ET.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Dokumente und Einstellungen\Poppel\Desktop\UnrealTournament\System\0CLICK.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\UnrealTournament\System\0CLICK.exe:*:Enabled:0CLICK
"C:\Dokumente und Einstellungen\Poppel\Desktop\scheiß shirtinator ich will die titten sehen\Age of Empires\EMPIRES.EXE" = C:\Dokumente und Einstellungen\Poppel\Desktop\scheiß shirtinator ich will die titten sehen\Age of Empires\EMPIRES.EXE:*:Enabled:Age of Empires
"C:\WINDOWS\System32\dplaysvr.exe" = C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Poppel\Desktop\hallo\Battlefield 2\Bf2_w32ded.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\hallo\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Battlefield 2\BF2.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Battlefield 2\BF2.exe:*:Enabled:BF2 -- ()
"C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{4D0A2FE6-88BD-4D8C-8B94-68717BB1D3D5}\bin\javaw.exe" = C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{4D0A2FE6-88BD-4D8C-8B94-68717BB1D3D5}\bin\javaw.exe:*:Enabled:NETDIS-WSDEVNTS-In-TCP-Java
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Wolfenstein - Enemy Territory\ET.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\UnrealTournament\System\0CLICK.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\UnrealTournament\System\0CLICK.exe:*:Disabled:0CLICK
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Re-Volt\REVOLT.EXE" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Re-Volt\REVOLT.EXE:*:Enabled:REVOLT -- ()
"C:\Programme\Wolfenstein - Enemy Territory\ET.exe" = C:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari schule\UnrealTournament\System\0CLICK.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari schule\UnrealTournament\System\0CLICK.exe:*:Enabled:0CLICK -- ()
"D:\Riot Games\League of Legends\air\LolClient.exe" = D:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\Riot Games\League of Legends\game\League of Legends.exe" = D:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"D:\Riot Games\League of Legends\lol.launcher.exe" = D:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- ()
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00180407-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FC2DFF2-D86A-4775-8940-4081D60B4E1C}" = Philips Firmware Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.4.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe  1.4.97.1
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA396ABC-98AF-4F4A-B0F8-EB160DFF344B}" = Acer OrbiCam Utility Bar
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cb8abcef-9183-4de7-9b90-3443479441f2}_is1" = SampleDecks 1.9.0
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"7-Zip" = 7-Zip 4.42
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BBZ" = BBZ 4.12 30.10.2010
"BeobachtungZeugnis_is1" = BeobachtungZeugnis
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"CFF5FD902CAD8828AC62E155C542E69D5439C37A" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0)
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"hp deskjet 930c series_Driver" = hp deskjet 930c series
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.3081
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.61.1250" = Opera 11.61
"PhotoFiltre" = PhotoFiltre
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RealPlayer 6.0" = RealPlayer Basic
"Success 1.0" = Success 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueImage" = Acronis*TrueImage
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"xp-AntiSpy" = xp-AntiSpy 3.96-2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.02.2012 14:23:44 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3938
 
Error - 18.02.2012 14:23:48 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.02.2012 14:23:48 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7891
 
Error - 18.02.2012 14:23:48 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7891
 
Error - 18.02.2012 14:23:52 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.02.2012 14:23:52 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11813
 
Error - 18.02.2012 14:23:52 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11813
 
Error - 18.02.2012 22:39:05 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.02.2012 22:39:05 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29725031
 
Error - 18.02.2012 22:39:05 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29725031
 
[ System Events ]
Error - 09.02.2012 13:13:25 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.35 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF9D054D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
 
Error - 09.02.2012 13:14:22 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 15.02.2012 11:10:54 | Computer Name = ACER-A9CE03BBC6 | Source = Print | ID = 19
Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker hp deskjet
930c series, Freigabename Drucker4.
 
Error - 16.02.2012 12:53:28 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.29 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF9D054D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
 
Error - 16.02.2012 21:22:04 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.39 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF9D054D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
 
Error - 18.02.2012 11:35:09 | Computer Name = ACER-A9CE03BBC6 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "USER-B13783889A",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B1C6B3C2-A7C-Transport zu sein
 scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 18.02.2012 14:23:35 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.39 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF9D054D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
 
Error - 18.02.2012 22:58:31 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7034
Description = Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 18.02.2012 23:17:35 | Computer Name = ACER-A9CE03BBC6 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 18.02.2012 23:19:54 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  abp480n5  adpu160m  agp440  agpCPQ  Aha154x  aic78u2  aic78xx  AliIde  alim1541  amdagp  amsint  asc  asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
gagp30kx
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
 
 
< End of report >
--- --- ---

[/QUOTE]


Vielen Dank!

cosinus 19.02.2012 20:06
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

ricu123 19.02.2012 23:41
nr1:
Zitat:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.19.03

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Poppel :: ACER-A9CE03BBC6 [Administrator]

19.02.2012 20:15:40
mbam-log-2012-02-19 (20-15-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 293734
Laufzeit: 1 Stunde(n), 17 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\system volume information\_restore{20805B88-0A57-49FE-94C0-35B1D4357244}\RP110\A0019318.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


nr2:
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5fd647307b7f05448d3ac1570c9b18ac
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-19 10:45:26
# local_time=2012-02-19 11:45:26 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 187125 66221649 179884 0
# compatibility_mode=8192 67108863 100 0 3933 3933 0 0
# scanned=106507
# found=4
# cleaned=0
# scan_time=6735
C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}\chrome\zumie.jar Win32/Adware.OneStep application (unable to clean) 00000000000000000000000000000000 I
C:\Eigene Musik\Rap-music\lp\hitfaker.zip probably a variant of Win32/Agent.BROBMYK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Eigene Musik\Rap-music\lp\hitfaker\HitFaker.exe probably a variant of Win32/Agent.BROBMYK trojan (unable to clean) 00000000000000000000000000000000 I

cosinus 20.02.2012 10:34
Zitat:
C:\Eigene Musik\Rap-music\lp\hitfaker\HitFaker.exe
Was ist das denn? :wtf:

ricu123 20.02.2012 14:57
hi,
weiss es leider nicht, soll ich es mal ausführen um zu sehen was es ist?

cosinus 20.02.2012 15:29
Hallo?! Das Teil ist deinem Musikordner und du hast keine Ahnung wie das in "Rap-Musik" reinkommt?

ricu123 20.02.2012 15:33
Ums kurz zu sagen, ja. Ich informier mich mal im Internet was das sein könnte.
gruß

cosinus 20.02.2012 15:36
Zitat:
Drive C: | 53,68 Gb Total Space | 2,56 Gb Free Space | 4,77% Space Free | Partition Type: FAT32
Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32
Und übrigens, auch lt. OTL sind C und D bei dir nur in FAT32!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

ricu123 20.02.2012 18:48
Hi,
hier die OTL.txt:

OTL Logfile:
Code:
OTL logfile created on: 20.02.2012 18:42:27 - Run 2
OTL by OldTimer - Version 3.2.33.1    Folder = C:\Dokumente und Einstellungen\Poppel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,44 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 73,37% Memory free
2,72 Gb Paging File | 2,14 Gb Available in Paging File | 78,68% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53,68 Gb Total Space | 2,47 Gb Free Space | 4,60% Space Free | Partition Type: FAT32
Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32
 
Computer Name: ACER-A9CE03BBC6 | User Name: Poppel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.20 18:41:36 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Desktop\OTL.exe
PRC - [2012.02.19 21:42:42 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\RtkBtMnt.exe
PRC - [2011.08.25 15:25:00 | 000,886,760 | ---- | M] (Search-Results) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.11.30 20:06:04 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 21:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.09 17:42:06 | 000,342,016 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006.08.08 14:15:14 | 000,634,880 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
PRC - [2006.06.28 12:24:30 | 000,348,160 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
PRC - [2006.06.13 16:23:50 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2006.06.07 20:18:12 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2006.06.01 14:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2006.04.27 12:10:10 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2006.04.27 12:09:50 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2001.12.12 01:32:56 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.11 15:57:58 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_22279648\mscorlib.dll
MOD - [2012.01.11 15:57:56 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_21750a87\system.drawing.dll
MOD - [2012.01.11 15:57:48 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cec5e857\system.xml.dll
MOD - [2012.01.11 15:57:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_278b595e\system.windows.forms.dll
MOD - [2012.01.11 15:57:28 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7e1616a1\system.dll
MOD - [2012.01.11 15:57:18 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.01.11 15:57:16 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011.02.06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.01.28 12:57:54 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.08.25 14:58:00 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2006.08.25 14:57:58 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006.08.25 14:57:58 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006.08.25 14:57:58 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2006.08.25 14:57:58 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006.08.25 14:57:20 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.08.25 14:57:20 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\system.serviceprocess.resources.dll
MOD - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MOD - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
MOD - [2006.06.02 14:08:58 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll
MOD - [2006.05.19 16:09:40 | 000,352,256 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2006.04.27 12:10:38 | 000,192,616 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2006.04.27 12:10:38 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2006.04.27 12:10:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2006.04.27 12:10:38 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2006.03.30 00:05:20 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system\BisonCam.dll
MOD - [2006.03.16 12:03:24 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll
MOD - [2006.01.12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll
MOD - [2005.11.04 17:07:22 | 000,151,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
MOD - [2005.11.04 17:02:18 | 000,007,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\locPcd.dll
MOD - [2005.11.04 16:46:42 | 000,258,048 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaEmail.dll
MOD - [2005.11.04 16:35:44 | 000,090,112 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2005.11.04 16:31:46 | 000,708,608 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
MOD - [2005.11.04 16:31:16 | 000,094,208 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
MOD - [2005.11.04 16:28:56 | 000,008,704 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
MOD - [2005.11.04 15:43:18 | 000,327,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2005.11.04 15:42:12 | 000,393,216 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2005.11.04 15:23:16 | 000,421,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaEmail.esx
MOD - [2005.11.04 15:21:02 | 000,266,240 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2005.11.04 15:20:38 | 000,091,648 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2005.11.04 15:19:06 | 000,162,304 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2005.11.04 15:18:12 | 000,203,776 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2005.11.04 15:17:58 | 000,046,592 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2005.11.04 15:17:14 | 000,074,752 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2005.11.04 15:17:04 | 000,684,032 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2005.11.04 15:15:42 | 000,131,072 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2005.11.04 15:13:52 | 000,693,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2005.11.04 15:13:24 | 000,076,800 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2005.11.04 15:12:08 | 000,095,232 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\kpri40.dll
MOD - [2005.11.04 15:07:16 | 000,186,880 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2005.11.04 15:06:54 | 000,262,144 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2005.11.04 15:06:12 | 000,059,392 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2005.11.04 15:06:00 | 000,299,520 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2005.11.04 15:05:18 | 000,032,768 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
MOD - [2005.11.04 15:04:44 | 000,101,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2005.11.04 15:04:42 | 000,215,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2005.10.20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005.10.11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005.07.13 10:21:08 | 000,503,808 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCommon30.dll
MOD - [2005.07.13 10:20:50 | 000,319,488 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxProc30.dll
MOD - [2005.07.13 10:20:32 | 000,565,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxXML30.dll
MOD - [2005.07.13 10:20:12 | 000,311,296 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxFF30.dll
MOD - [2005.07.13 10:20:00 | 001,126,400 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCmp30.dll
MOD - [2005.07.13 10:19:12 | 000,438,272 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxIm30.dll
MOD - [2005.07.13 10:18:50 | 000,516,096 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxBase30.dll
MOD - [2005.03.04 08:26:10 | 000,024,576 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KcmsMgr.dll
MOD - [2003.06.07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ)
SRV - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.03.30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.07 18:36:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.06.28 19:47:42 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:47:42 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 11:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.04 12:01:56 | 000,201,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.10.04 12:01:56 | 000,081,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.10.04 12:01:56 | 000,028,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006.07.24 02:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.06.30 10:40:40 | 000,775,936 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006.06.25 22:19:54 | 000,564,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.06.08 17:54:24 | 000,017,664 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2006.06.06 18:36:30 | 000,090,112 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2006.06.02 13:59:54 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006.06.02 13:59:52 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006.06.02 13:59:50 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006.05.17 18:32:38 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006.05.10 11:27:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.03.07 05:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.03.04 06:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.04 06:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.01.27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005.10.24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.10.18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.06.16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005.03.31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005.03.31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005.03.31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005.03.31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005.03.31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ [binary data]
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search-results.com/?l=dis&o=41648036
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
 
[2006.12.15 19:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions
[2011.12.24 21:01:34 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com
[2011.08.25 15:21:20 | 000,003,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml
[2006.12.15 19:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.22 21:25:44 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2006.10.30 14:34:52 | 000,010,582 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml
[2006.11.28 18:03:38 | 000,005,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml
[2008.10.22 21:25:36 | 000,002,390 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\zumie.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0} - No CLSID value found.
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (no name) - {E859E13A-569E-463D-BE84-A259AD7DB843} - No CLSID value found.
O2 - BHO: (no name) - {F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe ( )
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent File not found
O4 - HKLM..\RunOnceEx: []  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Poppel\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C6B3C2-A7C9-4320-BE0A-DD7D6D0200AA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\byXQKefG: DllName - (byXQKefG.dll) -  File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awttqnMe) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell - "" = AutoRun
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "AntiVirService"
MsConfig - Services: "AntiVirSchedulerService"
MsConfig - StartUpReg: 557839895 - hkey= - key= -  File not found
MsConfig - StartUpReg: BisonBar - hkey= - key= - C:\WINDOWS\BUtilityBar\BisonBar.exe ()
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: MSPY2002 - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found
MsConfig - StartUpReg: portwexexe.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: {D6F5BC5F-543D-5AFB-146E-FE8A27A8AC05} - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.20 18:41:34 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Desktop\OTL.exe
[2012.02.19 21:47:41 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.02.16 18:13:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Poppel\Recent
[2012.02.15 18:30:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\didi
[2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Programme\LSoft Technologies
[2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Active@ ISO Burner
[2012.02.05 18:30:38 | 023,229,504 | ---- | C] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe
[2012.01.31 16:48:58 | 002,548,777 | ---- | C] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe
[2012.01.31 16:30:38 | 004,179,293 | ---- | C] (Lavalys, Inc.                                              ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe
[2012.01.29 17:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\BilderLernwerkstatt Mathe
[2007.11.03 11:38:50 | 000,094,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.15 05:42:32 | 000,041,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2006.12.15 05:34:20 | 002,813,702 | -H-- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2006.12.15 05:34:20 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.20 18:41:36 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Desktop\OTL.exe
[2012.02.20 18:38:52 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job
[2012.02.20 18:24:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.20 18:24:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.20 18:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.02.19 21:44:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2012.02.19 21:44:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2012.02.19 21:44:36 | 010,082,304 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mbb
[2012.02.19 21:44:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.19 21:44:32 | 007,117,824 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mb
[2012.02.19 21:42:26 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.02.19 21:42:26 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2012.02.19 21:42:20 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WefiStartup.job
[2012.02.19 21:42:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.19 21:42:00 | 1542,107,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.19 21:36:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2012.02.19 21:36:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2012.02.19 04:03:16 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.19 04:02:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2012.02.19 04:02:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2012.02.16 18:51:32 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.16 18:50:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2012.02.16 18:50:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2012.02.16 18:13:02 | 001,281,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg
[2012.02.16 18:03:44 | 000,009,289 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt
[2012.02.15 22:48:16 | 000,000,153 | -H-- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt#
[2012.02.15 22:46:42 | 000,012,468 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt
[2012.02.15 19:31:34 | 000,013,364 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt
[2012.02.15 16:35:26 | 000,011,157 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt
[2012.02.14 18:22:02 | 000,013,814 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt
[2012.02.08 01:19:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2012.02.08 01:19:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2012.02.06 21:52:42 | 006,381,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf
[2012.02.05 23:35:14 | 000,227,980 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf
[2012.02.05 18:32:44 | 023,229,504 | ---- | M] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe
[2012.02.05 18:04:54 | 000,825,374 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp
[2012.02.05 18:02:36 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp
[2012.02.05 18:00:12 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp
[2012.02.05 17:57:52 | 001,255,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg
[2012.02.05 16:40:34 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp
[2012.02.05 16:32:26 | 000,038,745 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG
[2012.02.05 16:28:14 | 000,012,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt
[2012.02.02 00:58:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2012.02.02 00:58:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2012.01.31 16:49:18 | 002,548,777 | ---- | M] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe
[2012.01.31 16:31:00 | 004,179,293 | ---- | M] (Lavalys, Inc.                                              ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe
[2012.01.24 18:24:16 | 000,010,391 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt
[2012.01.23 23:39:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2012.01.23 23:39:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2012.01.22 14:08:30 | 000,010,875 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt
 
========== Files Created - No Company Name ==========
 
[2012.02.19 21:44:51 | 000,000,268 | -H-- | C] () -- C:\sqmdata18.sqm
[2012.02.19 21:44:51 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt18.sqm
[2012.02.19 21:36:19 | 000,000,268 | -H-- | C] () -- C:\sqmdata17.sqm
[2012.02.19 21:36:19 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm
[2012.02.19 04:37:46 | 000,013,364 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt
[2012.02.19 04:37:46 | 000,011,157 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt
[2012.02.19 04:37:46 | 000,009,289 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt
[2012.02.19 04:03:14 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.19 04:02:09 | 000,000,268 | -H-- | C] () -- C:\sqmdata16.sqm
[2012.02.19 04:02:09 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2012.02.16 18:50:03 | 000,000,268 | -H-- | C] () -- C:\sqmdata15.sqm
[2012.02.16 18:50:03 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2012.02.16 18:11:38 | 001,281,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg
[2012.02.16 18:09:40 | 000,001,090 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.16 18:09:40 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.15 22:48:15 | 000,000,153 | -H-- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt#
[2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.02.14 17:05:59 | 000,013,814 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt
[2012.02.08 01:19:06 | 000,000,268 | -H-- | C] () -- C:\sqmdata14.sqm
[2012.02.08 01:19:06 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2012.02.06 21:52:31 | 006,381,354 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf
[2012.02.05 23:35:11 | 000,227,980 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf
[2012.02.05 18:04:53 | 000,825,374 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp
[2012.02.05 18:02:34 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp
[2012.02.05 18:00:10 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp
[2012.02.05 17:57:57 | 001,255,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg
[2012.02.05 16:40:33 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp
[2012.02.05 16:32:24 | 000,038,745 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG
[2012.02.05 16:01:51 | 000,012,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt
[2012.02.02 01:01:54 | 000,012,468 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt
[2012.02.02 00:58:00 | 000,000,268 | -H-- | C] () -- C:\sqmdata13.sqm
[2012.02.02 00:58:00 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2012.01.24 18:07:39 | 000,010,391 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt
[2012.01.23 23:39:57 | 000,000,268 | -H-- | C] () -- C:\sqmdata12.sqm
[2012.01.23 23:39:57 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2012.01.22 14:08:28 | 000,010,875 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt
[2011.07.11 23:11:09 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\winscp.rnd
[2011.03.11 06:36:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
 
========== LOP Check ==========
 
[2006.08.29 11:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2006.12.15 19:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox
[2008.04.11 07:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg
[2009.05.17 07:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ImagesWords
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EasyPCGate
[2009.11.13 19:20:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2011.03.09 17:07:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006.12.15 19:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Opera
[2006.12.26 18:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\FileMaker
[2006.12.29 12:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\RTPlayer
[2007.07.08 13:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free
[2008.10.04 18:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Spamihilator
[2008.10.24 16:43:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\ImagesWords
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\EasyPCGate
[2009.11.09 20:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CoSoSys
[2010.11.22 18:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\BBZ
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx
[2010.11.28 22:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org
[2010.11.28 23:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Foxit Software
[2011.02.15 19:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\SampleDecks
[2011.06.16 20:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.08.21 04:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\LolClient
[2012.02.19 21:42:20 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WefiStartup.job
[2012.02.20 18:38:52 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job
[2012.02.20 18:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2004.09.13 12:38:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Identities
[2006.08.29 11:21:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\You've Got Pictures Screensaver
[2006.08.29 11:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\AOL
[2008.04.14 04:22:46 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Microsoft
[2006.12.15 05:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Macromedia
[2006.12.15 19:01:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla
[2006.12.15 19:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Opera
[2006.12.15 19:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Lavasoft
[2006.12.26 18:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\FileMaker
[2006.12.27 14:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CyberLink
[2006.12.28 10:14:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Sun
[2006.12.29 12:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\RTPlayer
[2007.01.01 20:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Help
[2007.01.20 16:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org2
[2007.06.17 12:58:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Google
[2007.07.08 13:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free
[2008.08.23 10:08:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\vlc
[2008.10.04 18:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Spamihilator
[2008.10.24 16:43:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller
[2008.11.25 20:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Adobe
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\ImagesWords
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\EasyPCGate
[2009.11.09 20:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CoSoSys
[2010.11.22 18:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\BBZ
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx
[2010.11.28 22:05:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Malwarebytes
[2010.11.28 22:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org
[2010.11.28 23:16:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Avira
[2010.11.28 23:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Foxit Software
[2011.02.15 19:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\SampleDecks
[2011.03.09 17:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Apple Computer
[2011.06.16 20:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.08.21 04:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\LolClient
 
< %APPDATA%\*.exe /s >
[2011.06.16 20:18:50 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2008.10.24 16:43:14 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller\msnauins.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.10.17 17:36:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.10.17 17:36:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.10.17 17:36:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.10.17 17:36:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATA.SYS  >
[2006.01.27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvata.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2007.03.08 17:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.02.07 18:36:28 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2004.09.13 12:24:16 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2004.09.13 12:24:16 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.09.13 12:24:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
--- --- ---



gruß

cosinus 20.02.2012 21:18
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.search-results.com/?l=dis&o=41648036
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
[2006.12.15 19:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions
[2011.12.24 21:01:34 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com
[2011.08.25 15:21:20 | 000,003,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml
[2006.12.15 19:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.22 21:25:44 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2006.10.30 14:34:52 | 000,010,582 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml
[2006.11.28 18:03:38 | 000,005,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml
[2008.10.22 21:25:36 | 000,002,390 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\zumie.xml
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0} - No CLSID value found.
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (no name) - {E859E13A-569E-463D-BE84-A259AD7DB843} - No CLSID value found.
O2 - BHO: (no name) - {F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent File not found
O4 - HKLM..\RunOnceEx: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - Winlogon\Notify\byXQKefG: DllName - (byXQKefG.dll) -  File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awttqnMe) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell - "" = AutoRun
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
[2008.04.11 07:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ricu123 21.02.2012 14:17
Hallo,
bei diesem Eintrag:
Code:
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
hängt sich das Programm auf und gibt "Keine Rückmeldung".

Was soll ich jetzt tun?

Gruß
:dankeschoen:

cosinus 21.02.2012 15:47
Probier den FIx im abgesicherten Modus aus

ricu123 21.02.2012 19:26
Selbes Problem im abgesichterten Modus!
Hab mal nachgeschaut die Datei mit dem Pfad (C:\Programme\Ask.com\GenericAskToolbar.dll) existiert garnicht?

:dankeschoen:

cosinus 21.02.2012 19:30
Dann nimm mal nur diese Zeile raus dem Fixscript und probiers erneut

ricu123 22.02.2012 15:29
Musste jetzt:
Code:
O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
und
Code:
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
rausnehmen, damit es lief, hier die Logdatei:
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Folder C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\ not found.
Folder C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com\ not found.
File C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml not found.
Folder C:\Programme\Mozilla Firefox\extensions\ not found.
Folder C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}\ not found.
File C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml not found.
File C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml not found.
File C:\Programme\mozilla firefox\searchplugins\zumie.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
File C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E859E13A-569E-463D-BE84-A259AD7DB843}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E859E13A-569E-463D-BE84-A259AD7DB843}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}\ not found.
File C:\WINDOWS\system32\eDStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B99F805C-F0B1-48EA-8C8B-753BFCBED913} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B99F805C-F0B1-48EA-8C8B-753BFCBED913}\ not found.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
File C:\WINDOWS\system32\eDStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byXQKefG\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\awttqnMe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
File F:\Windows\CHECK\DriveNavigator.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\ not found.
File F:\Toshiba\more4you.exe not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg folder moved successfully.
C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko folder moved successfully.
C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35993 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1057171 bytes
->FireFox cache emptied: 0 bytes
 
User: Poppel
->Temp folder emptied: 48740456 bytes
->Temporary Internet Files folder emptied: 7433580 bytes
->Java cache emptied: 300221 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6052679 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 56972 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840818 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 62,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.1 log created on 02222012_152838

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_9a8.dat moved successfully.

Registry entries deleted on Reboot...

cosinus 22.02.2012 19:10
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

ricu123 22.02.2012 20:04
Habe durch das Tool von Kaspersky jetzt 20 Einträge, alle mit "medium risk", die soll ich also alle skippen?

hier die Logdatei:
Code:
20:06:51.0515 3804        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
20:06:52.0375 3804        ============================================================
20:06:52.0375 3804        Current date / time: 2012/02/22 20:06:52.0375
20:06:52.0375 3804        SystemInfo:
20:06:52.0375 3804       
20:06:52.0375 3804        OS Version: 5.1.2600 ServicePack: 3.0
20:06:52.0375 3804        Product type: Workstation
20:06:52.0375 3804        ComputerName: ACER-A9CE03BBC6
20:06:52.0390 3804        UserName: ******
20:06:52.0390 3804        Windows directory: C:\WINDOWS
20:06:52.0390 3804        System windows directory: C:\WINDOWS
20:06:52.0390 3804        Processor architecture: Intel x86
20:06:52.0390 3804        Number of processors: 1
20:06:52.0390 3804        Page size: 0x1000
20:06:52.0390 3804        Boot type: Normal boot
20:06:52.0390 3804        ============================================================
20:06:53.0875 3804        Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:06:53.0875 3804        Drive \Device\Harddisk1\DR4 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:06:53.0875 3804        \Device\Harddisk0\DR0:
20:06:53.0875 3804        MBR used
20:06:53.0875 3804        \Device\Harddisk0\DR0\Partition0: MBR, Type 0xC, StartLBA 0x7D047E, BlocksNum 0x6B62221
20:06:53.0875 3804        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x733269F, BlocksNum 0x6C61122
20:06:53.0875 3804        \Device\Harddisk1\DR4:
20:06:53.0875 3804        MBR used
20:06:53.0875 3804        \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
20:06:54.0000 3804        Initialize success
20:06:54.0000 3804        ============================================================
20:08:07.0312 2584        ============================================================
20:08:07.0312 2584        Scan started
20:08:07.0312 2584        Mode: Manual; SigCheck; TDLFS;
20:08:07.0312 2584        ============================================================
20:08:10.0609 2584        Abiosdsk - ok
20:08:13.0015 2584        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:08:17.0671 2584        abp480n5 - ok
20:08:22.0656 2584        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:08:23.0187 2584        ACPI - ok
20:08:24.0890 2584        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:08:25.0125 2584        ACPIEC - ok
20:08:30.0875 2584        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:08:31.0078 2584        adpu160m - ok
20:08:39.0890 2584        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:08:40.0109 2584        aec - ok
20:08:43.0015 2584        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:08:43.0218 2584        AFD - ok
20:08:44.0343 2584        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
20:08:44.0578 2584        agp440 - ok
20:08:47.0625 2584        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:08:47.0875 2584        agpCPQ - ok
20:08:50.0218 2584        Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:08:50.0296 2584        Aha154x - ok
20:08:51.0937 2584        aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:08:52.0140 2584        aic78u2 - ok
20:08:52.0421 2584        aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:08:52.0593 2584        aic78xx - ok
20:08:52.0687 2584        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
20:08:52.0875 2584        AliIde - ok
20:08:53.0171 2584        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:08:53.0328 2584        alim1541 - ok
20:08:53.0453 2584        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:08:53.0640 2584        amdagp - ok
20:08:53.0781 2584        AmdK8          (a96cc1761e4e6e997f3ca0021226c431) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
20:08:53.0812 2584        AmdK8 ( UnsignedFile.Multi.Generic ) - warning
20:08:53.0812 2584        AmdK8 - detected UnsignedFile.Multi.Generic (1)
20:08:53.0937 2584        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
20:08:54.0000 2584        amsint - ok
20:08:54.0125 2584        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:08:54.0281 2584        Arp1394 - ok
20:08:54.0500 2584        asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
20:08:54.0671 2584        asc - ok
20:08:54.0812 2584        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:08:54.0890 2584        asc3350p - ok
20:08:55.0000 2584        asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:08:55.0156 2584        asc3550 - ok
20:08:55.0390 2584        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:08:55.0546 2584        AsyncMac - ok
20:08:55.0625 2584        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:08:55.0781 2584        atapi - ok
20:08:56.0000 2584        Atdisk - ok
20:08:56.0109 2584        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:08:56.0281 2584        Atmarpc - ok
20:08:56.0515 2584        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:08:56.0687 2584        audstub - ok
20:08:56.0843 2584        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
20:08:56.0875 2584        avgio - ok
20:08:57.0062 2584        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:08:57.0171 2584        avgntflt - ok
20:08:57.0406 2584        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:08:57.0421 2584        avipbb - ok
20:08:57.0640 2584        BCM43XX        (3003c21e5e1f04ba84fc8e705a65db2b) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
20:08:57.0703 2584        BCM43XX - ok
20:08:57.0843 2584        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:08:58.0031 2584        Beep - ok
20:08:58.0375 2584        Cam5603D        (b2c100ade3a01b663caa7eb68ee80a51) C:\WINDOWS\system32\Drivers\BisonCam.sys
20:08:58.0437 2584        Cam5603D - ok
20:08:58.0609 2584        cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:08:58.0765 2584        cbidf - ok
20:08:58.0796 2584        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:08:58.0968 2584        cbidf2k - ok
20:08:59.0062 2584        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:08:59.0234 2584        CCDECODE - ok
20:08:59.0328 2584        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:08:59.0390 2584        cd20xrnt - ok
20:08:59.0437 2584        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:08:59.0593 2584        Cdaudio - ok
20:08:59.0687 2584        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:08:59.0843 2584        Cdfs - ok
20:08:59.0906 2584        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:09:00.0062 2584        Cdrom - ok
20:09:00.0328 2584        Changer - ok
20:09:00.0468 2584        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:09:00.0625 2584        CmBatt - ok
20:09:00.0750 2584        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:09:00.0906 2584        CmdIde - ok
20:09:01.0000 2584        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:09:01.0140 2584        Compbatt - ok
20:09:01.0250 2584        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:09:01.0406 2584        Cpqarray - ok
20:09:01.0546 2584        dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:09:01.0703 2584        dac2w2k - ok
20:09:01.0812 2584        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:09:01.0984 2584        dac960nt - ok
20:09:02.0203 2584        DcCam          (1b269ed3eb2d81ec11cd5b0544e89962) C:\WINDOWS\system32\DRIVERS\DcCam.sys
20:09:02.0234 2584        DcCam - ok
20:09:02.0468 2584        DcFpoint        (bd6ce20068159f9714ebe9e76decab2c) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
20:09:02.0515 2584        DcFpoint - ok
20:09:02.0828 2584        DCFS2K          (1315e0b5b6fc1fe930ee3498309700bd) C:\WINDOWS\system32\drivers\dcfs2k.sys
20:09:02.0859 2584        DCFS2K - ok
20:09:03.0093 2584        DcLps          (5f5055efb3e0820f349924e7c5bd5af4) C:\WINDOWS\system32\DRIVERS\DcLps.sys
20:09:03.0109 2584        DcLps - ok
20:09:03.0421 2584        DcPTP          (31689427da60a724b31a622b35ed21ec) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
20:09:03.0437 2584        DcPTP - ok
20:09:03.0531 2584        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:09:03.0703 2584        Disk - ok
20:09:03.0921 2584        DKbFltr        (060db81dfb79c8244eb65d10b6c7873f) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
20:09:03.0953 2584        DKbFltr - ok
20:09:04.0109 2584        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:09:04.0312 2584        dmboot - ok
20:09:04.0546 2584        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:09:04.0718 2584        dmio - ok
20:09:04.0750 2584        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:09:04.0890 2584        dmload - ok
20:09:05.0093 2584        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:09:05.0281 2584        DMusic - ok
20:09:05.0437 2584        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:09:05.0593 2584        dpti2o - ok
20:09:05.0671 2584        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:09:05.0843 2584        drmkaud - ok
20:09:07.0125 2584        eLock2BurnerLockDriver (70f3d2751ba8877ee06becfc59bd77f1) C:\WINDOWS\system32\eLock2BurnerLockDriver.sys
20:09:07.0140 2584        eLock2BurnerLockDriver ( UnsignedFile.Multi.Generic ) - warning
20:09:07.0140 2584        eLock2BurnerLockDriver - detected UnsignedFile.Multi.Generic (1)
20:09:08.0437 2584        eLock2FSCTLDriver (8a24dcb29abc693f1d3085a69239e84b) C:\WINDOWS\system32\eLock2FSCTLDriver.sys
20:09:08.0468 2584        eLock2FSCTLDriver ( UnsignedFile.Multi.Generic ) - warning
20:09:08.0468 2584        eLock2FSCTLDriver - detected UnsignedFile.Multi.Generic (1)
20:09:08.0765 2584        Exportit        (f85ffdeae43f9e9a7c3f4e3cc5ef09eb) C:\WINDOWS\system32\DRIVERS\exportit.sys
20:09:08.0781 2584        Exportit - ok
20:09:08.0859 2584        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:09:09.0031 2584        Fastfat - ok
20:09:09.0078 2584        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:09:09.0234 2584        Fdc - ok
20:09:09.0359 2584        FETNDIS        (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
20:09:09.0531 2584        FETNDIS - ok
20:09:09.0609 2584        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:09:09.0765 2584        Fips - ok
20:09:09.0921 2584        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:09:10.0078 2584        Flpydisk - ok
20:09:10.0328 2584        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:09:10.0484 2584        FltMgr - ok
20:09:10.0515 2584        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:09:10.0687 2584        Fs_Rec - ok
20:09:10.0890 2584        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:09:11.0078 2584        Ftdisk - ok
20:09:11.0234 2584        gagp30kx        (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
20:09:11.0421 2584        gagp30kx - ok
20:09:11.0640 2584        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:09:11.0656 2584        GEARAspiWDM - ok
20:09:11.0828 2584        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:09:11.0984 2584        Gpc - ok
20:09:12.0203 2584        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:09:12.0359 2584        HDAudBus - ok
20:09:12.0562 2584        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:09:12.0718 2584        HidUsb - ok
20:09:12.0859 2584        hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
20:09:13.0015 2584        hpn - ok
20:09:13.0203 2584        HSFHWAZL        (a902a7e76c245210eee9ef5185158e9c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:09:13.0234 2584        HSFHWAZL - ok
20:09:13.0593 2584        HSF_DPV        (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:09:13.0671 2584        HSF_DPV - ok
20:09:14.0015 2584        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:09:14.0062 2584        HTTP - ok
20:09:14.0218 2584        i2omgmt        (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:09:14.0390 2584        i2omgmt - ok
20:09:14.0515 2584        i2omp          (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:09:14.0671 2584        i2omp - ok
20:09:14.0859 2584        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:09:15.0031 2584        i8042prt - ok
20:09:15.0203 2584        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:09:15.0359 2584        Imapi - ok
20:09:15.0500 2584        ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:09:15.0656 2584        ini910u - ok
20:09:15.0890 2584        int15          (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\WINDOWS\system32\drivers\int15.sys
20:09:15.0906 2584        int15 ( UnsignedFile.Multi.Generic ) - warning
20:09:15.0906 2584        int15 - detected UnsignedFile.Multi.Generic (1)
20:09:15.0937 2584        int15.sys - ok
20:09:16.0265 2584        IntcAzAudAddService (12f4d2aa29745dc2a403ff42e75cf7fa) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:09:16.0750 2584        IntcAzAudAddService - ok
20:09:16.0921 2584        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:09:17.0093 2584        IntelIde - ok
20:09:17.0171 2584        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:09:17.0328 2584        Ip6Fw - ok
20:09:17.0375 2584        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:09:17.0546 2584        IpFilterDriver - ok
20:09:17.0718 2584        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:09:17.0875 2584        IpInIp - ok
20:09:17.0968 2584        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:09:18.0125 2584        IpNat - ok
20:09:18.0312 2584        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:09:18.0484 2584        IPSec - ok
20:09:18.0703 2584        irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
20:09:18.0781 2584        irda - ok
20:09:18.0921 2584        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:09:19.0000 2584        IRENUM - ok
20:09:19.0203 2584        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:09:19.0359 2584        isapnp - ok
20:09:19.0578 2584        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:09:19.0718 2584        Kbdclass - ok
20:09:19.0906 2584        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:09:20.0062 2584        kmixer - ok
20:09:20.0296 2584        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:09:20.0343 2584        KSecDD - ok
20:09:20.0656 2584        lbrtfdc - ok
20:09:20.0843 2584        mdmxsdk        (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:09:20.0859 2584        mdmxsdk - ok
20:09:20.0968 2584        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:09:21.0125 2584        mnmdd - ok
20:09:21.0281 2584        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:09:21.0421 2584        Modem - ok
20:09:21.0484 2584        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:09:21.0640 2584        Mouclass - ok
20:09:21.0953 2584        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:09:22.0093 2584        mouhid - ok
20:09:22.0250 2584        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:09:22.0421 2584        MountMgr - ok
20:09:22.0562 2584        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:09:22.0718 2584        mraid35x - ok
20:09:22.0875 2584        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:09:23.0046 2584        MRxDAV - ok
20:09:23.0234 2584        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:09:23.0296 2584        MRxSmb - ok
20:09:23.0421 2584        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:09:23.0562 2584        Msfs - ok
20:09:23.0843 2584        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:09:24.0031 2584        MSKSSRV - ok
20:09:24.0265 2584        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:09:24.0421 2584        MSPCLOCK - ok
20:09:24.0593 2584        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:09:24.0765 2584        MSPQM - ok
20:09:25.0015 2584        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:09:25.0156 2584        mssmbios - ok
20:09:25.0375 2584        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:09:25.0531 2584        MSTEE - ok
20:09:25.0703 2584        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:09:25.0750 2584        Mup - ok
20:09:25.0828 2584        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:09:26.0000 2584        NABTSFEC - ok
20:09:26.0125 2584        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:09:26.0281 2584        NDIS - ok
20:09:26.0421 2584        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:09:26.0593 2584        NdisIP - ok
20:09:26.0828 2584        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:09:26.0843 2584        NdisTapi - ok
20:09:26.0921 2584        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:09:27.0093 2584        Ndisuio - ok
20:09:27.0171 2584        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:09:27.0328 2584        NdisWan - ok
20:09:27.0546 2584        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:09:27.0593 2584        NDProxy - ok
20:09:27.0703 2584        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:09:27.0859 2584        NetBIOS - ok
20:09:27.0984 2584        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:09:28.0156 2584        NetBT - ok
20:09:28.0312 2584        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:09:28.0484 2584        NIC1394 - ok
20:09:28.0609 2584        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:09:28.0796 2584        Npfs - ok
20:09:29.0015 2584        NSCIRDA        (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
20:09:29.0093 2584        NSCIRDA - ok
20:09:29.0234 2584        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:09:29.0406 2584        Ntfs - ok
20:09:29.0640 2584        NTIDrvr        (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
20:09:29.0671 2584        NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
20:09:29.0671 2584        NTIDrvr - detected UnsignedFile.Multi.Generic (1)
20:09:29.0734 2584        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:09:29.0875 2584        Null - ok
20:09:30.0265 2584        nv              (59e5d945934ec2e7eaa22af81813dabf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:09:30.0609 2584        nv ( UnsignedFile.Multi.Generic ) - warning
20:09:30.0609 2584        nv - detected UnsignedFile.Multi.Generic (1)
20:09:30.0859 2584        nvata          (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
20:09:30.0890 2584        nvata - ok
20:09:31.0062 2584        NVENETFD        (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
20:09:31.0062 2584        NVENETFD ( UnsignedFile.Multi.Generic ) - warning
20:09:31.0062 2584        NVENETFD - detected UnsignedFile.Multi.Generic (1)
20:09:31.0218 2584        nvnetbus        (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
20:09:31.0234 2584        nvnetbus ( UnsignedFile.Multi.Generic ) - warning
20:09:31.0234 2584        nvnetbus - detected UnsignedFile.Multi.Generic (1)
20:09:31.0390 2584        nvsmu          (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
20:09:31.0390 2584        nvsmu ( UnsignedFile.Multi.Generic ) - warning
20:09:31.0390 2584        nvsmu - detected UnsignedFile.Multi.Generic (1)
20:09:31.0453 2584        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:09:31.0625 2584        NwlnkFlt - ok
20:09:31.0765 2584        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:09:31.0906 2584        NwlnkFwd - ok
20:09:32.0031 2584        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:09:32.0203 2584        ohci1394 - ok
20:09:32.0265 2584        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
20:09:32.0406 2584        Parport - ok
20:09:32.0500 2584        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:09:32.0640 2584        PartMgr - ok
20:09:32.0703 2584        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:09:32.0875 2584        ParVdm - ok
20:09:32.0968 2584        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:09:33.0109 2584        PCI - ok
20:09:33.0328 2584        PCIDump - ok
20:09:33.0453 2584        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:09:33.0609 2584        PCIIde - ok
20:09:33.0718 2584        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:09:33.0859 2584        Pcmcia - ok
20:09:34.0265 2584        PDCOMP - ok
20:09:34.0500 2584        PDFRAME - ok
20:09:34.0734 2584        PDRELI - ok
20:09:34.0984 2584        PDRFRAME - ok
20:09:35.0109 2584        perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
20:09:35.0265 2584        perc2 - ok
20:09:35.0375 2584        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:09:35.0515 2584        perc2hib - ok
20:09:35.0656 2584        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:09:35.0812 2584        PptpMiniport - ok
20:09:35.0906 2584        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
20:09:36.0062 2584        Processor - ok
20:09:36.0140 2584        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:09:36.0296 2584        PSched - ok
20:09:36.0546 2584        psdfilter      (f11d814c3b6c60d3fdf19b12d73ae12d) C:\WINDOWS\system32\Drivers\psdfilter.sys
20:09:36.0562 2584        psdfilter ( UnsignedFile.Multi.Generic ) - warning
20:09:36.0562 2584        psdfilter - detected UnsignedFile.Multi.Generic (1)
20:09:36.0812 2584        psdvdisk        (8bcfef59df08c9542636c7b2e1e90ee9) C:\WINDOWS\system32\Drivers\psdvdisk.sys
20:09:36.0812 2584        psdvdisk ( UnsignedFile.Multi.Generic ) - warning
20:09:36.0812 2584        psdvdisk - detected UnsignedFile.Multi.Generic (1)
20:09:36.0890 2584        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:09:37.0062 2584        Ptilink - ok
20:09:37.0296 2584        PxHelp20        (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:09:37.0312 2584        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:09:37.0312 2584        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:09:37.0437 2584        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:09:37.0578 2584        ql1080 - ok
20:09:37.0687 2584        Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:09:37.0859 2584        Ql10wnt - ok
20:09:37.0984 2584        ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:09:38.0140 2584        ql12160 - ok
20:09:38.0281 2584        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:09:38.0437 2584        ql1240 - ok
20:09:38.0640 2584        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:09:38.0796 2584        ql1280 - ok
20:09:38.0828 2584        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:09:39.0015 2584        RasAcd - ok
20:09:39.0218 2584        Rasirda        (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
20:09:39.0281 2584        Rasirda - ok
20:09:39.0406 2584        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:09:39.0546 2584        Rasl2tp - ok
20:09:39.0640 2584        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:09:39.0796 2584        RasPppoe - ok
20:09:39.0859 2584        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:09:40.0015 2584        Raspti - ok
20:09:40.0140 2584        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:09:40.0296 2584        Rdbss - ok
20:09:40.0343 2584        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:09:40.0484 2584        RDPCDD - ok
20:09:40.0656 2584        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:09:40.0796 2584        rdpdr - ok
20:09:40.0953 2584        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:09:41.0000 2584        RDPWD - ok
20:09:41.0125 2584        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:09:41.0296 2584        redbook - ok
20:09:41.0578 2584        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:09:41.0656 2584        Secdrv - ok
20:09:41.0796 2584        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
20:09:41.0968 2584        Serial - ok
20:09:42.0078 2584        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
20:09:42.0218 2584        Sfloppy - ok
20:09:42.0515 2584        Simbad - ok
20:09:42.0703 2584        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:09:42.0859 2584        sisagp - ok
20:09:42.0953 2584        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:09:43.0109 2584        SLIP - ok
20:09:43.0328 2584        snapman        (5c18c6b4d6b6111ddabe055880696f31) C:\WINDOWS\system32\DRIVERS\snapman.sys
20:09:43.0343 2584        snapman ( UnsignedFile.Multi.Generic ) - warning
20:09:43.0343 2584        snapman - detected UnsignedFile.Multi.Generic (1)
20:09:43.0437 2584        Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:09:43.0500 2584        Sparrow - ok
20:09:43.0625 2584        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:09:43.0781 2584        splitter - ok
20:09:44.0000 2584        sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
20:09:44.0000 2584        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
20:09:44.0000 2584        sptd ( LockedFile.Multi.Generic ) - warning
20:09:44.0000 2584        sptd - detected LockedFile.Multi.Generic (1)
20:09:44.0187 2584        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:09:44.0250 2584        sr - ok
20:09:44.0500 2584        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:09:44.0562 2584        Srv - ok
20:09:44.0796 2584        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:09:44.0812 2584        ssmdrv - ok
20:09:44.0921 2584        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:09:45.0078 2584        streamip - ok
20:09:45.0156 2584        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:09:45.0312 2584        swenum - ok
20:09:45.0421 2584        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:09:45.0593 2584        swmidi - ok
20:09:45.0796 2584        symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
20:09:45.0953 2584        symc810 - ok
20:09:46.0125 2584        symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:09:46.0296 2584        symc8xx - ok
20:09:46.0406 2584        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:09:46.0578 2584        sym_hi - ok
20:09:46.0687 2584        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:09:46.0843 2584        sym_u3 - ok
20:09:47.0031 2584        SynTP          (69bf2dd9b1099d1aa3e7cf14b4b842cd) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:09:47.0062 2584        SynTP - ok
20:09:47.0156 2584        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:09:47.0312 2584        sysaudio - ok
20:09:47.0500 2584        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:09:47.0546 2584        Tcpip - ok
20:09:47.0703 2584        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:09:47.0875 2584        TDPIPE - ok
20:09:47.0921 2584        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:09:48.0078 2584        TDTCP - ok
20:09:48.0125 2584        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:09:48.0265 2584        TermDD - ok
20:09:48.0453 2584        tifm21          (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
20:09:48.0468 2584        tifm21 ( UnsignedFile.Multi.Generic ) - warning
20:09:48.0468 2584        tifm21 - detected UnsignedFile.Multi.Generic (1)
20:09:48.0718 2584        tifsfilter      (6f66601689163373bda1a3cb10dfa633) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
20:09:48.0718 2584        tifsfilter ( UnsignedFile.Multi.Generic ) - warning
20:09:48.0718 2584        tifsfilter - detected UnsignedFile.Multi.Generic (1)
20:09:49.0031 2584        timounter      (dec7d1d20259feff19c2a3114d428d61) C:\WINDOWS\system32\DRIVERS\timntr.sys
20:09:49.0046 2584        timounter ( UnsignedFile.Multi.Generic ) - warning
20:09:49.0046 2584        timounter - detected UnsignedFile.Multi.Generic (1)
20:09:49.0156 2584        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
20:09:49.0296 2584        TosIde - ok
20:09:49.0703 2584        tvicport        (97dd70feca64fb4f63de7bb7e66a80b1) C:\WINDOWS\system32\drivers\tvicport.sys
20:09:49.0718 2584        tvicport ( UnsignedFile.Multi.Generic ) - warning
20:09:49.0718 2584        tvicport - detected UnsignedFile.Multi.Generic (1)
20:09:49.0921 2584        UBHelper        (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
20:09:49.0921 2584        UBHelper ( UnsignedFile.Multi.Generic ) - warning
20:09:49.0921 2584        UBHelper - detected UnsignedFile.Multi.Generic (1)
20:09:50.0000 2584        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:09:50.0156 2584        Udfs - ok
20:09:50.0312 2584        ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
20:09:50.0375 2584        ultra - ok
20:09:50.0562 2584        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:09:50.0703 2584        Update - ok
20:09:50.0890 2584        USBAAPL        (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:09:50.0937 2584        USBAAPL - ok
20:09:51.0125 2584        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:09:51.0281 2584        usbehci - ok
20:09:51.0531 2584        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:09:51.0671 2584        usbhub - ok
20:09:51.0906 2584        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:09:52.0062 2584        usbohci - ok
20:09:52.0312 2584        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:09:52.0468 2584        usbprint - ok
20:09:52.0765 2584        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:09:52.0937 2584        usbscan - ok
20:09:53.0203 2584        usbstor        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:09:53.0375 2584        usbstor - ok
20:09:53.0609 2584        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:09:53.0765 2584        usbuhci - ok
20:09:54.0031 2584        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:09:54.0187 2584        VgaSave - ok
20:09:54.0343 2584        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:09:54.0531 2584        viaagp - ok
20:09:54.0781 2584        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
20:09:54.0968 2584        ViaIde - ok
20:09:55.0171 2584        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:09:55.0312 2584        VolSnap - ok
20:09:55.0562 2584        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:09:55.0703 2584        Wanarp - ok
20:09:55.0937 2584        wanatw - ok
20:09:56.0156 2584        WDICA - ok
20:09:56.0406 2584        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:09:56.0562 2584        wdmaud - ok
20:09:56.0765 2584        winachsf        (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:09:56.0812 2584        winachsf - ok
20:09:57.0171 2584        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:09:57.0328 2584        WmiAcpi - ok
20:09:57.0593 2584        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:09:57.0734 2584        WSTCODEC - ok
20:09:57.0953 2584        zntport        (40ac8590cc9006dbb99ffcb37879d4c6) C:\WINDOWS\system32\drivers\zntport.sys
20:09:57.0984 2584        zntport ( UnsignedFile.Multi.Generic ) - warning
20:09:57.0984 2584        zntport - detected UnsignedFile.Multi.Generic (1)
20:09:58.0015 2584        MBR (0x1B8)    (99852d5c3a78447c3d6d82b6155fe848) \Device\Harddisk0\DR0
20:10:01.0765 2584        \Device\Harddisk0\DR0 - ok
20:10:01.0828 2584        Boot (0x1200)  (9580940a801cb45580aed16bccc70fbe) \Device\Harddisk0\DR0\Partition0
20:10:01.0828 2584        \Device\Harddisk0\DR0\Partition0 - ok
20:10:01.0859 2584        Boot (0x1200)  (40aaec4c3d508b3b583d4dde6d3fb3b9) \Device\Harddisk0\DR0\Partition1
20:10:01.0859 2584        \Device\Harddisk0\DR0\Partition1 - ok
20:10:01.0875 2584        ============================================================
20:10:01.0875 2584        Scan finished
20:10:01.0875 2584        ============================================================
20:10:02.0015 0824        Detected object count: 20
20:10:02.0015 0824        Actual detected object count: 20
20:12:50.0609 0824        AmdK8 ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        AmdK8 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        eLock2BurnerLockDriver ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        eLock2BurnerLockDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        eLock2FSCTLDriver ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        eLock2FSCTLDriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        int15 ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        nv ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        NVENETFD ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        NVENETFD ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0609 0824        nvnetbus ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0609 0824        nvnetbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        nvsmu ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        nvsmu ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        psdfilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        psdfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        psdvdisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        psdvdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        snapman ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        snapman ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        sptd ( LockedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        tifm21 ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        tifm21 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        tifsfilter ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        tifsfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        timounter ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        timounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0625 0824        tvicport ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0625 0824        tvicport ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0640 0824        UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0640 0824        UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:50.0640 0824        zntport ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:50.0640 0824        zntport ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 22.02.2012 20:55
Ja bitte alles skippen, so stand es in der Anweisung


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ricu123 22.02.2012 21:16
Hi
Code:
Combofix Logfile:

       
Code:

       
ComboFix 12-02-22.01 - Poppel 22.02.2012  21:10:12.1.1 - FAT32x86
ausgeführt von:: c:\dokumente und einstellungen\Poppel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free
c:\dokumente und einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free\Logs\update.log
c:\dokumente und einstellungen\Poppel\WINDOWS
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\Uninstall.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
H:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-22 bis 2012-02-22  ))))))))))))))))))))))))))))))
.
.
2012-02-21 12:55 . 2012-02-21 12:55        --------        d-----w-        C:\_OTL
2012-02-19 20:47 . 2012-02-19 20:47        --------        d-----w-        c:\programme\ESET
2012-02-15 15:13 . 2012-01-11 19:06        3072        ------w-        c:\windows\system32\iacenc.dll
2012-02-15 15:13 . 2012-01-11 19:06        3072        ------w-        c:\windows\system32\dllcache\iacenc.dll
2012-02-07 17:36 . 2012-02-07 17:36        691696        ----a-w-        c:\windows\system32\drivers\sptd.sys
2012-02-07 17:36 . 2012-02-07 17:36        --------        d-----w-        c:\programme\LSoft Technologies
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 18:53 . 2012-01-12 18:53        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2004-08-04 04:00        1860096        ----a-w-        c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2006-01-09 19:01        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2004-08-04 04:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2004-08-04 04:00        1469440        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 04:00        385024        ----a-w-        c:\windows\system32\html.iec
2011-12-10 14:24 . 2010-11-28 21:04        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-04 04:00        293888        ----a-w-        c:\windows\system32\winsrv.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-05-25 786521]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 151552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"ntiMUI"="c:\programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 45056]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-08-08 634880]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-07-18 438272]
"eLockMonitor"="c:\acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [2006-03-31 16384]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-08-09 342016]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"AzMixerSel"="c:\programme\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-06-07 208896]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"QuickTime Task"="c:\programme\QuickTime Alternative\QTTask.exe" [2011-07-05 421888]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2011-08-25 886760]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Poppel\Startmenü\Programme\Autostart\
OpenOffice.org 3.2.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Kodak EasyShare Software.lnk - c:\programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-12-15 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonBar]
2006-09-08 10:49        245760        ----a-w-        c:\windows\BUtilityBar\BisonBar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:22        15360        ----a-w-        c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 04:00        59392        ----a-w-        c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 04:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 04:00        455168        ----a-w-        c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiVirService"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Programme\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\System32\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\Java\\JRE6\\launch4j-tmp\\UltraMixer.exe"=
"c:\\WINDOWS\\System32\\dplaysvr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Dokumente und Einstellungen\\Poppel\\Eigene Dateien\\Mari schule\\UnrealTournament\\System\\0CLICK.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6945:TCP"= 6945:TCP:League of Legends Launcher
"6945:UDP"= 6945:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6994:TCP"= 6994:TCP:League of Legends Launcher
"6994:UDP"= 6994:UDP:League of Legends Launcher
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [07.02.2012 18:36 691696]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [28.11.2010 22:26 136360]
R2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;c:\windows\system32\eLock2BurnerLockDriver.sys [15.12.2006 05:43 17664]
R2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\eLock2FSCTLDriver.sys [15.12.2006 05:43 90112]
R2 LockServ;LockServ;c:\acer\Empowering Technology\eLock\LockServ.exe -p --> c:\acer\Empowering Technology\eLock\LockServ.exe -p [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [16.02.2012 18:09 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [16.02.2012 18:09 136176]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - UBHELPER
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-22 c:\windows\Tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job
- c:\windows\system32\msfeedssync.exe [2006-12-15 03:31]
.
2012-02-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2011-08-25 14:24]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-02-16 17:09]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2012-02-16 17:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-557839895 - c:\dokumente und einstellungen\All Users\Application Data\687940834\557839895.exe
MSConfigStartUp-portwexexe - c:\portwexexe.exe\portwexexe.exe
MSConfigStartUp-{D6F5BC5F-543D-5AFB-146E-FE8A27A8AC05} - c:\dokumente und einstellungen\Poppel\Anwendungsdaten\Ukicko\ozwou.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-22 21:17
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3792)
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\acer\Empowering Technology\eLock\LockServ.exe
c:\windows\system32\nvsvc32.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\acer\Empowering Technology\eLock\Monitor\LockMon.exe
c:\windows\system32\wbem\unsecapp.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
c:\dokume~1\Poppel\LOKALE~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-22  21:21:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-22 20:21
.
Vor Suchlauf: 23 Verzeichnis(se), 19.294.683.136 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 19.169.935.360 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A7809B28B9D3A44EA898A7B5AAA60351

--- --- ---

gruß & :dankeschoen:

cosinus 22.02.2012 21:54
Partitionen nach NTFS konvertieren:
1) Start, Ausführen, cmd eintippen und ok
2) Befehl convert d: /fs:ntfs eintippen bestätigen mit Return oder Enter
3) Die aktuelle Bezeichnung von D: eintippen (siehst Du im Arbeitsplatz auf D: - wenn "Lokaler Datenträger" da nur steht hat D: keine Bezeichnung also nichts eintippen bei aktueller Laufwerksbezeichnung) - notfalls einen einfachen Namen für diese Partition vergeben im Arbeitsplatz über Rechtsklick=>Eigenschaften
4) Ggf. Bestätigen, dass das Laufwerk für den exklusiven Zugriff gesperrt werden muss mit J
5) Abwarten bis convert durch ist
Danach kommt C: dran
6) Befehl convert c: /fs:ntfs eintippen bestätigen mit Return oder Enter
7) Die aktuelle Bezeichnung von C: eintippen (siehst Du im Arbeitsplatz auf C:, wenn "Lokaler Datenträger" da nur steht hat C: keine Bezeichnung also nichts eintippen bei aktueller Laufwerksbezeichnung)
8) Hinweis, dass das Laufwerk beim nächsten Windows-Start konvertiert werden soll mit J bestätigen und Windows neustarten lassen, geduldig sein!


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132