Trojaner-Board - GVU Trojaner - Windows XP startet nicht im abgesicherten Modus

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - GVU Trojaner - Windows XP startet nicht im abgesicherten Modus (https://www.trojaner-board.de/115999-gvu-trojaner-windows-xp-startet-abgesicherten-modus.html)

GVU Trojaner - Windows XP startet nicht im abgesicherten Modus

Hallo,

ich habe mir anscheinend auch diesen GVU Virus eingefangen. Ich habe sofort die W-Lan Verbindung gekappt und nachdem das "GVU" Fenster angezeigt wurde, den Computer ausgeschaltet. Dann habe ich probiert, über den abgesicherten Modus mit Eingabeaufforderung eine Systemwiederherstellung zu machen. Leider kommt da nur eine Meldung "Press ESC to chancel loading SPTD.sys" und dann startet der Computer neu.
Der Computer bootet normal und ich kann mich auch über das normale Fenster anmelden. Dann erscheint mein Hintergrundbild, allerdings ist die Startleiste weg und ich kann auch den Taskmanager nicht aufrufen. Die Zahlungsaufforderung bzw. das "GVU" Fenster kommt allerdings nicht mehr.
Gerade schreibe ich von meinem uninfizierten Zweitlaptop.
Wäre super, wenn mir jemand helfen könnte!
Grüße

Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

Hallo Arne,

also ich hab mit OTLPE gestartet und alles gemacht, wie von dir beschrieben.
Allerdings kam bei mir nach dem Scan nur dieses .txt File. Ich hoffe, das hilft dir weiter.
Danke auf jeden Fall für deine Untersützung!

OTL Logfile:

Code:

OTL logfile created on: 5/31/2012 7:26:02 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,023.00 Mb Total Physical Memory | 792.00 Mb Available Physical Memory | 77.00% Memory free

907.00 Mb Paging File | 846.00 Mb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 30.21 Gb Total Space | 0.35 Gb Free Space | 1.15% Space Free | Partition Type: NTFS

Drive D: | 108.83 Gb Total Space | 0.61 Gb Free Space | 0.56% Space Free | Partition Type: NTFS

Drive E: | 10.00 Gb Total Space | 5.89 Gb Free Space | 58.87% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet008

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled] --  -- (HidServ)

SRV - File not found [On_Demand] --  -- (AppMgmt)

SRV - [2012/05/09 02:08:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012/05/09 02:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012/04/25 18:58:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/16 10:31:14 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/02/26 19:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2012/01/13 09:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/07/20 00:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010/11/22 23:41:09 | 002,326,920 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2010/05/07 13:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2009/09/24 05:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)

SRV - [2009/09/12 11:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2009/03/03 07:45:11 | 000,296,400 | ---- | M] () [Auto] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)

SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2007/04/03 11:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2007/03/26 08:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2006/10/26 09:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005/09/30 14:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2005/04/01 07:18:08 | 000,061,440 | ---- | M] (Cyberlink) [Auto] -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

SRV - [2005/04/01 07:17:02 | 000,110,676 | ---- | M] () [Auto] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2005/04/01 07:16:56 | 000,184,406 | ---- | M] () [Auto] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2003/11/11 09:19:50 | 000,053,248 | ---- | M] (GEAR Software) [Auto] -- C:\WINDOWS\system32\GearSec.exe -- (GEARSecurity)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (zlportio)

DRV - File not found [Kernel | On_Demand] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)

DRV - File not found [Kernel | System] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand] --  -- (PCASp50)

DRV - File not found [Kernel | On_Demand] --  -- (nhcDriverDevice)

DRV - File not found [Kernel | On_Demand] --  -- (nhcAcpi_driver)

DRV - File not found [Kernel | Boot] --  -- (lfrwknip)

DRV - File not found [Kernel | System] --  -- (lbrtfdc)

DRV - File not found [Kernel | On_Demand] --  -- (jfdcd)

DRV - File not found [Kernel | System] --  -- (i2omgmt)

DRV - File not found [Kernel | System] --  -- (Changer)

DRV - File not found [Kernel | On_Demand] --  -- (catchme)

DRV - File not found [Kernel | Boot] --  -- (btjmjfg)

DRV - [2012/05/21 13:04:25 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2012/05/09 02:08:19 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012/05/09 02:08:19 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/12/10 10:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/12/08 00:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011/12/08 00:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011/12/08 00:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)

DRV - [2011/12/08 00:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)

DRV - [2011/12/08 00:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2011/11/29 11:38:04 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)

DRV - [2011/10/11 10:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010/11/22 23:41:28 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)

DRV - [2010/11/22 23:40:51 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)

DRV - [2010/11/22 23:40:41 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)

DRV - [2010/11/22 23:39:14 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)

DRV - [2010/06/17 10:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/05/14 18:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2010/05/14 18:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)

DRV - [2010/05/14 18:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2010/05/14 18:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2010/05/07 13:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2010/02/11 07:36:50 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009/04/22 20:02:00 | 000,440,832 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusbn.sys -- (fwlanusbn)

DRV - [2009/04/22 20:02:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)

DRV - [2009/02/13 15:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2008/07/24 06:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008/06/06 03:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2008/05/07 01:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2008/05/07 01:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008/05/07 01:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008/01/10 10:49:36 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)

DRV - [2007/04/03 11:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007/01/31 08:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007/01/18 09:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/12/13 19:41:48 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)

DRV - [2006/06/18 17:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005/08/17 05:11:04 | 000,201,984 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)

DRV - [2005/08/01 06:44:16 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/08/01 03:09:32 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005/08/01 03:00:55 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2005/01/26 03:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2004/08/31 14:07:08 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2003/07/16 09:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2002/08/14 10:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\Hammann_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\Hammann_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\Hammann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zdf.de/

IE - HKU\Hammann_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\Hammann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Hammann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.startup.homepage: "hxxp://www.elmundo.es/"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0:  File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5038 [2011/11/04 12:45:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/04/25 18:58:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/04/04 03:58:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5038 [2011/11/04 12:45:32 | 000,000,000 | ---D | M]

 

[2010/04/25 15:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Extensions

[2012/05/29 08:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions

[2010/08/10 04:58:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2007/01/03 13:42:32 | 000,000,000 | ---D | M] (Update-Checker) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2012/03/30 10:13:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2007/10/21 09:36:38 | 000,000,000 | ---D | M] ("FI-Grabber") -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}

[2006/07/24 08:38:17 | 000,000,000 | ---D | M] (refspoof) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions\{e7847830-db6a-05eb-669f-81b2ed2778c7}(2)

[2010/08/10 04:58:55 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions\firefox@tvunetworks.com

[2009/05/09 12:31:14 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions\moveplayer@movenetworks.com

[2012/04/25 18:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

File not found (No name found) -- 

[2012/04/25 18:57:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012/04/03 06:38:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012/02/21 22:47:01 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012/02/21 22:47:01 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012/02/21 22:47:01 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012/02/21 22:47:01 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012/02/21 22:47:01 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012/02/21 22:47:01 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010/10/01 04:17:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)

O3 - HKU\Hammann_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Panda Media Booster ] C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe (Business Hotel Meison, Shirahama-cho)

O4 - HKU\Hammann_ON_C..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

O4 - HKU\Hammann_ON_C..\Run: [Panda Media Booster ] C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe (Business Hotel Meison, Shirahama-cho)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Hammann_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Suche - C:\Programme\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.extrafilm.de/ImageUploader5.cab (Image Uploader Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class)

O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} hxxp://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab (DeskUpdate - Activex Control)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.vexcast.com/download/vexcast.cab (VodClient Control Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/10/06 11:43:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/05/30 05:20:56 | 000,117,993 | ---- | C] (Business Hotel Meison, Shirahama-cho) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe

[2012/05/21 19:37:43 | 000,000,000 | ---D | C] -- C:\MEGA2

[2012/05/21 13:10:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Alcohol 120%

[2012/05/21 13:10:01 | 000,000,000 | ---D | C] -- C:\Programme\Alcohol Soft

[2012/05/21 07:15:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in

[2012/05/21 02:59:37 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Hammann\Recent

[2012/05/09 02:26:25 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft

[2012/05/09 02:26:06 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive

[2012/05/09 02:25:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Live

[2012/05/05 04:15:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Davuof

[2012/05/04 03:55:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hammann\My Documents

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/05/30 19:03:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/05/30 19:02:52 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/30 18:15:11 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/05/30 18:14:39 | 000,003,072 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\panda.dll

[2012/05/30 18:14:14 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/30 07:52:02 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/30 05:20:43 | 000,117,993 | ---- | M] (Business Hotel Meison, Shirahama-cho) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe

[2012/05/30 05:00:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/05/24 06:51:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/05/23 09:39:44 | 000,477,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/05/23 09:39:43 | 000,502,520 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012/05/23 09:39:43 | 000,103,538 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012/05/23 09:39:43 | 000,086,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/05/21 19:41:24 | 000,000,009 | ---- | M] () -- C:\MRACE.DAT

[2012/05/21 13:10:14 | 000,000,805 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk

[2012/05/21 13:10:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Alcohol 120%

[2012/05/21 13:08:06 | 000,346,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/05/21 07:15:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in

[2012/05/21 06:58:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/05/21 02:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2012/05/12 14:01:30 | 000,087,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\kolloquium-ss-2012-ubersicht.pdf

[2012/05/11 06:47:22 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\Microsoft Office Word 2007.lnk

[2012/05/09 02:26:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Live

[2012/05/09 02:08:19 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2012/05/09 02:08:19 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2012/05/06 16:30:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/05/30 05:20:59 | 000,003,072 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\panda.dll

[2012/05/21 13:10:14 | 000,000,805 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk

[2012/05/21 06:47:57 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2012/05/14 10:35:21 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012/05/12 14:01:30 | 000,087,519 | ---- | C] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\kolloquium-ss-2012-ubersicht.pdf

[2012/02/19 19:58:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/11/29 11:38:18 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe

[2011/11/29 11:38:12 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll

[2011/11/29 11:38:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll

[2011/11/29 11:38:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll

[2011/11/29 11:38:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

[2011/10/09 16:53:56 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat

[2010/10/07 15:06:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/09/30 16:58:26 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL

[2010/09/30 04:32:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/09/30 04:32:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/09/30 04:32:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/09/30 04:32:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/09/30 04:32:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/07/20 04:37:36 | 000,077,860 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010/07/14 05:44:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2010/05/14 17:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

[2010/05/14 17:56:06 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

[2010/05/14 17:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

[2010/05/14 17:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010/05/12 05:10:37 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010/05/10 04:20:01 | 000,000,808 | ---- | C] () -- C:\WINDOWS\System32\OKIPAR.DAT

[2010/05/07 13:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2010/05/07 13:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2010/04/25 12:54:37 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Hammann\PUTTY.RND

[2010/01/15 10:21:54 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2009/10/31 06:08:11 | 000,207,808 | RHS- | C] () -- C:\WINDOWS\System32\prapproxy32.dll

[2009/08/26 16:06:46 | 000,016,037 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwlanusbn.bin

[2009/04/24 04:51:34 | 000,000,378 | ---- | C] () -- C:\Dokumente und Einstellungen\Hammann\.JMAppsCfg

[2009/04/23 18:46:00 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll

[2009/04/23 18:46:00 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll

[2009/04/23 18:46:00 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll

[2009/04/23 18:46:00 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll

[2009/04/23 18:46:00 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll

[2009/04/23 18:46:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll

[2009/04/23 18:46:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll

[2009/04/23 18:46:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll

[2009/04/23 18:46:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll

[2009/04/23 18:46:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll

[2009/04/23 18:46:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll

[2009/04/23 18:46:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll

[2009/04/23 18:46:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll

[2009/04/23 18:46:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll

[2009/04/23 18:46:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll

[2009/04/23 18:46:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll

[2009/04/23 18:46:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll

[2009/04/23 18:46:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll

[2009/04/23 18:46:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll

[2009/04/23 18:46:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll

[2009/04/23 18:46:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll

[2009/02/24 15:31:56 | 000,000,113 | ---- | C] () -- C:\WINDOWS\PPSMediaList.ini

[2008/05/09 13:02:28 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini

[2008/02/20 22:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008/02/20 22:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2007/10/04 11:09:09 | 000,018,944 | ---- | C] () -- C:\WINDOWS\eraser.exe

[2007/10/02 15:28:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ppsrc.ini

[2007/10/02 15:22:15 | 000,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini

[2007/10/02 15:09:00 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerlist.ini

[2007/09/29 10:26:29 | 000,001,015 | ---- | C] () -- C:\WINDOWS\powerplayer.ini

[2007/09/29 10:26:18 | 000,001,104 | ---- | C] () -- C:\WINDOWS\psnetwork.ini

[2007/04/03 14:58:12 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini

[2007/04/03 11:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2007/04/03 11:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2007/03/09 13:38:36 | 000,000,613 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2007/02/25 10:00:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2007/02/19 10:59:32 | 000,000,090 | ---- | C] () -- C:\Dokumente und Einstellungen\Hammann\default.pls

[2006/12/23 11:12:48 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib

[2006/05/13 19:10:50 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2006/05/04 02:33:09 | 000,000,016 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hammann\mxfilerelatedcache.mxc2

[2006/02/13 19:37:19 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

[2006/02/09 08:33:58 | 000,122,535 | ---- | C] () -- C:\WINDOWS\RSEDNClientUninstaller.exe

[2006/02/09 08:04:14 | 000,000,225 | ---- | C] () -- C:\WINDOWS\POKERVID.INI

[2006/01/23 12:08:13 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE

[2006/01/13 18:53:32 | 000,107,132 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe

[2006/01/08 14:11:00 | 000,000,089 | ---- | C] () -- C:\WINDOWS\OPHCW.INI

[2006/01/01 19:53:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2006/01/01 19:48:45 | 000,002,997 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2005/12/14 15:52:37 | 000,000,192 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini

[2005/11/27 16:10:06 | 000,003,683 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/11/25 20:25:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2005/11/25 14:16:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini

[2005/11/25 14:16:02 | 000,000,070 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2005/11/25 14:16:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_9880.ini

[2005/11/25 12:45:55 | 000,000,449 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2005/11/20 03:53:55 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\change.dat

[2005/11/20 03:47:01 | 000,008,544 | ---- | C] () -- C:\WINDOWS\UCORESYS.SYS

[2005/11/19 10:54:45 | 000,000,302 | ---- | C] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\wklnhst.dat

[2005/11/19 10:26:51 | 000,036,774 | ---- | C] () -- C:\WINDOWS\System32\compare.dat

[2005/10/06 14:15:12 | 000,095,617 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2005/10/06 14:10:47 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll

[2005/10/06 14:10:32 | 000,502,520 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2005/10/06 14:10:32 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2005/10/06 14:10:32 | 000,103,538 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2005/10/06 14:10:32 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2005/10/06 14:10:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2005/10/06 14:10:18 | 000,477,510 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2005/10/06 14:10:18 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2005/10/06 14:10:18 | 000,086,564 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2005/10/06 14:10:18 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2005/10/06 14:10:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/10/06 14:10:17 | 000,004,643 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2005/10/06 14:10:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005/10/06 14:10:14 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2005/10/06 14:10:14 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2005/10/06 14:10:08 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2005/10/06 14:10:05 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2005/10/06 12:57:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005/10/06 12:39:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2005/10/06 12:35:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll

[2005/10/06 12:34:58 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2005/10/06 12:33:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2005/10/06 12:31:54 | 000,346,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2005/10/06 12:23:18 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005/10/06 11:48:36 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005/10/06 11:46:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2005/10/06 11:40:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2005/10/06 11:38:42 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003/03/31 11:49:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\DvdKeyAuth.dll

[2003/03/11 06:56:52 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010205PNG.dll

[2003/03/11 06:56:36 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010104Z.dll

[2003/03/11 06:56:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX015003JP2.dll

[2002/09/09 12:07:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

 
 ========== LOP Check ==========

 

[2010/12/25 13:18:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone

[2010/11/23 08:05:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Acronis

[2010/09/06 15:56:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Azureus

[2007/02/25 10:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\concept design

[2012/05/05 04:16:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Davuof

[2012/05/16 09:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Dropbox

[2010/04/25 15:10:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\E39AE961A42EF9A66057CB3515027948

[2007/11/08 02:57:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\eBay

[2010/06/05 10:04:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Facebook

[2007/07/03 07:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\ICQLite

[2010/11/12 13:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Leadertech

[2005/11/19 10:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\MAGIX

[2010/06/29 08:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Nokia

[2010/12/09 06:54:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\OpenOffice.org

[2011/05/09 08:06:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PC Suite

[2006/07/24 08:38:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Peak Bait License

[2010/04/18 11:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PPLive

[2007/09/29 09:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PPMate

[2009/10/25 14:19:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\ppstream

[2012/01/04 07:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung

[2008/04/13 08:53:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SimpleScreenshot

[2008/12/03 10:55:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Snapfish

[2012/02/25 16:06:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SparVoip

[2009/12/01 08:02:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\TeamViewer

[2005/11/19 10:54:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Template

[2010/04/25 15:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Thunderbird

[2010/01/04 12:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Verbindungsassistent

[2007/02/19 09:43:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\WholeSecurity

[2010/11/23 05:03:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis

[2012/03/19 08:10:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess

[2010/09/30 16:58:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ

[2006/07/24 08:38:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Dumb Ace Road Cash

[2011/07/17 08:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core

[2007/11/08 02:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay

[2006/12/23 11:12:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes

[2011/07/17 08:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts

[2008/09/29 10:32:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations

[2010/07/12 21:18:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage

[2007/12/02 19:57:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia

[2011/04/26 07:18:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OPPU

[2007/12/02 20:08:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

[2012/01/04 07:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung

[2011/02/06 10:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield

[2010/12/25 13:30:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone

[2009/01/15 16:32:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WholeSecurity

[2010/07/12 16:47:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

 
 ========== Purity Check ==========

 

 

< End of report >

--- --- ---

Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

DRV - File not found [Kernel | Boot] --  -- (lfrwknip)

DRV - File not found [Kernel | On_Demand] --  -- (jfdcd)

DRV - File not found [Kernel | Boot] --  -- (btjmjfg)

[2010/08/10 04:58:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Programme\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Programme\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)

O3 - HKU\Hammann_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [Panda Media Booster ] C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe (Business Hotel Meison, Shirahama-cho)

O4 - HKU\Hammann_ON_C..\Run: [Panda Media Booster ] C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe (Business Hotel Meison, Shirahama-cho)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Hammann_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1

O7 - HKU\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1

O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Suche - C:\Programme\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)

O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found

O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -  File not found

:Files

C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe

C:\MRACE.DAT

C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Davuof

C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\E39AE961A42EF9A66057CB3515027948

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

So ich hab alles gemacht wie beschrieben.
Der Computer scheint entsperrt zu sein, allerdings ist der komplette Dektop "leer". Also ich bekomme nichtmal den Arbeitsplatz oder Netzwerkumgebung angezeigt. Es fehlen alle Icons und Symbole außer die in der Taskleiste. Das Hintergrundbild ist normal. Ansonsten scheint alles normal zu funktionieren.
Vielen Dank erstmal!
Hier das Logfile, das ich nach dem Drücken auf Ok bekommen habe:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\lfrwknip deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\jfdcd deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\btjmjfg deleted successfully.
C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\mozilla\Firefox\Profiles\ntlresfk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22D8E815-4A5E-4DFB-845E-AAB64207F5BD}\ deleted successfully.
C:\Programme\eBay\eBay Toolbar2\eBayTb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{92085AD4-F48A-450D-BD93-B28CC7DF67CE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92085AD4-F48A-450D-BD93-B28CC7DF67CE}\ deleted successfully.
File C:\Programme\eBay\eBay Toolbar2\eBayTb.dll not found.
Registry value HKEY_USERS\Hammann_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Panda Media Booster not found.
C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe moved successfully.
Registry value HKEY_USERS\Hammann_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Panda Media Booster not found.
File C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry key HKEY_USERS\Hammann_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_USERS\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Registry value HKEY_USERS\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWinKeys deleted successfully.
Registry value HKEY_USERS\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\Hammann_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry key HKEY_USERS\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_USERS\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Suche\ deleted successfully.
File C:\Programme\eBay\eBay Toolbar2\eBayTb.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
========== FILES ==========
File\Folder C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe not found.
C:\MRACE.DAT moved successfully.
C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Davuof folder moved successfully.
C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\E39AE961A42EF9A66057CB3515027948 folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTLPE by OldTimer - Version 3.1.48.0 log created on 06012012_203034

Ich habe den Ordner MovedFiles gezippt und wie in der Anleitung beschrieben hochgeladen. Mir ist gerade noch aufgefallen, dass auch die Uhrzeit auf dem Rechner nicht mehr stimmt. Er zeigt gerade (15:48 Uhr) 20:48 Ur an.
Ich habe gerade noch das Internet ausprobiert und funktioniert auch einwandfrei... selbe Startseite und Einstellungen wie vorher.
Grüße und Danke nochmal für die Hilfe bisher!

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Also zu
1) JA funktioniert wieder ganz normal. Task Manager geht, Programme, usw...
zu
2) Im Startmenü ist auch alles vorhanden. Alles normal bis auf den völlig leeren Desktop.

Uhrzeit ließ sich über die ganz normale Funktion wieder richtig einstellen.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Arne,

so hab OTL laufen lassen, hier das Log:

OTL Logfile:

Code:

OTL logfile created on: 03.06.2012 01:05:25 - Run 4

OTL by OldTimer - Version 3.2.14.1     Folder = C:\Dokumente und Einstellungen\Hammann\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.023,00 Mb Total Physical Memory | 571,00 Mb Available Physical Memory | 56,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 30,21 Gb Total Space | 0,71 Gb Free Space | 2,34% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 108,83 Gb Total Space | 0,61 Gb Free Space | 0,56% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

Drive G: | 465,76 Gb Total Space | 56,76 Gb Free Space | 12,19% Space Free | Partition Type: NTFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: NOTEBOOK_CH

Current User Name: Hammann

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Standard

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.05.09 08:08:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.09 08:08:13 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.09 08:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.09 08:08:13 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010.11.23 05:41:09 | 002,326,920 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe

PRC - [2010.09.22 23:04:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hammann\Desktop\OTL.exe

PRC - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2009.09.12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

PRC - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

PRC - [2007.04.03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe

PRC - [2005.04.01 13:18:10 | 000,737,370 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

PRC - [2005.04.01 13:18:08 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

PRC - [2005.04.01 13:17:02 | 000,110,676 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

PRC - [2005.04.01 13:16:56 | 000,184,406 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

PRC - [2003.11.11 15:19:50 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\GearSec.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.09.22 23:04:44 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hammann\Desktop\OTL.exe

MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012.05.09 08:08:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.09 08:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.04.26 00:58:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.16 16:31:14 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.11.23 05:41:09 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2009.09.24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)

SRV - [2009.09.12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)

SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2007.04.03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2007.03.26 14:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2005.04.01 13:18:08 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

SRV - [2005.04.01 13:17:02 | 000,110,676 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2005.04.01 13:16:56 | 000,184,406 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2003.11.11 15:19:50 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\GearSec.exe -- (GEARSecurity)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Programme\Ultrastar\zlportio.sys -- (zlportio)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\PCASp50.sys -- (PCASp50)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nhcDriver.sys -- (nhcDriverDevice)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nhcAcpi.sys -- (nhcAcpi_driver)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\cofi.exe10326c\catchme.sys -- (catchme)

DRV - [2012.05.21 19:04:25 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)

DRV - [2012.05.09 08:08:19 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.09 08:08:19 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011.12.08 06:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)

DRV - [2011.12.08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)

DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2011.11.29 17:38:04 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)

DRV - [2011.10.11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.11.23 05:41:28 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)

DRV - [2010.11.23 05:40:51 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)

DRV - [2010.11.23 05:40:41 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2010.11.23 05:39:14 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.05.15 00:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2010.05.15 00:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)

DRV - [2010.05.15 00:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2010.05.15 00:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2010.02.11 13:36:50 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009.08.28 10:33:50 | 000,228,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2009.04.23 02:02:00 | 000,440,832 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusbn.sys -- (fwlanusbn)

DRV - [2009.04.23 02:02:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)

DRV - [2009.02.17 19:11:30 | 000,024,232 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)

DRV - [2009.02.13 21:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2008.07.24 12:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.06.06 09:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2008.05.07 07:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2008.05.07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008.05.07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008.04.13 21:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)

DRV - [2008.01.10 16:49:36 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)

DRV - [2007.04.03 17:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007.01.31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007.01.18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006.12.14 01:41:48 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)

DRV - [2006.06.18 23:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005.08.17 11:11:04 | 000,201,984 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)

DRV - [2005.08.01 12:44:16 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005.08.01 09:09:32 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005.08.01 09:00:55 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2005.01.26 09:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2005.01.11 17:58:48 | 000,030,976 | ---- | M] (Silicon Integrated Systems Corp) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2)

DRV - [2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)

DRV - [2004.12.13 13:51:47 | 000,022,656 | ---- | M] (Elaborate Bytes AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\VClone.sys -- (VClone)

DRV - [2004.08.31 20:07:08 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2003.07.16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2002.08.14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zdf.de/

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.startup.homepage: "hxxp://www.elmundo.es/"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5038 [2011.11.04 18:45:32 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.26 00:58:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.04 09:58:37 | 000,000,000 | ---D | M]

 

[2010.04.25 21:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Extensions

[2012.05.29 14:04:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions

[2007.01.03 19:42:32 | 000,000,000 | ---D | M] (Update-Checker) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2012.03.30 16:13:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2007.10.21 15:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}

[2006.07.24 14:38:17 | 000,000,000 | ---D | M] (refspoof) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\{e7847830-db6a-05eb-669f-81b2ed2778c7}(2)

[2010.08.10 10:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\firefox@tvunetworks.com

[2009.05.09 18:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\moveplayer@movenetworks.com

[2012.04.26 00:58:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2012.04.26 00:57:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll

[2012.04.03 12:38:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2012.02.22 04:47:01 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2012.02.22 04:47:01 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml

[2012.02.22 04:47:01 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2012.02.22 04:47:01 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2012.02.22 04:47:01 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2012.02.22 04:47:01 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.06.02 02:30:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Panda Media Booster ] C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe File not found

O4 - HKU\S-1-5-21-996918654-1826723495-1797156292-1006..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

O4 - HKU\S-1-5-21-996918654-1826723495-1797156292-1006..\Run: [Panda Media Booster ] C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.extrafilm.de/ImageUploader5.cab (Image Uploader Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class)

O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} hxxp://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab (DeskUpdate - Activex Control)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.vexcast.com/download/vexcast.cab (VodClient Control Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hammann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hammann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.10.06 17:43:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found

MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

 

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Macromedia Shockwave Director 10.1.1

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1.1

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {A75CF5D0-BA09-B230-FF12-FAB0B5A0AF00} - Fake

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.MP42 - mpg4c32.dll File not found

Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvid.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17183584330711040)

 
 ========== Files/Folders - Created Within 90 Days ==========

 

[2012.06.02 11:06:36 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Hammann\Recent

[2012.06.01 15:32:01 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2012.05.22 01:37:43 | 000,000,000 | ---D | C] -- C:\MEGA2

[2012.05.21 19:10:01 | 000,000,000 | ---D | C] -- C:\Programme\Alcohol Soft

[2012.05.09 08:26:25 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft

[2012.05.09 08:26:06 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive

[2012.05.04 09:55:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hammann\My Documents

[2012.04.26 00:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla

[2012.04.26 00:58:50 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service

[2012.04.06 21:59:32 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Hammann\Eigene Dateien\Dropbox

[2012.04.06 21:56:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Dropbox

[2012.04.03 17:30:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hammann\Desktop\Hiwi Job

[2012.03.15 13:34:13 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER

[2012.03.08 15:05:20 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 90 Days ==========

 

[2012.06.03 01:00:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.06.03 00:52:01 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.06.03 00:52:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.06.02 09:48:57 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.06.02 09:47:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2012.06.02 09:47:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.06.02 09:47:48 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys

[2012.06.01 17:01:22 | 012,177,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\ntuser.dat

[2012.06.01 17:01:17 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Hammann\ntuser.ini

[2012.06.01 14:26:33 | 000,003,072 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\panda.dll

[2012.05.24 12:51:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012.05.23 15:39:44 | 000,477,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.05.23 15:39:43 | 001,185,478 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2012.05.23 15:39:43 | 000,502,520 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.05.23 15:39:43 | 000,103,538 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.05.23 15:39:43 | 000,086,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.05.23 13:04:28 | 003,710,150 | -H-- | M] () -- C:\Dokumente und Einstellungen\Hammann\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2012.05.21 19:10:14 | 000,000,805 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk

[2012.05.21 19:08:06 | 000,346,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.05.21 19:04:25 | 000,722,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2012.05.12 20:01:30 | 000,087,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\kolloquium-ss-2012-ubersicht.pdf

[2012.05.12 14:56:21 | 000,034,245 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\Ausschreibung_Hiwi_2012_Homepage.docx

[2012.05.11 12:47:22 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\Microsoft Office Word 2007.lnk

[2012.05.09 08:08:19 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2012.05.09 08:08:19 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2012.05.06 22:30:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[2012.04.25 10:31:36 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.04.06 21:59:32 | 000,001,012 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\Dropbox.lnk

[2012.03.29 23:39:47 | 000,100,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

[2012.03.27 15:58:05 | 009,263,918 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\Benutzerhandbuch_4.6.pdf

[2012.03.21 09:22:50 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb

[2012.03.21 09:22:50 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb

[2012.03.21 09:15:55 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2012.03.21 02:46:59 | 000,000,906 | ---- | M] () -- C:\WINDOWS\win.ini

[2012.03.15 22:03:17 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk

[2012.03.08 15:06:38 | 000,001,432 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.30 11:20:59 | 000,003,072 | -H-- | C] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\panda.dll

[2012.05.21 19:10:14 | 000,000,805 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk

[2012.05.14 16:35:21 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.05.12 20:01:30 | 000,087,519 | ---- | C] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\kolloquium-ss-2012-ubersicht.pdf

[2012.05.12 14:56:20 | 000,034,245 | ---- | C] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\Ausschreibung_Hiwi_2012_Homepage.docx

[2012.05.10 16:18:34 | 012,177,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Hammann\ntuser.dat

[2012.04.06 21:59:32 | 000,001,012 | ---- | C] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\Dropbox.lnk

[2012.03.27 15:57:58 | 009,263,918 | ---- | C] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\Benutzerhandbuch_4.6.pdf

[2012.03.08 15:06:38 | 000,001,432 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk

[2012.02.20 01:58:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll

[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll

[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll

[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

[2010.09.30 22:58:26 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL

[2010.07.14 11:44:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

[2010.05.14 23:56:06 | 010,830,680 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

[2010.05.14 23:55:58 | 000,290,648 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

[2010.05.14 23:47:00 | 000,090,071 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010.05.12 11:10:37 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2010.05.07 19:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2010.05.07 19:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2010.01.15 16:21:54 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2009.10.31 12:08:11 | 000,207,808 | RHS- | C] () -- C:\WINDOWS\System32\prapproxy32.dll

[2009.04.24 00:46:00 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll

[2009.04.24 00:46:00 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll

[2009.04.24 00:46:00 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll

[2009.04.24 00:46:00 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll

[2009.04.24 00:46:00 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll

[2009.04.24 00:46:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll

[2009.04.24 00:46:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll

[2009.04.24 00:46:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll

[2009.04.24 00:46:00 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll

[2009.04.24 00:46:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll

[2009.04.24 00:46:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll

[2009.04.24 00:46:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll

[2009.04.24 00:46:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll

[2009.04.24 00:46:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll

[2009.04.24 00:46:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll

[2009.04.24 00:46:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll

[2009.04.24 00:46:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll

[2009.04.24 00:46:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll

[2009.04.24 00:46:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll

[2009.04.24 00:46:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll

[2009.04.24 00:46:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll

[2009.02.24 21:31:56 | 000,000,113 | ---- | C] () -- C:\WINDOWS\PPSMediaList.ini

[2008.05.09 19:02:28 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini

[2008.02.21 04:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2008.02.21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2008.02.21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2008.02.21 04:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2007.10.02 21:28:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ppsrc.ini

[2007.10.02 21:22:15 | 000,000,013 | ---- | C] () -- C:\WINDOWS\msgtn.ini

[2007.10.02 21:09:00 | 000,000,020 | ---- | C] () -- C:\WINDOWS\powerlist.ini

[2007.09.29 16:26:29 | 000,001,015 | ---- | C] () -- C:\WINDOWS\powerplayer.ini

[2007.09.29 16:26:18 | 000,001,104 | ---- | C] () -- C:\WINDOWS\psnetwork.ini

[2007.04.03 20:58:12 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini

[2007.04.03 17:18:26 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll

[2007.04.03 17:18:06 | 000,193,576 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2007.02.25 16:00:48 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2006.12.23 17:12:48 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib

[2006.11.10 14:00:18 | 000,722,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys

[2006.05.14 01:10:50 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll

[2006.02.14 01:37:19 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

[2006.02.09 14:04:14 | 000,000,225 | ---- | C] () -- C:\WINDOWS\POKERVID.INI

[2006.01.08 20:11:00 | 000,000,089 | ---- | C] () -- C:\WINDOWS\OPHCW.INI

[2005.12.14 21:52:37 | 000,000,192 | ---- | C] () -- C:\WINDOWS\CS_MD_T.ini

[2005.11.27 22:10:06 | 000,003,683 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005.11.26 02:25:06 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2005.11.25 20:16:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini

[2005.11.25 20:16:02 | 000,000,070 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2005.11.25 20:16:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_9880.ini

[2005.11.25 18:45:55 | 000,000,449 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2005.11.20 09:47:01 | 000,008,544 | ---- | C] () -- C:\WINDOWS\UCORESYS.SYS

[2005.11.19 16:54:45 | 000,000,302 | ---- | C] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\wklnhst.dat

[2005.10.06 20:10:47 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll

[2005.10.06 18:57:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2005.10.06 18:39:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

[2005.10.06 18:35:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll

[2005.10.06 18:34:58 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2005.10.06 18:23:18 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2005.10.06 17:48:36 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2005.10.06 17:38:42 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003.03.31 17:49:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\DvdKeyAuth.dll

[2003.03.11 12:56:52 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010205PNG.dll

[2003.03.11 12:56:36 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX010104Z.dll

[2003.03.11 12:56:24 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\ThriXXX015003JP2.dll

[2002.09.09 18:07:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll

 
 ========== LOP Check ==========

 

[2010.11.23 11:03:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis

[2012.03.19 14:10:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess

[2010.09.30 22:58:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ

[2006.07.24 14:38:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Dumb Ace Road Cash

[2011.07.17 14:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core

[2007.11.08 08:57:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay

[2006.12.23 17:12:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes

[2011.07.17 14:19:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts

[2008.09.29 16:32:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations

[2010.07.13 03:18:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage

[2007.12.03 01:57:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia

[2011.04.26 13:18:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OPPU

[2007.12.03 02:08:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite

[2012.01.04 13:45:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung

[2011.02.06 16:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield

[2010.12.25 19:30:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone

[2009.01.15 22:32:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WholeSecurity

[2010.07.12 22:47:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.11.23 14:05:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Acronis

[2010.09.06 21:56:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Azureus

[2007.02.25 16:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\concept design

[2012.05.16 15:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Dropbox

[2007.11.08 08:57:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\eBay

[2010.06.05 16:04:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Facebook

[2007.07.03 13:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\ICQLite

[2010.11.12 19:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Leadertech

[2005.11.19 16:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\MAGIX

[2010.06.29 14:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Nokia

[2010.12.09 12:54:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\OpenOffice.org

[2011.05.09 14:06:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PC Suite

[2006.07.24 14:38:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Peak Bait License

[2010.04.18 17:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PPLive

[2007.09.29 15:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PPMate

[2009.10.25 20:19:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\ppstream

[2012.01.04 13:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung

[2008.04.13 14:53:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SimpleScreenshot

[2008.12.03 16:55:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Snapfish

[2012.02.25 22:06:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SparVoip

[2009.12.01 14:02:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\TeamViewer

[2005.11.19 16:54:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Template

[2010.04.25 21:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Thunderbird

[2010.01.04 18:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Verbindungsassistent

[2007.02.19 15:43:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\WholeSecurity

[2010.12.25 19:18:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.11.23 14:05:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Acronis

[2010.12.01 21:12:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Adobe

[2011.04.13 15:40:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\AdobeUM

[2007.02.19 16:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Ahead

[2012.03.29 23:39:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Apple Computer

[2011.11.02 09:55:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Avira

[2010.09.06 21:56:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Azureus

[2007.02.25 16:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\concept design

[2005.11.19 16:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\CyberLink

[2008.03.24 14:13:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\DivX

[2012.05.16 15:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Dropbox

[2011.09.16 00:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\dvdcss

[2007.11.08 08:57:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\eBay

[2010.06.05 16:04:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Facebook

[2006.09.21 14:07:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Google

[2005.11.20 09:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Help

[2007.07.03 13:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\ICQLite

[2005.10.06 17:48:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Identities

[2010.05.10 10:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\InstallShield

[2012.02.28 03:33:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\kodak

[2010.11.12 19:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Leadertech

[2009.09.17 17:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Macromedia

[2005.11.19 16:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\MAGIX

[2010.09.22 23:01:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Malwarebytes

[2010.10.20 12:53:05 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Microsoft

[2009.07.12 09:32:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Move Networks

[2009.01.18 23:31:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla

[2010.06.29 14:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Nokia

[2010.12.09 12:54:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\OpenOffice.org

[2010.11.16 12:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\OpenOffice.org2

[2011.05.09 14:06:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PC Suite

[2006.07.24 14:38:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Peak Bait License

[2010.04.18 17:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PPLive

[2007.09.29 15:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PPMate

[2009.10.25 20:19:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\ppstream

[2012.02.20 10:57:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real

[2012.01.04 13:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung

[2008.04.13 14:53:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SimpleScreenshot

[2012.05.07 00:31:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Skype

[2012.05.07 00:02:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\skypePM

[2008.12.03 16:55:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Snapfish

[2008.12.05 21:27:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SopCast

[2012.02.25 22:06:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SparVoip

[2005.11.29 18:23:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Sun

[2007.12.25 20:43:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Symantec

[2009.12.01 14:02:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\TeamViewer

[2005.11.19 16:54:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Template

[2010.04.25 21:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Thunderbird

[2009.11.29 20:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\TVU networks

[2010.01.04 18:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Verbindungsassistent

[2012.06.02 11:08:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\vlc

[2007.02.19 15:43:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\WholeSecurity

[2012.06.02 11:55:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Winamp

[2009.10.18 18:12:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\WinRAR

[2009.12.26 00:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Yahoo!

 
 < %APPDATA%\*.exe /s >

[2007.11.23 17:41:14 | 023,813,608 | ---- | M] (                            ) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe

[2008.09.05 21:28:44 | 022,319,360 | ---- | M] (                                   ) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr710_de_DE.exe

[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\Dropbox.exe

[2012.02.15 01:03:22 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\Uninstall.exe

[2010.06.05 16:04:58 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Facebook\uninstall.exe

[2010.12.01 21:15:01 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2010.05.22 14:14:44 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2010.11.12 19:02:22 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

[2006.02.02 00:54:35 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Microsoft\Installer\{89B287F1-3E3B-4E13-BB9B-DE7AD9D635E5}\NewShortcut1.exe

[2006.02.02 00:54:35 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Microsoft\Installer\{89B287F1-3E3B-4E13-BB9B-DE7AD9D635E5}\NewShortcut1_1.exe

[2011.04.30 00:27:55 | 000,188,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\FlashGot.exe

[2010.04.18 17:57:46 | 009,258,944 | ---- | M] (Synacast Corp.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PPLive\Update\Update.exe

[2007.05.02 20:47:51 | 000,212,480 | ---- | M] (EaseSo, inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\ppstream\update.exe

[2008.09.25 20:03:41 | 006,287,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\setup\data\ff\firefoxgoogletoolbarsetup.exe

[2008.09.25 20:03:45 | 000,755,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\setup\data\gds\GOOGLE_DESKTOP\gdssetup.exe

[2008.09.25 20:03:51 | 001,240,104 | ---- | M] (Google) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\setup\data\gtb\GOOGLE_TOOLBAR\googletoolbarinstaller.exe

[2008.09.25 20:03:55 | 001,240,104 | ---- | M] (Google) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\setup\data\gtb_gds\GOOGLE_TOOLBAR\googletoolbarinstaller.exe

[2008.09.25 20:04:39 | 013,743,600 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\setup\data\rp\RealPlayer11GOLD_de.exe

[2011.09.05 12:56:27 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe

[2011.08.19 11:01:19 | 026,529,744 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\8.00\stub_data\RealPlayer_de.exe

[2011.08.04 19:58:07 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\8.00\stub_exe\RealPlayer_de.exe

[2011.11.29 21:58:44 | 000,935,312 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\Kies.exe

[2011.11.29 21:58:48 | 000,278,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe

[2011.11.29 17:44:38 | 000,292,864 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe

[2011.11.29 21:58:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe

[2011.11.29 17:40:26 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe

[2011.11.29 17:40:26 | 000,284,672 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe

[2011.11.29 17:40:28 | 000,691,200 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe

[2011.11.29 17:40:26 | 000,110,080 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ErrorReport.exe

[2011.11.29 21:58:52 | 000,067,472 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe

[2011.11.29 17:39:44 | 000,106,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe

[2011.11.29 17:39:44 | 000,101,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe

[2011.11.29 21:58:56 | 000,131,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe

[2011.11.29 21:58:56 | 000,021,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe

[2011.11.29 21:58:58 | 003,569,984 | ---- | M] (Freeware) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe

[2011.11.29 17:37:46 | 024,114,392 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe

[2011.11.29 21:59:00 | 000,392,080 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe

[2012.01.04 08:07:42 | 000,371,088 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe

[2010.10.23 23:00:18 | 000,260,944 | ---- | M] (www.sopcast.com) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SopCast\adv\SopAdver.exe

[2009.11.29 20:53:25 | 005,562,672 | ---- | M] (TVU networks) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\TVU networks\AutoUpgrade\TVUPlayer2.4.9.1.exe

[2011.02.06 19:46:55 | 005,642,000 | ---- | M] (TVU networks) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\TVU networks\AutoUpgrade\TVUPlayer2.5.3.1.exe

[2009.10.17 15:30:36 | 005,519,752 | ---- | M] (TVU networks) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2009.08.07 12:18:23 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

[2009.08.07 12:18:23 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2009.08.07 12:18:23 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys

[2009.08.07 12:18:23 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: IASTOR.SYS  >

[2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) MD5=BDCE6B54E1D7D8399175A83A02274B7A -- C:\WINDOWS\I386\$oem$\textmode\iaStor.sys

[2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) MD5=BDCE6B54E1D7D8399175A83A02274B7A -- C:\WINDOWS\OemDir\iaStor.sys

[2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) MD5=BDCE6B54E1D7D8399175A83A02274B7A -- C:\WINDOWS\system32\drivers\iaStor.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll

[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: VIAMRAID.SYS  >

[2004.12.24 18:04:44 | 000,060,800 | ---- | M] (VIA Technologies inc,.ltd) MD5=6AAA39DD79A8341CE0EF9249F21D6B89 -- C:\WINDOWS\I386\$oem$\textmode\viamraid.sys

[2004.12.24 18:04:44 | 000,060,800 | ---- | M] (VIA Technologies inc,.ltd) MD5=6AAA39DD79A8341CE0EF9249F21D6B89 -- C:\WINDOWS\OemDir\viamraid.sys

[2004.12.24 18:04:44 | 000,060,800 | ---- | M] (VIA Technologies inc,.ltd) MD5=6AAA39DD79A8341CE0EF9249F21D6B89 -- C:\WINDOWS\system32\drivers\viamraid.sys

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtUninstallKB883529$\winlogon.exe

[2004.08.25 18:59:56 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=325A82EBBD69248D75C5F831E8817D17 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2012.05.21 19:04:25 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

 
 < %systemroot%\System32\config\*.sav >

[2005.10.06 19:31:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2005.10.06 19:31:23 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2005.10.06 19:31:23 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >

< End of report >

--- --- ---

Zitat:

OTL by OldTimer - Version 3.2.14.1

Hast due OTL nicht neu runtergeladen?

Nein ich habe das OTL was ich auf dem Rechner hatte verwendet.
Soll ich nochmal das aktuelle runterladen und die Aktion wiederholen?

Ja mach das bitte nochmal mit einer neu runtergeladen OTL.exe

Hier das OTL Logfile mit der aktuellen Version:

OTL Logfile:

Code:

OTL logfile created on: 03.06.2012 19:58:54 - Run 5

OTL by OldTimer - Version 3.2.46.0     Folder = C:\Dokumente und Einstellungen\Hammann\Eigene Dateien\Downloads

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1023,36 Mb Total Physical Memory | 556,64 Mb Available Physical Memory | 54,39% Memory free

2,40 Gb Paging File | 1,99 Gb Available in Paging File | 82,89% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 30,21 Gb Total Space | 0,67 Gb Free Space | 2,23% Space Free | Partition Type: NTFS

Drive E: | 108,83 Gb Total Space | 0,61 Gb Free Space | 0,56% Space Free | Partition Type: NTFS

Drive K: | 1,89 Gb Total Space | 1,60 Gb Free Space | 84,79% Space Free | Partition Type: FAT

 

Computer Name: NOTEBOOK_CH | User Name: Hammann | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.06.03 19:44:12 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Hammann\Eigene Dateien\Downloads\OTL.exe

PRC - [2012.05.09 08:08:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.09 08:08:13 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.05.09 08:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.05.09 08:08:13 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010.11.23 05:41:09 | 002,326,920 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe

PRC - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2009.09.12 17:31:30 | 000,660,520 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

PRC - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe

PRC - [2008.04.14 04:22:53 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Programme\Outlook Express\msimn.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

PRC - [2007.04.03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe

PRC - [2005.04.01 13:18:10 | 000,737,370 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

PRC - [2005.04.01 13:18:08 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

PRC - [2005.04.01 13:17:02 | 000,110,676 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

PRC - [2005.04.01 13:16:56 | 000,184,406 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

PRC - [2003.11.11 15:19:50 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\GearSec.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.05.09 08:08:18 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll

MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll

MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll

MOD - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe

MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2007.04.03 17:18:26 | 000,197,672 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll

MOD - [2005.04.01 13:17:02 | 000,110,676 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

MOD - [2005.04.01 13:16:56 | 000,184,406 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

MOD - [2005.04.01 13:16:34 | 000,057,430 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll

MOD - [2005.04.01 13:16:32 | 000,168,028 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll

MOD - [2005.04.01 13:16:32 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll

MOD - [2005.04.01 13:15:30 | 000,229,458 | ---- | M] () -- C:\Programme\CyberLink\PowerCinema\Kernel\HomeNetWorking\CLNetMedia.dll

MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)

SRV - [2012.05.09 08:08:17 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.09 08:08:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.04.26 00:58:01 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.04.16 16:31:14 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2012.01.13 15:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)

SRV - [2010.11.23 05:41:09 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)

SRV - [2010.05.07 19:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2009.09.24 11:59:26 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\nagasoft\vjocx.dll -- (vvdsvc)

SRV - [2009.09.12 17:31:30 | 000,660,520 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2009.03.03 13:45:11 | 000,296,400 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)

SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)

SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)

SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)

SRV - [2008.04.14 04:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)

SRV - [2008.04.14 04:22:15 | 000,053,248 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess)

SRV - [2008.04.14 04:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)

SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)

SRV - [2007.04.03 17:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2007.03.26 14:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2005.09.30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2005.04.01 13:18:08 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

SRV - [2005.04.01 13:17:02 | 000,110,676 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2005.04.01 13:16:56 | 000,184,406 | ---- | M] () [Auto | Running] -- C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2003.11.11 15:19:50 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\GearSec.exe -- (GEARSecurity)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\Programme\Ultrastar\zlportio.sys -- (zlportio)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nhcDriver.sys -- (nhcDriverDevice)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nhcAcpi.sys -- (nhcAcpi_driver)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\cofi.exe10326c\catchme.sys -- (catchme)

DRV - File not found [Kernel | On_Demand | Unknown] --  -- (akq31k2v)

DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a0lnrnlv)

DRV - [2012.05.21 19:04:25 | 000,722,416 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)

DRV - [2012.05.09 08:08:19 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.05.09 08:08:19 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.12.10 16:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)

DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)

DRV - [2011.12.08 06:22:26 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)

DRV - [2011.12.08 06:22:26 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadadb.sys -- (androidusb)

DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)

DRV - [2011.11.29 17:38:04 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)

DRV - [2011.10.11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2010.11.23 05:41:28 | 000,159,168 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)

DRV - [2010.11.23 05:40:51 | 000,902,432 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)

DRV - [2010.11.23 05:40:41 | 000,570,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)

DRV - [2010.11.23 05:39:14 | 000,157,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)

DRV - [2010.06.17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.05.15 00:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)

DRV - [2010.05.15 00:04:02 | 006,842,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)

DRV - [2010.05.15 00:02:26 | 000,276,448 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)

DRV - [2010.05.15 00:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2010.05.07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2010.02.11 13:36:50 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)

DRV - [2009.04.23 02:02:00 | 000,440,832 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusbn.sys -- (fwlanusbn)

DRV - [2009.04.23 02:02:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)

DRV - [2009.02.13 21:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2008.07.24 12:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.06.06 09:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2008.05.07 07:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2008.05.07 07:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2008.05.07 07:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2008.04.14 04:02:16 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)

DRV - [2008.04.14 03:58:18 | 000,154,112 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmio.sys -- (dmio)

DRV - [2008.04.14 03:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2008.04.13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)

DRV - [2008.01.10 16:49:36 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)

DRV - [2007.04.03 17:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007.01.31 14:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)

DRV - [2007.01.18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006.12.14 01:41:48 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)

DRV - [2006.06.18 23:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)

DRV - [2005.08.17 11:11:04 | 000,201,984 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)

DRV - [2005.08.01 12:44:16 | 001,241,088 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005.08.01 09:09:32 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2005.08.01 09:00:55 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2005.01.26 09:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2004.08.31 20:07:08 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)

DRV - [2004.08.04 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)

DRV - [2004.08.04 14:00:00 | 000,007,040 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\parvdm.sys -- (ParVdm)

DRV - [2004.08.04 14:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmload.sys -- (dmload)

DRV - [2003.07.16 15:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)

DRV - [2002.08.14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.zdf.de/

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\..\SearchScopes,DefaultScope = {53B3D7B9-C924-4895-ABD7-66E5D86DFAE0}

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\..\SearchScopes\{53B3D7B9-C924-4895-ABD7-66E5D86DFAE0}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA_de

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\..\SearchScopes\{AC3A6B26-1041-47CF-BC60-951078584144}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-996918654-1826723495-1797156292-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.startup.homepage: "hxxp://www.elmundo.es/"

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8.5

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll (Veetle Inc)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5038 [2011.11.04 18:45:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.04.26 00:58:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.04 09:58:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\5038 [2011.11.04 18:45:32 | 000,000,000 | ---D | M]

 

[2010.04.25 21:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Extensions

[2012.05.29 14:04:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions

[2007.01.03 19:42:32 | 000,000,000 | ---D | M] (Update-Checker) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2012.03.30 16:13:02 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2007.10.21 15:36:38 | 000,000,000 | ---D | M] ("FI-Grabber") -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\{E4091D66-127C-11DB-903A-DE80D2EFDFE8}

[2006.07.24 14:38:17 | 000,000,000 | ---D | M] (refspoof) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\{e7847830-db6a-05eb-669f-81b2ed2778c7}(2)

[2010.08.10 10:58:55 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\firefox@tvunetworks.com

[2009.05.09 18:31:14 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\moveplayer@movenetworks.com

[2012.04.26 00:58:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.04.26 00:57:58 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2012.04.03 12:38:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2012.02.22 04:47:01 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.22 04:47:01 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2012.02.22 04:47:01 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.02.22 04:47:01 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.02.22 04:47:01 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.22 04:47:01 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2012.06.02 02:30:51 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Panda Media Booster ] "C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe" File not found

O4 - HKU\S-1-5-21-996918654-1826723495-1797156292-1006..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

O4 - HKU\S-1-5-21-996918654-1826723495-1797156292-1006..\Run: [Panda Media Booster ] "C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe" File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_31.dll (Sun Microsystems, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} hxxp://www3.snapfish.de/SnapfishActivia.cab (Snapfish Activia)

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://www.extrafilm.de/ImageUploader5.cab (Image Uploader Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class)

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class)

O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} hxxp://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab (DeskUpdate - Activex Control)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} hxxp://www.vexcast.com/download/vexcast.cab (VodClient Control Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFB665D1-56CF-4497-9200-0665B76BB699}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Hammann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Hammann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.10.06 17:43:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

NetSvcs: HidServ -  %SystemRoot%\System32\hidserv.dll File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: Irmon -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found

MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)

MsConfig - State: "system.ini" - 0

MsConfig - State: "win.ini" - 0

MsConfig - State: "bootini" - 0

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

 

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Macromedia Shockwave Director 10.1.1

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1.1

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {A75CF5D0-BA09-B230-FF12-FAB0B5A0AF00} - Fake

ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)

Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: VIDC.MP42 - mpg4c32.dll File not found

Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)

Drivers32: vidc.XVID - C:\WINDOWS\System32\xvid.dll ()

Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.06.02 11:06:36 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Hammann\Recent

[2012.06.01 15:32:01 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0

[2012.05.22 01:37:43 | 000,000,000 | ---D | C] -- C:\MEGA2

[2012.05.21 19:10:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Alcohol 120%

[2012.05.21 19:10:01 | 000,000,000 | ---D | C] -- C:\Programme\Alcohol Soft

[2012.05.21 13:15:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in

[2012.05.09 08:26:25 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft

[2012.05.09 08:26:06 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive

[2012.05.09 08:25:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows Live

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.06.03 20:00:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.06.03 19:52:04 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012.06.03 12:14:45 | 000,502,520 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2012.06.03 12:14:45 | 000,477,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012.06.03 12:14:45 | 000,103,538 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2012.06.03 12:14:45 | 000,086,564 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012.06.03 12:11:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.06.03 12:10:58 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012.06.03 12:10:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.06.03 12:10:19 | 1073,139,712 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.24 12:51:03 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012.05.21 19:10:14 | 000,000,805 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk

[2012.05.21 19:08:06 | 000,346,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.05.12 20:01:30 | 000,087,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\kolloquium-ss-2012-ubersicht.pdf

[2012.05.11 12:47:22 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\Microsoft Office Word 2007.lnk

[2012.05.09 08:08:19 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2012.05.09 08:08:19 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2012.05.06 22:30:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.21 19:10:14 | 000,000,805 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk

[2012.05.14 16:35:21 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.05.12 20:01:30 | 000,087,519 | ---- | C] () -- C:\Dokumente und Einstellungen\Hammann\Desktop\kolloquium-ss-2012-ubersicht.pdf

[2012.02.20 01:58:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe

[2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll

[2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll

[2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll

[2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

[2011.10.09 22:53:56 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat

[2010.10.07 21:06:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010.09.30 22:58:26 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS49.DLL

[2010.09.30 10:32:21 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.09.30 10:32:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.09.30 10:32:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.09.30 10:32:21 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.09.30 10:32:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.07.20 10:37:36 | 000,077,860 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2010.07.14 11:44:34 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.11.23 14:05:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Acronis

[2010.12.01 21:12:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Adobe

[2011.04.13 15:40:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\AdobeUM

[2007.02.19 16:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Ahead

[2012.03.29 23:39:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Apple Computer

[2011.11.02 09:55:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Avira

[2010.09.06 21:56:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Azureus

[2007.02.25 16:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\concept design

[2005.11.19 16:59:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\CyberLink

[2008.03.24 14:13:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\DivX

[2012.05.16 15:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Dropbox

[2011.09.16 00:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\dvdcss

[2007.11.08 08:57:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\eBay

[2010.06.05 16:04:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Facebook

[2006.09.21 14:07:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Google

[2005.11.20 09:17:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Help

[2007.07.03 13:13:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\ICQLite

[2005.10.06 17:48:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Identities

[2010.05.10 10:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\InstallShield

[2012.02.28 03:33:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\kodak

[2010.11.12 19:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Leadertech

[2009.09.17 17:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Macromedia

[2005.11.19 16:56:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\MAGIX

[2010.09.22 23:01:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Malwarebytes

[2010.10.20 12:53:05 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Microsoft

[2009.07.12 09:32:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Move Networks

[2009.01.18 23:31:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla

[2010.06.29 14:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Nokia

[2010.12.09 12:54:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\OpenOffice.org

[2010.11.16 12:58:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\OpenOffice.org2

[2011.05.09 14:06:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PC Suite

[2006.07.24 14:38:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Peak Bait License

[2010.04.18 17:57:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PPLive

[2007.09.29 15:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PPMate

[2009.10.25 20:19:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\ppstream

[2012.02.20 10:57:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real

[2012.01.04 13:47:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung

[2008.04.13 14:53:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SimpleScreenshot

[2012.05.07 00:31:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Skype

[2012.05.07 00:02:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\skypePM

[2008.12.03 16:55:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Snapfish

[2008.12.05 21:27:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SopCast

[2012.02.25 22:06:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SparVoip

[2005.11.29 18:23:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Sun

[2007.12.25 20:43:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Symantec

[2009.12.01 14:02:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\TeamViewer

[2005.11.19 16:54:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Template

[2010.04.25 21:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Thunderbird

[2009.11.29 20:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\TVU networks

[2010.01.04 18:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Verbindungsassistent

[2012.06.02 11:08:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\vlc

[2007.02.19 15:43:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\WholeSecurity

[2012.06.02 11:55:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Winamp

[2009.10.18 18:12:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\WinRAR

[2009.12.26 00:15:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Yahoo!

 
 < %APPDATA%\*.exe /s >

[2007.11.23 17:41:14 | 023,813,608 | ---- | M] (                            ) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe

[2008.09.05 21:28:44 | 022,319,360 | ---- | M] (                                   ) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr710_de_DE.exe

[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\Dropbox.exe

[2012.02.15 01:03:22 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\Uninstall.exe

[2010.06.05 16:04:58 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Facebook\uninstall.exe

[2010.12.01 21:15:01 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2010.05.22 14:14:44 | 001,925,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2010.11.12 19:02:22 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

[2006.02.02 00:54:35 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Microsoft\Installer\{89B287F1-3E3B-4E13-BB9B-DE7AD9D635E5}\NewShortcut1.exe

[2006.02.02 00:54:35 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Microsoft\Installer\{89B287F1-3E3B-4E13-BB9B-DE7AD9D635E5}\NewShortcut1_1.exe

[2011.04.30 00:27:55 | 000,188,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\FlashGot.exe

[2010.04.18 17:57:46 | 009,258,944 | ---- | M] (Synacast Corp.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\PPLive\Update\Update.exe

[2007.05.02 20:47:51 | 000,212,480 | ---- | M] (EaseSo, inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\ppstream\update.exe

[2008.09.25 20:03:41 | 006,287,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\setup\data\ff\firefoxgoogletoolbarsetup.exe

[2008.09.25 20:03:45 | 000,755,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\setup\data\gds\GOOGLE_DESKTOP\gdssetup.exe

[2008.09.25 20:03:51 | 001,240,104 | ---- | M] (Google) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\setup\data\gtb\GOOGLE_TOOLBAR\googletoolbarinstaller.exe

[2008.09.25 20:03:55 | 001,240,104 | ---- | M] (Google) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\setup\data\gtb_gds\GOOGLE_TOOLBAR\googletoolbarinstaller.exe

[2008.09.25 20:04:39 | 013,743,600 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\setup\data\rp\RealPlayer11GOLD_de.exe

[2011.09.05 12:56:27 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe

[2011.08.19 11:01:19 | 026,529,744 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\8.00\stub_data\RealPlayer_de.exe

[2011.08.04 19:58:07 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Real\Update\UpgradeHelper\RealPlayer\8.00\stub_exe\RealPlayer_de.exe

[2011.11.29 21:58:44 | 000,935,312 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\Kies.exe

[2011.11.29 21:58:48 | 000,278,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe

[2011.11.29 17:44:38 | 000,292,864 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe

[2011.11.29 21:58:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe

[2011.11.29 17:40:26 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe

[2011.11.29 17:40:26 | 000,284,672 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe

[2011.11.29 17:40:28 | 000,691,200 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe

[2011.11.29 17:40:26 | 000,110,080 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ErrorReport.exe

[2011.11.29 21:58:52 | 000,067,472 | ---- | M] (Samsung) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe

[2011.11.29 17:39:44 | 000,106,408 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe

[2011.11.29 17:39:44 | 000,101,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe

[2011.11.29 21:58:56 | 000,131,984 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe

[2011.11.29 21:58:56 | 000,021,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe

[2011.11.29 21:58:58 | 003,569,984 | ---- | M] (Freeware) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe

[2011.11.29 17:37:46 | 024,114,392 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe

[2011.11.29 21:59:00 | 000,392,080 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe

[2012.01.04 08:07:42 | 000,371,088 | ---- | M] (ml) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe

[2010.10.23 23:00:18 | 000,260,944 | ---- | M] (www.sopcast.com) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SopCast\adv\SopAdver.exe

[2009.11.29 20:53:25 | 005,562,672 | ---- | M] (TVU networks) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\TVU networks\AutoUpgrade\TVUPlayer2.4.9.1.exe

[2011.02.06 19:46:55 | 005,642,000 | ---- | M] (TVU networks) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\TVU networks\AutoUpgrade\TVUPlayer2.5.3.1.exe

[2009.10.17 15:30:36 | 005,519,752 | ---- | M] (TVU networks) -- C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.7.2.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2009.08.07 12:18:23 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys

[2009.08.07 12:18:23 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2009.08.07 12:18:23 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys

[2009.08.07 12:18:23 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: IASTOR.SYS  >

[2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) MD5=BDCE6B54E1D7D8399175A83A02274B7A -- C:\WINDOWS\I386\$oem$\textmode\iaStor.sys

[2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) MD5=BDCE6B54E1D7D8399175A83A02274B7A -- C:\WINDOWS\OemDir\iaStor.sys

[2004.12.17 15:11:38 | 000,477,696 | ---- | M] (Intel Corporation) MD5=BDCE6B54E1D7D8399175A83A02274B7A -- C:\WINDOWS\system32\drivers\iaStor.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll

[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ERDNT\cache\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ERDNT\cache\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: VIAMRAID.SYS  >

[2004.12.24 18:04:44 | 000,060,800 | ---- | M] (VIA Technologies inc,.ltd) MD5=6AAA39DD79A8341CE0EF9249F21D6B89 -- C:\WINDOWS\I386\$oem$\textmode\viamraid.sys

[2004.12.24 18:04:44 | 000,060,800 | ---- | M] (VIA Technologies inc,.ltd) MD5=6AAA39DD79A8341CE0EF9249F21D6B89 -- C:\WINDOWS\OemDir\viamraid.sys

[2004.12.24 18:04:44 | 000,060,800 | ---- | M] (VIA Technologies inc,.ltd) MD5=6AAA39DD79A8341CE0EF9249F21D6B89 -- C:\WINDOWS\system32\drivers\viamraid.sys

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtUninstallKB883529$\winlogon.exe

[2004.08.25 18:59:56 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=325A82EBBD69248D75C5F831E8817D17 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ERDNT\cache\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2012.05.21 19:04:25 | 000,722,416 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

 
 < %systemroot%\System32\config\*.sav >

[2005.10.06 19:31:23 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2005.10.06 19:31:23 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2005.10.06 19:31:23 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

 
 <           >
 

< End of report >

--- --- ---

[/QUOTE]

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O4 - HKLM..\Run: [Panda Media Booster ] "C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe" File not found

O4 - HKU\S-1-5-21-996918654-1826723495-1797156292-1006..\Run: [Panda Media Booster ] "C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe" File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005.10.06 17:43:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Habe den Fix gemacht und der Rechner wurde anschließend neu gestartet.
Hier das File:

Code:

All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Panda Media Booster  deleted successfully.

Registry value HKEY_USERS\S-1-5-21-996918654-1826723495-1797156292-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Panda Media Booster  deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\AUTOEXEC.BAT moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temporary Internet Files folder emptied: 32768 bytes

->Flash cache emptied: 2911 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 56543 bytes

 

User: Hammann

->Temp folder emptied: 134560174 bytes

->Temporary Internet Files folder emptied: 371690 bytes

->Java cache emptied: 233004 bytes

->FireFox cache emptied: 97950363 bytes

->Flash cache emptied: 1989108 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 227988 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 262758135 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 6256031 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5706872 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 487,00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Hammann

->Flash cache emptied: 0 bytes

 

User: LocalService

 

User: NetworkService

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.46.0 log created on 06052012_112608
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hi Arne,

sry dass ich solange nichts habe von mir hören lassen, ich war ein paar Tage im Ausland unterwegs. Ich habe das Tool laufen lasse und er hat 14 "threads" gefunden. Ich habe auf "Report" geklickt und dieses File kam heraus:

Code:

23:26:42.0222 3892        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

23:26:42.0363 3892        ============================================================

23:26:42.0363 3892        Current date / time: 2012/06/11 23:26:42.0363

23:26:42.0363 3892        SystemInfo:

23:26:42.0363 3892        

23:26:42.0363 3892        OS Version: 5.1.2600 ServicePack: 3.0

23:26:42.0363 3892        Product type: Workstation

23:26:42.0363 3892        ComputerName: NOTEBOOK_CH

23:26:42.0363 3892        UserName: Hammann

23:26:42.0363 3892        Windows directory: C:\WINDOWS

23:26:42.0363 3892        System windows directory: C:\WINDOWS

23:26:42.0363 3892        Processor architecture: Intel x86

23:26:42.0363 3892        Number of processors: 1

23:26:42.0363 3892        Page size: 0x1000

23:26:42.0363 3892        Boot type: Normal boot

23:26:42.0363 3892        ============================================================

23:26:44.0769 3892        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054

23:26:44.0785 3892        ============================================================

23:26:44.0785 3892        \Device\Harddisk0\DR0:

23:26:44.0785 3892        MBR partitions:

23:26:44.0785 3892        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3C6CD29

23:26:44.0801 3892        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3C6CDA7, BlocksNum 0xD9A9880

23:26:44.0847 3892        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11616666, BlocksNum 0x140245B

23:26:44.0847 3892        ============================================================

23:26:44.0894 3892        C: <-> \Device\Harddisk0\DR0\Partition0

23:26:44.0926 3892        E: <-> \Device\Harddisk0\DR0\Partition1

23:26:45.0004 3892        ============================================================

23:26:45.0004 3892        Initialize success

23:26:45.0004 3892        ============================================================

23:28:19.0863 2400        ============================================================

23:28:19.0863 2400        Scan started

23:28:19.0863 2400        Mode: Manual; SigCheck; TDLFS; 

23:28:19.0863 2400        ============================================================

23:28:20.0191 2400        6to4            (0a724c2235a6db7640ccb0a3c095fc0d) C:\WINDOWS\System32\6to4svc.dll

23:28:21.0082 2400        6to4 - ok

23:28:21.0113 2400        Abiosdsk - ok

23:28:21.0129 2400        abp480n5 - ok

23:28:21.0191 2400        ACEDRV07        (4e5451dd0aec8504d7f8030dd2d4c416) C:\WINDOWS\system32\drivers\ACEDRV07.sys

23:28:21.0269 2400        ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning

23:28:21.0269 2400        ACEDRV07 - detected UnsignedFile.Multi.Generic (1)

23:28:21.0301 2400        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

23:28:22.0332 2400        ACPI - ok

23:28:22.0379 2400        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

23:28:22.0613 2400        ACPIEC - ok

23:28:22.0785 2400        AcrSch2Svc      (fbc4bdbd3d00e7a83075db95dcd658d4) C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

23:28:22.0832 2400        AcrSch2Svc - ok

23:28:23.0004 2400        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

23:28:23.0035 2400        AdobeFlashPlayerUpdateSvc - ok

23:28:23.0051 2400        adpu160m - ok

23:28:23.0082 2400        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

23:28:23.0269 2400        aec - ok

23:28:23.0316 2400        afcdp           (f132d0bfde7c5ea1ab42325c5694a969) C:\WINDOWS\system32\DRIVERS\afcdp.sys

23:28:23.0363 2400        afcdp - ok

23:28:23.0582 2400        afcdpsrv        (986a134b1a1770599b7af9354cbb066f) C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe

23:28:23.0722 2400        afcdpsrv - ok

23:28:23.0879 2400        AFD             (f6b7b1ecd7b41736bdb6ff4b092bcb79) C:\WINDOWS\System32\drivers\afd.sys

23:28:23.0941 2400        AFD - ok

23:28:23.0941 2400        Aha154x - ok

23:28:23.0957 2400        aic78u2 - ok

23:28:23.0972 2400        aic78xx - ok

23:28:24.0051 2400        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

23:28:24.0238 2400        Alerter - ok

23:28:24.0285 2400        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

23:28:24.0363 2400        ALG - ok

23:28:24.0379 2400        AliIde - ok

23:28:24.0426 2400        AmdK8           (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

23:28:24.0488 2400        AmdK8 - ok

23:28:24.0504 2400        amsint - ok

23:28:24.0535 2400        androidusb      (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys

23:28:24.0847 2400        androidusb - ok

23:28:24.0957 2400        AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Programme\Avira\AntiVir Desktop\sched.exe

23:28:24.0972 2400        AntiVirSchedulerService - ok

23:28:25.0019 2400        AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Programme\Avira\AntiVir Desktop\avguard.exe

23:28:25.0035 2400        AntiVirService - ok

23:28:25.0129 2400        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:28:25.0144 2400        Apple Mobile Device - ok

23:28:25.0160 2400        AppMgmt - ok

23:28:25.0207 2400        Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

23:28:25.0410 2400        Arp1394 - ok

23:28:25.0441 2400        asc - ok

23:28:25.0441 2400        asc3350p - ok

23:28:25.0457 2400        asc3550 - ok

23:28:25.0504 2400        Aspi32          (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys

23:28:25.0535 2400        Aspi32 ( UnsignedFile.Multi.Generic ) - warning

23:28:25.0535 2400        Aspi32 - detected UnsignedFile.Multi.Generic (1)

23:28:25.0660 2400        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

23:28:25.0691 2400        aspnet_state - ok

23:28:25.0707 2400        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

23:28:25.0910 2400        AsyncMac - ok

23:28:25.0941 2400        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

23:28:26.0160 2400        atapi - ok

23:28:26.0176 2400        Atdisk - ok

23:28:26.0238 2400        Ati HotKey Poller (06b67e6a0b679d037d2d9e27a64ce90c) C:\WINDOWS\system32\Ati2evxx.exe

23:28:26.0285 2400        Ati HotKey Poller - ok

23:28:26.0394 2400        ati2mtag        (d5537cc8cc9a86668e3903bd53caa83c) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

23:28:26.0472 2400        ati2mtag - ok

23:28:26.0535 2400        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

23:28:26.0754 2400        Atmarpc - ok

23:28:26.0785 2400        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

23:28:26.0988 2400        AudioSrv - ok

23:28:27.0035 2400        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

23:28:27.0254 2400        audstub - ok

23:28:27.0285 2400        avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

23:28:27.0301 2400        avgntflt - ok

23:28:27.0332 2400        avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\WINDOWS\system32\DRIVERS\avipbb.sys

23:28:27.0363 2400        avipbb - ok

23:28:27.0394 2400        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys

23:28:27.0410 2400        avkmgr - ok

23:28:27.0441 2400        avmeject        (263cf9d248fd5e020a1333ed4f7eaa88) C:\WINDOWS\system32\drivers\avmeject.sys

23:28:27.0457 2400        avmeject ( UnsignedFile.Multi.Generic ) - warning

23:28:27.0457 2400        avmeject - detected UnsignedFile.Multi.Generic (1)

23:28:27.0519 2400        BCM43XX         (38ca1443660d0f5f06887c6a2e692aeb) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys

23:28:27.0566 2400        BCM43XX - ok

23:28:27.0613 2400        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

23:28:27.0801 2400        Beep - ok

23:28:27.0879 2400        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

23:28:28.0113 2400        BITS - ok

23:28:28.0238 2400        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe

23:28:28.0269 2400        Bonjour Service - ok

23:28:28.0316 2400        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

23:28:28.0504 2400        Browser - ok

23:28:28.0535 2400        catchme - ok

23:28:28.0582 2400        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

23:28:28.0801 2400        cbidf2k - ok

23:28:28.0847 2400        CCALib8         (5753532c476b83119d85aa43b1b10ab3) C:\Programme\Canon\CAL\CALMAIN.exe

23:28:28.0879 2400        CCALib8 ( UnsignedFile.Multi.Generic ) - warning

23:28:28.0879 2400        CCALib8 - detected UnsignedFile.Multi.Generic (1)

23:28:28.0926 2400        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

23:28:29.0129 2400        CCDECODE - ok

23:28:29.0129 2400        cd20xrnt - ok

23:28:29.0176 2400        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

23:28:29.0394 2400        Cdaudio - ok

23:28:29.0441 2400        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

23:28:29.0644 2400        Cdfs - ok

23:28:29.0676 2400        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

23:28:29.0879 2400        Cdrom - ok

23:28:29.0879 2400        Changer - ok

23:28:29.0926 2400        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

23:28:30.0097 2400        CiSvc - ok

23:28:30.0207 2400        CLCapSvc        (ecf866cfd3068b8f7645f8669bb844a8) C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

23:28:30.0222 2400        CLCapSvc ( UnsignedFile.Multi.Generic ) - warning

23:28:30.0222 2400        CLCapSvc - detected UnsignedFile.Multi.Generic (1)

23:28:30.0254 2400        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

23:28:30.0472 2400        ClipSrv - ok

23:28:30.0629 2400        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:28:30.0738 2400        clr_optimization_v2.0.50727_32 - ok

23:28:30.0769 2400        CLSched         (936b5db9403e94b365a3aa5a0702dfa8) C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

23:28:30.0785 2400        CLSched ( UnsignedFile.Multi.Generic ) - warning

23:28:30.0785 2400        CLSched - detected UnsignedFile.Multi.Generic (1)

23:28:30.0863 2400        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

23:28:31.0035 2400        CmBatt - ok

23:28:31.0051 2400        CmdIde - ok

23:28:31.0082 2400        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

23:28:31.0301 2400        Compbatt - ok

23:28:31.0301 2400        COMSysApp - ok

23:28:31.0332 2400        Cpqarray - ok

23:28:31.0660 2400        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

23:28:31.0863 2400        CryptSvc - ok

23:28:31.0941 2400        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

23:28:31.0972 2400        CVirtA - ok

23:28:34.0129 2400        CVPND           (08d8fa119f2ad6ac0377fb667523482e) C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

23:28:34.0785 2400        CVPND - ok

23:28:34.0926 2400        CVPNDRVA        (1c2999966f0f36aa44eaecbee70cf770) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

23:28:34.0957 2400        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

23:28:34.0957 2400        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

23:28:35.0066 2400        CyberLink Media Library Service (7179ca4edb91d2355ec969d6e4c3d705) C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

23:28:35.0082 2400        CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - warning

23:28:35.0082 2400        CyberLink Media Library Service - detected UnsignedFile.Multi.Generic (1)

23:28:35.0082 2400        dac2w2k - ok

23:28:35.0097 2400        dac960nt - ok

23:28:35.0191 2400        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

23:28:35.0269 2400        DcomLaunch - ok

23:28:35.0332 2400        dgderdrv        (6216fd7fd227de454238a702b218cec7) C:\WINDOWS\system32\drivers\dgderdrv.sys

23:28:35.0347 2400        dgderdrv - ok

23:28:35.0410 2400        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

23:28:35.0582 2400        Dhcp - ok

23:28:35.0629 2400        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

23:28:36.0066 2400        Disk - ok

23:28:36.0066 2400        dmadmin - ok

23:28:36.0488 2400        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

23:28:36.0988 2400        dmboot - ok

23:28:37.0066 2400        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

23:28:37.0504 2400        dmio - ok

23:28:37.0535 2400        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

23:28:38.0019 2400        dmload - ok

23:28:38.0051 2400        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

23:28:38.0566 2400        dmserver - ok

23:28:38.0582 2400        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

23:28:39.0097 2400        DMusic - ok

23:28:39.0176 2400        DNE             (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys

23:28:39.0254 2400        DNE - ok

23:28:39.0316 2400        Dnscache        (4548494812ba3b416d489e0c6af8d643) C:\WINDOWS\System32\dnsrslvr.dll

23:28:39.0535 2400        Dnscache - ok

23:28:39.0644 2400        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

23:28:40.0097 2400        Dot3svc - ok

23:28:40.0097 2400        dpti2o - ok

23:28:40.0144 2400        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

23:28:40.0488 2400        drmkaud - ok

23:28:40.0504 2400        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

23:28:41.0019 2400        EapHost - ok

23:28:41.0035 2400        ElbyCDFL        (6b3e1cb23f35c755d88944769cab3738) C:\WINDOWS\system32\Drivers\ElbyCDFL.sys

23:28:41.0285 2400        ElbyCDFL ( UnsignedFile.Multi.Generic ) - warning

23:28:41.0285 2400        ElbyCDFL - detected UnsignedFile.Multi.Generic (1)

23:28:41.0332 2400        ElbyCDIO        (178cc9403816c082d22a1d47fa1f9c85) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

23:28:41.0363 2400        ElbyCDIO - ok

23:28:41.0394 2400        ElbyDelay       (20d3b81663b3dfd5e32b0af8640aaf50) C:\WINDOWS\system32\Drivers\ElbyDelay.sys

23:28:41.0426 2400        ElbyDelay - ok

23:28:41.0457 2400        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

23:28:41.0926 2400        ERSvc - ok

23:28:41.0988 2400        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

23:28:42.0191 2400        Eventlog - ok

23:28:42.0332 2400        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

23:28:42.0566 2400        EventSystem - ok

23:28:42.0660 2400        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

23:28:43.0113 2400        Fastfat - ok

23:28:43.0254 2400        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

23:28:43.0457 2400        FastUserSwitchingCompatibility - ok

23:28:43.0613 2400        Fax             (08b8b302af0d1b3b8543429bbac8f21f) C:\WINDOWS\system32\fxssvc.exe

23:28:44.0004 2400        Fax - ok

23:28:44.0051 2400        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

23:28:44.0207 2400        Fdc - ok

23:28:44.0254 2400        FilterService   (20fe03294ac1429ae88a64c2f754b0d4) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys

23:28:44.0269 2400        FilterService - ok

23:28:44.0301 2400        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

23:28:44.0519 2400        Fips - ok

23:28:44.0551 2400        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

23:28:44.0707 2400        Flpydisk - ok

23:28:44.0769 2400        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

23:28:44.0910 2400        FltMgr - ok

23:28:45.0066 2400        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

23:28:45.0082 2400        FontCache3.0.0.0 - ok

23:28:45.0129 2400        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

23:28:45.0316 2400        Fs_Rec - ok

23:28:45.0347 2400        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

23:28:45.0535 2400        Ftdisk - ok

23:28:45.0613 2400        fwlanusbn       (161f20685595eddc06c0ea1f1d7bc92b) C:\WINDOWS\system32\DRIVERS\fwlanusbn.sys

23:28:45.0676 2400        fwlanusbn - ok

23:28:45.0691 2400        gagp30kx        (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

23:28:45.0863 2400        gagp30kx - ok

23:28:45.0910 2400        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

23:28:45.0926 2400        GEARAspiWDM - ok

23:28:45.0957 2400        GEARSecurity    (b6e01969246fcb67470e87e6957ee147) C:\WINDOWS\system32\GEARSEC.EXE

23:28:45.0988 2400        GEARSecurity ( UnsignedFile.Multi.Generic ) - warning

23:28:45.0988 2400        GEARSecurity - detected UnsignedFile.Multi.Generic (1)

23:28:46.0004 2400        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

23:28:46.0222 2400        Gpc - ok

23:28:46.0347 2400        gupdate         (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe

23:28:46.0363 2400        gupdate - ok

23:28:46.0363 2400        gupdatem        (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe

23:28:46.0394 2400        gupdatem - ok

23:28:46.0441 2400        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

23:28:46.0629 2400        helpsvc - ok

23:28:46.0660 2400        HidServ - ok

23:28:46.0691 2400        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

23:28:46.0847 2400        HidUsb - ok

23:28:46.0894 2400        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

23:28:47.0051 2400        hkmsvc - ok

23:28:47.0051 2400        hpn - ok

23:28:47.0113 2400        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

23:28:47.0176 2400        HTTP - ok

23:28:47.0222 2400        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

23:28:47.0551 2400        HTTPFilter - ok

23:28:47.0613 2400        hwdatacard      (1720966d9c7ea5e2d78b6db92d2f9171) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

23:28:47.0691 2400        hwdatacard - ok

23:28:47.0691 2400        i2omgmt - ok

23:28:47.0722 2400        i2omp - ok

23:28:47.0754 2400        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

23:28:47.0926 2400        i8042prt - ok

23:28:48.0004 2400        iaStor          (bdce6b54e1d7d8399175a83a02274b7a) C:\WINDOWS\system32\drivers\iaStor.sys

23:28:48.0129 2400        iaStor - ok

23:28:48.0316 2400        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

23:28:48.0379 2400        idsvc - ok

23:28:48.0472 2400        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

23:28:48.0676 2400        Imapi - ok

23:28:48.0722 2400        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

23:28:48.0863 2400        ImapiService - ok

23:28:48.0879 2400        ini910u - ok

23:28:48.0894 2400        IntelIde - ok

23:28:48.0926 2400        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

23:28:49.0082 2400        Ip6Fw - ok

23:28:49.0129 2400        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

23:28:49.0285 2400        IpFilterDriver - ok

23:28:49.0301 2400        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

23:28:49.0535 2400        IpInIp - ok

23:28:49.0597 2400        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

23:28:49.0769 2400        IpNat - ok

23:28:49.0910 2400        iPod Service    (ce004777b92dea56fe14ec900d20baa4) C:\Programme\iPod\bin\iPodService.exe

23:28:49.0972 2400        iPod Service - ok

23:28:50.0019 2400        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

23:28:50.0176 2400        IPSec - ok

23:28:50.0222 2400        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

23:28:50.0301 2400        IRENUM - ok

23:28:50.0332 2400        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

23:28:50.0566 2400        isapnp - ok

23:28:50.0691 2400        JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe

23:28:50.0707 2400        JavaQuickStarterService - ok

23:28:50.0722 2400        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

23:28:50.0863 2400        Kbdclass - ok

23:28:50.0894 2400        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

23:28:51.0066 2400        kmixer - ok

23:28:51.0129 2400        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

23:28:51.0207 2400        KSecDD - ok

23:28:51.0269 2400        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

23:28:51.0316 2400        lanmanserver - ok

23:28:51.0347 2400        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

23:28:51.0410 2400        lanmanworkstation - ok

23:28:51.0426 2400        lbrtfdc - ok

23:28:51.0472 2400        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

23:28:51.0676 2400        LmHosts - ok

23:28:51.0707 2400        lvpopflt        (af280405c10f0d20f37670b7432e5c2f) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys

23:28:51.0722 2400        lvpopflt - ok

23:28:51.0754 2400        LVPr2Mon        (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

23:28:51.0769 2400        LVPr2Mon - ok

23:28:51.0816 2400        LVPrcSrv        (2333057542c91ae8228bdccc2e5f2632) C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe

23:28:51.0847 2400        LVPrcSrv - ok

23:28:51.0894 2400        LVRS            (e52f5a2cadcf08d07f559962f807a0a2) C:\WINDOWS\system32\DRIVERS\lvrs.sys

23:28:51.0910 2400        LVRS - ok

23:28:52.0410 2400        LVUVC           (c3d02260beb2b48dea1efdfca91e4b69) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

23:28:52.0863 2400        LVUVC - ok

23:28:53.0004 2400        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys

23:28:53.0019 2400        MBAMProtector - ok

23:28:53.0144 2400        MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

23:28:53.0207 2400        MBAMService - ok

23:28:53.0269 2400        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

23:28:53.0535 2400        Messenger - ok

23:28:53.0551 2400        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

23:28:53.0722 2400        mnmdd - ok

23:28:53.0801 2400        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

23:28:53.0957 2400        mnmsrvc - ok

23:28:53.0988 2400        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

23:28:54.0160 2400        Modem - ok

23:28:54.0191 2400        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

23:28:54.0332 2400        Mouclass - ok

23:28:54.0379 2400        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

23:28:54.0551 2400        mouhid - ok

23:28:54.0566 2400        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

23:28:54.0707 2400        MountMgr - ok

23:28:54.0754 2400        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe

23:28:54.0769 2400        MozillaMaintenance - ok

23:28:54.0785 2400        mraid35x - ok

23:28:54.0801 2400        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

23:28:54.0941 2400        MRxDAV - ok

23:28:55.0004 2400        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

23:28:55.0082 2400        MRxSmb - ok

23:28:55.0113 2400        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

23:28:55.0301 2400        MSDTC - ok

23:28:55.0332 2400        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

23:28:55.0488 2400        Msfs - ok

23:28:55.0504 2400        MSIServer - ok

23:28:55.0535 2400        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

23:28:55.0660 2400        MSKSSRV - ok

23:28:55.0676 2400        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

23:28:55.0816 2400        MSPCLOCK - ok

23:28:55.0832 2400        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

23:28:55.0972 2400        MSPQM - ok

23:28:56.0019 2400        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

23:28:56.0176 2400        mssmbios - ok

23:28:56.0222 2400        MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

23:28:56.0363 2400        MSTEE - ok

23:28:56.0410 2400        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

23:28:56.0457 2400        Mup - ok

23:28:56.0472 2400        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

23:28:56.0644 2400        NABTSFEC - ok

23:28:56.0722 2400        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

23:28:56.0879 2400        napagent - ok

23:28:56.0926 2400        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

23:28:57.0082 2400        NDIS - ok

23:28:57.0097 2400        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

23:28:57.0254 2400        NdisIP - ok

23:28:57.0301 2400        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

23:28:57.0347 2400        NdisTapi - ok

23:28:57.0363 2400        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

23:28:57.0519 2400        Ndisuio - ok

23:28:57.0566 2400        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

23:28:57.0722 2400        NdisWan - ok

23:28:57.0754 2400        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

23:28:57.0801 2400        NDProxy - ok

23:28:57.0832 2400        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

23:28:57.0972 2400        NetBIOS - ok

23:28:58.0004 2400        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

23:28:58.0144 2400        NetBT - ok

23:28:58.0191 2400        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

23:28:58.0363 2400        NetDDE - ok

23:28:58.0379 2400        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

23:28:58.0519 2400        NetDDEdsdm - ok

23:28:58.0566 2400        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

23:28:58.0707 2400        Netlogon - ok

23:28:58.0754 2400        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

23:28:58.0894 2400        Netman - ok

23:28:59.0035 2400        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:28:59.0051 2400        NetTcpPortSharing - ok

23:28:59.0066 2400        nhcAcpi_driver - ok

23:28:59.0066 2400        nhcDriverDevice - ok

23:28:59.0097 2400        NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

23:28:59.0254 2400        NIC1394 - ok

23:28:59.0316 2400        Nla             (4aa50627b01c0e9c6b4c6bd3af648f12) C:\WINDOWS\System32\mswsock.dll

23:28:59.0363 2400        Nla - ok

23:28:59.0410 2400        nmwcd           (b4e87d4f40c57d036e821bd06db1d1b7) C:\WINDOWS\system32\drivers\ccdcmb.sys

23:28:59.0488 2400        nmwcd - ok

23:28:59.0535 2400        nmwcdc          (bee0addf01d62725ddc2cc113d6b374c) C:\WINDOWS\system32\drivers\ccdcmbo.sys

23:28:59.0582 2400        nmwcdc - ok

23:28:59.0613 2400        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

23:28:59.0738 2400        Npfs - ok

23:28:59.0832 2400        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

23:29:00.0019 2400        Ntfs - ok

23:29:00.0082 2400        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

23:29:00.0207 2400        NtLmSsp - ok

23:29:00.0285 2400        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

23:29:00.0441 2400        NtmsSvc - ok

23:29:00.0519 2400        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

23:29:00.0676 2400        Null - ok

23:29:00.0707 2400        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

23:29:00.0863 2400        NwlnkFlt - ok

23:29:00.0894 2400        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

23:29:01.0051 2400        NwlnkFwd - ok

23:29:01.0222 2400        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

23:29:01.0269 2400        odserv - ok

23:29:01.0316 2400        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

23:29:01.0457 2400        ohci1394 - ok

23:29:01.0535 2400        ose             (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

23:29:01.0551 2400        ose - ok

23:29:01.0597 2400        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys

23:29:01.0785 2400        Parport - ok

23:29:01.0816 2400        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

23:29:01.0972 2400        PartMgr - ok

23:29:02.0051 2400        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

23:29:02.0222 2400        ParVdm - ok

23:29:02.0238 2400        PCASp50 - ok

23:29:02.0285 2400        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

23:29:02.0441 2400        PCI - ok

23:29:02.0457 2400        PCIDump - ok

23:29:02.0472 2400        PCIIde - ok

23:29:02.0519 2400        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

23:29:02.0691 2400        Pcmcia - ok

23:29:02.0691 2400        PDCOMP - ok

23:29:02.0707 2400        PDFRAME - ok

23:29:02.0722 2400        PDRELI - ok

23:29:02.0722 2400        PDRFRAME - ok

23:29:02.0738 2400        perc2 - ok

23:29:02.0754 2400        perc2hib - ok

23:29:02.0801 2400        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

23:29:02.0816 2400        PlugPlay - ok

23:29:02.0847 2400        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

23:29:02.0972 2400        PolicyAgent - ok

23:29:03.0019 2400        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

23:29:03.0176 2400        PptpMiniport - ok

23:29:03.0191 2400        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

23:29:03.0832 2400        Processor - ok

23:29:03.0832 2400        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

23:29:04.0035 2400        ProtectedStorage - ok

23:29:04.0066 2400        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

23:29:04.0254 2400        PSched - ok

23:29:04.0347 2400        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

23:29:04.0582 2400        Ptilink - ok

23:29:04.0613 2400        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

23:29:04.0676 2400        PxHelp20 - ok

23:29:04.0676 2400        ql1080 - ok

23:29:04.0691 2400        Ql10wnt - ok

23:29:04.0707 2400        ql12160 - ok

23:29:04.0707 2400        ql1240 - ok

23:29:04.0722 2400        ql1280 - ok

23:29:04.0832 2400        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

23:29:04.0972 2400        RasAcd - ok

23:29:05.0144 2400        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

23:29:05.0332 2400        RasAuto - ok

23:29:05.0597 2400        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

23:29:05.0816 2400        Rasl2tp - ok

23:29:06.0691 2400        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

23:29:06.0972 2400        RasMan - ok

23:29:07.0238 2400        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

23:29:07.0426 2400        RasPppoe - ok

23:29:07.0535 2400        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

23:29:07.0847 2400        Raspti - ok

23:29:08.0551 2400        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

23:29:08.0754 2400        Rdbss - ok

23:29:08.0879 2400        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

23:29:09.0035 2400        RDPCDD - ok

23:29:09.0097 2400        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

23:29:09.0144 2400        RDPWD - ok

23:29:09.0176 2400        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

23:29:09.0347 2400        RDSessMgr - ok

23:29:09.0394 2400        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

23:29:09.0551 2400        redbook - ok

23:29:09.0613 2400        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

23:29:09.0769 2400        RemoteAccess - ok

23:29:09.0801 2400        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

23:29:09.0941 2400        RpcLocator - ok

23:29:10.0004 2400        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll

23:29:10.0035 2400        RpcSs - ok

23:29:10.0097 2400        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

23:29:10.0254 2400        RSVP - ok

23:29:10.0301 2400        RTL8023xp       (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys

23:29:10.0363 2400        RTL8023xp - ok

23:29:10.0410 2400        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

23:29:10.0551 2400        SamSs - ok

23:29:10.0613 2400        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

23:29:10.0769 2400        SCardSvr - ok

23:29:10.0816 2400        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

23:29:10.0972 2400        Schedule - ok

23:29:11.0019 2400        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

23:29:11.0082 2400        Secdrv - ok

23:29:11.0113 2400        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

23:29:11.0285 2400        seclogon - ok

23:29:11.0332 2400        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

23:29:11.0472 2400        SENS - ok

23:29:11.0535 2400        Ser2pl          (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys

23:29:11.0582 2400        Ser2pl - ok

23:29:11.0629 2400        Serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

23:29:11.0785 2400        Serenum - ok

23:29:11.0801 2400        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys

23:29:11.0941 2400        Serial - ok

23:29:12.0051 2400        ServiceLayer    (78546cd2eca6dd6bdcd4b13048621f88) C:\Programme\PC Connectivity Solution\ServiceLayer.exe

23:29:12.0097 2400        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning

23:29:12.0097 2400        ServiceLayer - detected UnsignedFile.Multi.Generic (1)

23:29:12.0191 2400        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

23:29:12.0332 2400        Sfloppy - ok

23:29:12.0379 2400        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

23:29:12.0551 2400        SharedAccess - ok

23:29:12.0613 2400        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

23:29:12.0629 2400        ShellHWDetection - ok

23:29:12.0644 2400        Simbad - ok

23:29:12.0691 2400        SiSRaid2        (b8a2f8dcdc75f19962d975727f393920) C:\WINDOWS\system32\drivers\SiSRaid2.sys

23:29:12.0738 2400        SiSRaid2 - ok

23:29:12.0769 2400        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

23:29:12.0926 2400        SLIP - ok

23:29:12.0988 2400        snapman         (ffd9b64db2cd7b74b766c3a8452a5816) C:\WINDOWS\system32\DRIVERS\snapman.sys

23:29:13.0004 2400        snapman - ok

23:29:13.0019 2400        Sparrow - ok

23:29:13.0066 2400        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

23:29:13.0207 2400        splitter - ok

23:29:13.0254 2400        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

23:29:13.0285 2400        Spooler - ok

23:29:13.0394 2400        sptd            (a80cd850d69d996c832bea37e3a6aa1e) C:\WINDOWS\system32\Drivers\sptd.sys

23:29:13.0394 2400        Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: a80cd850d69d996c832bea37e3a6aa1e

23:29:13.0394 2400        sptd ( LockedFile.Multi.Generic ) - warning

23:29:13.0394 2400        sptd - detected LockedFile.Multi.Generic (1)

23:29:13.0426 2400        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

23:29:13.0519 2400        sr - ok

23:29:13.0551 2400        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

23:29:13.0629 2400        srservice - ok

23:29:13.0691 2400        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

23:29:13.0738 2400        Srv - ok

23:29:13.0785 2400        ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

23:29:13.0847 2400        ssadbus - ok

23:29:13.0894 2400        ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

23:29:13.0957 2400        ssadmdfl - ok

23:29:14.0019 2400        ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

23:29:14.0066 2400        ssadmdm - ok

23:29:14.0113 2400        ssadserd        (1a5a397bc459f346ab56492b61ef79f6) C:\WINDOWS\system32\DRIVERS\ssadserd.sys

23:29:14.0144 2400        ssadserd - ok

23:29:14.0191 2400        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

23:29:14.0269 2400        SSDPSRV - ok

23:29:14.0316 2400        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

23:29:14.0332 2400        ssmdrv - ok

23:29:14.0441 2400        StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

23:29:14.0457 2400        StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning

23:29:14.0457 2400        StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)

23:29:14.0519 2400        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

23:29:14.0707 2400        stisvc - ok

23:29:14.0738 2400        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

23:29:14.0879 2400        streamip - ok

23:29:14.0957 2400        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

23:29:15.0113 2400        swenum - ok

23:29:15.0144 2400        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

23:29:15.0301 2400        swmidi - ok

23:29:15.0332 2400        SwPrv - ok

23:29:15.0410 2400        symc810 - ok

23:29:15.0426 2400        symc8xx - ok

23:29:15.0441 2400        sym_hi - ok

23:29:15.0457 2400        sym_u3 - ok

23:29:15.0519 2400        SynTP           (6bef3acd6ee22eec55b68699e8aace09) C:\WINDOWS\system32\DRIVERS\SynTP.sys

23:29:15.0551 2400        SynTP - ok

23:29:15.0582 2400        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

23:29:15.0738 2400        sysaudio - ok

23:29:15.0769 2400        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

23:29:15.0941 2400        SysmonLog - ok

23:29:15.0988 2400        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

23:29:16.0144 2400        TapiSrv - ok

23:29:16.0207 2400        Tcpip           (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys

23:29:16.0238 2400        Tcpip - ok

23:29:16.0316 2400        Tcpip6          (f4a3c6abe7818b1b53f58fa1adb605cd) C:\WINDOWS\system32\DRIVERS\tcpip6.sys

23:29:16.0363 2400        Tcpip6 - ok

23:29:16.0394 2400        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

23:29:16.0551 2400        TDPIPE - ok

23:29:16.0660 2400        tdrpman251      (3630f5b8181554deecfe2e4252bc4c4c) C:\WINDOWS\system32\DRIVERS\tdrpm251.sys

23:29:16.0722 2400        tdrpman251 - ok

23:29:16.0754 2400        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

23:29:16.0910 2400        TDTCP - ok

23:29:16.0957 2400        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

23:29:17.0082 2400        TermDD - ok

23:29:17.0129 2400        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

23:29:17.0285 2400        TermService - ok

23:29:17.0332 2400        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

23:29:17.0347 2400        Themes - ok

23:29:17.0426 2400        timounter       (c820bfc70feb25ec877c49e81cd477c1) C:\WINDOWS\system32\DRIVERS\timntr.sys

23:29:17.0457 2400        timounter - ok

23:29:17.0472 2400        TosIde - ok

23:29:17.0519 2400        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

23:29:17.0676 2400        TrkWks - ok

23:29:17.0722 2400        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

23:29:17.0863 2400        Udfs - ok

23:29:17.0879 2400        ultra - ok

23:29:17.0941 2400        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

23:29:18.0097 2400        Update - ok

23:29:18.0160 2400        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

23:29:18.0238 2400        upnphost - ok

23:29:18.0285 2400        upperdev        (f5d2aa9d56a3a01a190d01cd961ba0e7) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys

23:29:18.0347 2400        upperdev - ok

23:29:18.0363 2400        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

23:29:18.0535 2400        UPS - ok

23:29:18.0597 2400        USBAAPL         (eafe1e00739afe6c51487a050e772e17) C:\WINDOWS\system32\Drivers\usbaapl.sys

23:29:18.0644 2400        USBAAPL - ok

23:29:18.0707 2400        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

23:29:18.0832 2400        usbaudio - ok

23:29:18.0863 2400        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

23:29:19.0004 2400        usbccgp - ok

23:29:19.0051 2400        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

23:29:19.0191 2400        usbehci - ok

23:29:19.0238 2400        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

23:29:19.0379 2400        usbhub - ok

23:29:19.0410 2400        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

23:29:19.0566 2400        usbprint - ok

23:29:19.0629 2400        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

23:29:19.0754 2400        usbscan - ok

23:29:19.0801 2400        UsbserFilt      (eb2d3830646e393776e1ef98ac76a43d) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys

23:29:19.0863 2400        UsbserFilt - ok

23:29:19.0894 2400        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

23:29:20.0035 2400        USBSTOR - ok

23:29:20.0066 2400        usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

23:29:20.0191 2400        usbuhci - ok

23:29:20.0222 2400        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

23:29:20.0363 2400        usbvideo - ok

23:29:20.0394 2400        usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

23:29:20.0551 2400        usb_rndisx - ok

23:29:20.0597 2400        VClone          (e69eb856ba6528d0373000683cc869a8) C:\WINDOWS\system32\DRIVERS\VClone.sys

23:29:20.0613 2400        VClone ( UnsignedFile.Multi.Generic ) - warning

23:29:20.0613 2400        VClone - detected UnsignedFile.Multi.Generic (1)

23:29:20.0629 2400        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

23:29:20.0769 2400        VgaSave - ok

23:29:20.0785 2400        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

23:29:20.0910 2400        ViaIde - ok

23:29:20.0972 2400        viamraid        (6aaa39dd79a8341ce0ef9249f21d6b89) C:\WINDOWS\system32\drivers\viamraid.sys

23:29:21.0004 2400        viamraid - ok

23:29:21.0051 2400        VIAudio         (7f1223060b10ad566b4f5b10b7db9b6c) C:\WINDOWS\system32\drivers\vinyl97.sys

23:29:21.0082 2400        VIAudio - ok

23:29:21.0113 2400        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

23:29:21.0254 2400        VolSnap - ok

23:29:21.0316 2400        vsdatant        (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys

23:29:21.0347 2400        vsdatant - ok

23:29:21.0394 2400        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

23:29:21.0472 2400        VSS - ok

23:29:21.0629 2400        vvdsvc          (9e8c7a7b8a98e4f6ccbbf9f88a1c111f) C:\WINDOWS\system32\nagasoft\vjocx.dll

23:29:21.0722 2400        vvdsvc - ok

23:29:21.0894 2400        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

23:29:22.0066 2400        W32Time - ok

23:29:22.0129 2400        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

23:29:22.0254 2400        Wanarp - ok

23:29:22.0285 2400        WDC_SAM         (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

23:29:22.0316 2400        WDC_SAM - ok

23:29:22.0379 2400        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

23:29:22.0410 2400        Wdf01000 - ok

23:29:22.0426 2400        WDICA - ok

23:29:22.0457 2400        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

23:29:22.0629 2400        wdmaud - ok

23:29:22.0660 2400        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

23:29:22.0816 2400        WebClient - ok

23:29:22.0894 2400        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

23:29:23.0051 2400        winmgmt - ok

23:29:23.0129 2400        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll

23:29:23.0207 2400        WmdmPmSN - ok

23:29:23.0222 2400        WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

23:29:23.0379 2400        WmiAcpi - ok

23:29:23.0441 2400        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

23:29:23.0582 2400        WmiApSrv - ok

23:29:23.0754 2400        WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe

23:29:23.0816 2400        WMPNetworkSvc - ok

23:29:23.0847 2400        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

23:29:23.0879 2400        WpdUsb - ok

23:29:23.0910 2400        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

23:29:24.0051 2400        wscsvc - ok

23:29:24.0097 2400        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

23:29:24.0238 2400        WSTCODEC - ok

23:29:24.0363 2400        WTGService      (d7e88349be0f01e4d8d776adb1f325bf) C:\Programme\Verbindungsassistent\WTGService.exe

23:29:24.0394 2400        WTGService - ok

23:29:24.0426 2400        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

23:29:24.0566 2400        wuauserv - ok

23:29:24.0613 2400        WudfPf          (50eb9e21963b4f06fd010d007d54351b) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

23:29:24.0691 2400        WudfPf - ok

23:29:24.0722 2400        WudfRd          (6e209664bdea8a15b5e8e480d6c607c2) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

23:29:24.0754 2400        WudfRd - ok

23:29:24.0801 2400        WudfSvc         (ae93084d2d236887ba56467ae42b4955) C:\WINDOWS\System32\WUDFSvc.dll

23:29:24.0816 2400        WudfSvc - ok

23:29:24.0894 2400        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

23:29:25.0066 2400        WZCSVC - ok

23:29:25.0113 2400        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

23:29:25.0254 2400        xmlprov - ok

23:29:25.0426 2400        zlportio - ok

23:29:25.0519 2400        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

23:29:26.0191 2400        \Device\Harddisk0\DR0 - ok

23:29:26.0207 2400        Boot (0x1200)   (5fb9a182921de21126d928101ada8828) \Device\Harddisk0\DR0\Partition0

23:29:26.0207 2400        \Device\Harddisk0\DR0\Partition0 - ok

23:29:26.0238 2400        Boot (0x1200)   (a354910525235eb453f70461b090024b) \Device\Harddisk0\DR0\Partition1

23:29:26.0254 2400        \Device\Harddisk0\DR0\Partition1 - ok

23:29:26.0301 2400        Boot (0x1200)   (5d15734e3741b276997e91f88cc7409b) \Device\Harddisk0\DR0\Partition2

23:29:26.0301 2400        \Device\Harddisk0\DR0\Partition2 - ok

23:29:26.0301 2400        ============================================================

23:29:26.0301 2400        Scan finished

23:29:26.0301 2400        ============================================================

23:29:26.0426 3120        Detected object count: 14

23:29:26.0426 3120        Actual detected object count: 14

23:30:02.0019 3120        ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0019 3120        ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0019 3120        Aspi32 ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0019 3120        Aspi32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0019 3120        avmeject ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0019 3120        avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0019 3120        CCALib8 ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0019 3120        CCALib8 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0035 3120        CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0035 3120        CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0035 3120        CLSched ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0035 3120        CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0035 3120        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0035 3120        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0035 3120        CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0035 3120        CyberLink Media Library Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0035 3120        ElbyCDFL ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0035 3120        ElbyCDFL ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0035 3120        GEARSecurity ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0035 3120        GEARSecurity ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0051 3120        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0051 3120        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0051 3120        sptd ( LockedFile.Multi.Generic ) - skipped by user

23:30:02.0051 3120        sptd ( LockedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0051 3120        StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0051 3120        StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:30:02.0051 3120        VClone ( UnsignedFile.Multi.Generic ) - skipped by user

23:30:02.0051 3120        VClone ( UnsignedFile.Multi.Generic ) - User select action: Skip

Ich hofffe, das hilft weiter!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

So habs ausgeführt und siehe da, die Symbole auf dem Desktop sind nach einem Neustart wieder da!
Das File lässst sich anscheinend nur als Anhang einfügen und so auch nur gezippt, da es ansonsten zu groß ist.
Firefox war nach dem Öffnen nicht mehr Standartbrowser, ansonsten schein aber alles normal zu funktionieren.

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

Firefox::

FF - ProfilePath - c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\

FF - prefs.js: browser.startup.homepage - http://www.elmundo.es/

FF - prefs.js: keyword.URL - http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hier das Log das erstellt wurde:

Code:

ComboFix 12-06-12.01 - Hammann 12.06.2012  20:10:58.4.1 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1023.598 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\Hammann\Eigene Dateien\Downloads\ComboFix.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Hammann\Desktop\CFScript.txt

AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Outdated* {00000000-0000-0000-0000-000000000000}

AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD100-FFA4-00DA-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD408-FFA4-00DA-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD408-FFA4-00EB-0D24-347CA8A3377C}

AV: AntiVir PersonalEdition Classic Virenschutz *Enabled/Updated* {804FD408-FFA4-00FC-0D24-347CA8A3377C}

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-05-12 bis 2012-06-12  ))))))))))))))))))))))))))))))

.

.

2012-06-01 13:32 . 2012-06-01 14:12        --------        d---a-w-        C:\Kaspersky Rescue Disk 10.0

2012-05-21 23:37 . 2012-05-23 09:57        --------        d-----w-        C:\MEGA2

2012-05-21 17:10 . 2012-05-21 17:10        --------        d-----w-        c:\programme\Alcohol Soft

2012-05-21 07:02 . 2012-05-21 07:02        --------        d-----w-        c:\windows\system32\wbem\Repository

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 13:22 . 2005-10-06 18:10        604160        ----a-w-        c:\windows\system32\crypt32.dll

2012-05-21 17:04 . 2006-11-10 12:00        722416        ----a-w-        c:\windows\system32\drivers\sptd.sys

2012-05-09 06:08 . 2011-11-02 07:54        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-05-09 06:08 . 2011-11-02 07:54        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-04-16 14:31 . 2012-04-06 08:55        418464        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-04-16 14:31 . 2011-05-18 11:41        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-11 13:51 . 2004-08-04 00:50        2071424        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2012-04-11 13:51 . 2005-10-06 18:10        1862400        ----a-w-        c:\windows\system32\win32k.sys

2012-04-11 13:51 . 2005-10-06 18:10        2194944        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-04-03 10:38 . 2009-10-17 02:08        73728        ----a-w-        c:\windows\system32\javacpl.cpl

2012-04-03 10:38 . 2010-11-28 19:54        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2012-04-25 22:57 . 2011-05-06 15:15        97208        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll

2006-05-03 09:06        163328        --sh--r-        c:\windows\system32\flvDX.dll

2007-02-21 10:47        31232        --sh--r-        c:\windows\system32\msfDX.dll

2008-03-16 12:30        216064        --sh--r-        c:\windows\system32\nbDX.dll

2009-10-31 10:08        207808        --sh--r-        c:\windows\system32\prapproxy32.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58        94208        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58        94208        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58        94208        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58        94208        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlcoholAutomount"="c:\programme\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-30 203928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 02:22        15360        ----a-w-        c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

2006-03-30 14:45        313472        ----a-r-        c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\CyberLink\\PowerCinema\\PowerCinema.exe"=

"e:\\Programme\\Age of Empire II\\age2_x1 k.exe"=

"c:\\WINDOWS\\system32\\dplaysvr.exe"=

"c:\\Programme\\LimeWire 4.2.6 Pro\\LimeWire.exe"=

"c:\\Programme\\CuteSoft\\NetSkat\\Netskat.exe"=

"e:\\Programme\\Commandos 3 - Destination Berlin\\Commandos3.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

"e:\\Programme\\Command and Conquer Generäle\\game.dat"=

"e:\\Programme\\Jedi Night- Jedi Academy\\GameData\\jamp.exe"=

"c:\\Programme\\PPLive\\PPLive.exe"=

"c:\\Programme\\TVAnts\\Tvants.exe"=

"c:\\Programme\\PPStream\\PPStream.exe"=

"c:\\Programme\\SopCast\\SopCast.exe"=

"c:\\Programme\\PPMate\\ppmate.exe"=

"c:\\Dokumente und Einstellungen\\Hammann\\Eigene Dateien\\Abischnitt_2007\\PPStream.exe"=

"c:\\Programme\\LeechFTP\\Leechftp.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"e:\\Programme\\FIFA 2001\\FIFA2001.ICD"=

"c:\\Programme\\TVUPlayer\\TVUPlayer.exe"=

"c:\\Programme\\PPStream\\PPSAP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=

"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Programme\\Java\\jre6\\bin\\java.exe"=

"c:\\Programme\\Air Mouse\\Air Mouse\\Air Mouse.exe"=

"c:\\Programme\\SparVoip.de\\SparVoip\\SparVoip.exe"=

"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Dokumente und Einstellungen\\Hammann\\Anwendungsdaten\\SopCast\\adv\\SopAdver.exe"=

"c:\\WINDOWS\\system32\\rtcshare.exe"=

"c:\\Programme\\SopCast\\adv\\SopAdver.exe"=

"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Programme\\Logitech\\Vid HD\\Vid.exe"=

"c:\\Programme\\Mozilla Firefox\\plugin-container.exe"=

"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\WINDOWS\\system32\\muzapp.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"e:\\Programme\\iTunes\\iTunes.exe"=

"c:\\Programme\\Veetle\\Player\\VeetleNet.exe"=

"c:\\Programme\\Skype\\Phone\\Skype.exe"=

"c:\\Dokumente und Einstellungen\\Hammann\\Anwendungsdaten\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.11.2006 14:00 722416]

R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [23.11.2010 05:40 902432]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [02.11.2011 09:54 36000]

R2 afcdpsrv;Acronis Nonstop Backup service;c:\programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe [23.11.2010 05:41 2326920]

R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [02.11.2011 09:54 86224]

R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [22.09.2010 23:01 652360]

R2 WTGService;WTGService;c:\programme\Verbindungsassistent\WTGService.exe [03.01.2010 19:01 296400]

R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [23.11.2010 05:41 159168]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.09.2010 23:01 20464]

S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [16.07.2009 15:08 133104]

S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [06.10.2005 20:10 14336]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06.04.2012 10:55 253088]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [04.01.2012 14:08 30312]

S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [26.08.2009 22:07 4352]

S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [04.01.2012 13:44 20032]

S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\drivers\fwlanusbn.sys [26.08.2009 22:06 440832]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [16.07.2009 15:08 133104]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [26.04.2012 00:58 129976]

S3 nhcAcpi_driver;Notebook Hardware Control ACPI Driver;\??\c:\windows\system32\drivers\nhcAcpi.sys --> c:\windows\system32\drivers\nhcAcpi.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [04.01.2012 14:08 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [04.01.2012 14:08 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [04.01.2012 14:08 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [04.01.2012 14:08 114280]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [07.11.2010 20:57 11520]

S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [06.10.2005 20:10 14336]

S3 zlportio;zlportio;\??\e:\programme\Ultrastar\zlportio.sys --> e:\programme\Ultrastar\zlportio.sys [?]

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - IPHLPSVC

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

vvdsvc        REG_MULTI_SZ           vvdsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 14:31]

.

2012-05-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]

.

2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-16 13:08]

.

2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-16 13:08]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.zdf.de/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.178.1

DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab

FF - ProfilePath - c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-06-12 20:20

Windows 5.1.2600 Service Pack 3 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'winlogon.exe'(1464)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(4084)

c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Zeit der Fertigstellung: 2012-06-12  20:24:46

ComboFix-quarantined-files.txt  2012-06-12 18:24

ComboFix2.txt  2012-06-12 14:17

ComboFix3.txt  2010-10-01 08:24

ComboFix4.txt  2010-09-30 08:46

.

Vor Suchlauf: 1.095.163.904 Bytes frei

Nach Suchlauf: 1.065.881.600 Bytes frei

.

- - End Of File - - 27F727369AAC82C5597A25F279C6DF0D

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Also hier man das File von gmer:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-06-13 10:26:35

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM160HC rev.LQ100-10

Running: fem0h524.exe; Driver: C:\DOKUME~1\Hammann\LOKALE~1\Temp\kxroqfow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            F7BFDE8C                                                                                                              ZwClose

SSDT            F7BFDE46                                                                                                              ZwCreateKey

SSDT            F7BFDE96                                                                                                              ZwCreateSection

SSDT            F7BFDE3C                                                                                                              ZwCreateThread

SSDT            F7BFDE4B                                                                                                              ZwDeleteKey

SSDT            F7BFDE55                                                                                                              ZwDeleteValueKey

SSDT            F7BFDE87                                                                                                              ZwDuplicateObject

SSDT            spzt.sys                                                                                                              ZwEnumerateKey [0xF7379DA4]

SSDT            spzt.sys                                                                                                              ZwEnumerateValueKey [0xF737A132]

SSDT            F7BFDE5A                                                                                                              ZwLoadKey

SSDT            spzt.sys                                                                                                              ZwOpenKey [0xF735B0C0]

SSDT            F7BFDE28                                                                                                              ZwOpenProcess

SSDT            F7BFDE2D                                                                                                              ZwOpenThread

SSDT            spzt.sys                                                                                                              ZwQueryKey [0xF737A20A]

SSDT            F7BFDEAF                                                                                                              ZwQueryValueKey

SSDT            F7BFDE64                                                                                                              ZwReplaceKey

SSDT            F7BFDEA0                                                                                                              ZwRequestWaitReplyPort

SSDT            F7BFDE5F                                                                                                              ZwRestoreKey

SSDT            F7BFDE9B                                                                                                              ZwSetContextThread

SSDT            F7BFDEA5                                                                                                              ZwSetSecurityObject

SSDT            F7BFDE50                                                                                                              ZwSetValueKey

SSDT            F7BFDEAA                                                                                                              ZwSystemDebugControl

SSDT            F7BFDE37                                                                                                              ZwTerminateProcess
 

INT 0x62        ?                                                                                                                     8756ABF8

INT 0x74        ?                                                                                                                     872BFBF8

INT 0x74        ?                                                                                                                     872BFBF8

INT 0x74        ?                                                                                                                     872BFBF8

INT 0x74        ?                                                                                                                     872BFBF8

INT 0x74        ?                                                                                                                     872BFBF8

INT 0x74        ?                                                                                                                     872BFBF8

INT 0x82        ?                                                                                                                     8756ABF8

INT 0xB1        ?                                                                                                                     8756DBF8

INT 0xB1        ?                                                                                                                     8756DBF8

INT 0xB4        ?                                                                                                                     8756DBF8
 

---- Kernel code sections - GMER 1.0.15 ----
 

?               spzt.sys                                                                                                              Das System kann die angegebene Datei nicht finden. !

.text           USBPORT.SYS!DllUnload                                                                                                 F64B38AC 5 Bytes  JMP 872BF1D8 

.text           a6pfarg8.SYS                                                                                                          F6366386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]

.text           a6pfarg8.SYS                                                                                                          F63663AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]

.text           a6pfarg8.SYS                                                                                                          F63663C4 3 Bytes  [00, 70, 02] {ADD [EAX+0x2], DH}

.text           a6pfarg8.SYS                                                                                                          F63663C9 1 Byte  [2E]

.text           a6pfarg8.SYS                                                                                                          F63663C9 11 Bytes  [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}

.text           ...                                                                                                                   

?               System32\Drivers\acybl2pt.SYS                                                                                         Das System kann den angegebenen Pfad nicht finden. !

.text           C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                              section is writeable [0xEBCFB000, 0x328BA, 0xE8000020]

.pklstb         C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                              entry point in ".pklstb" section [0xEBD3F000]

.relo2          C:\WINDOWS\system32\drivers\ACEDRV07.sys                                                                              unknown last section [0xEBD5B000, 0x8E, 0x42000040]
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                    [F735C042] spzt.sys

IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                            [F735C13E] spzt.sys

IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                   [F735C0C0] spzt.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                           [F735C800] spzt.sys

IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                   [F735C6D6] spzt.sys

IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                    [F736BE9C] spzt.sys

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!KfAcquireSpinLock]                                                  CCCCCCC3

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!READ_PORT_UCHAR]                                                    CCCCCCCC

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!KeGetCurrentIrql]                                                   CCCCCCCC

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!KfRaiseIrql]                                                        CCCCCCCC

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!KfLowerIrql]                                                        8BEC8B55

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!HalGetInterruptVector]                                              00C73445

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!HalTranslateBusAddress]                                             00000000

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!KeStallExecutionProcessor]                                          830C458B

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!KfReleaseSpinLock]                                                  C0840CEC

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                            053C0D74

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!READ_PORT_USHORT]                                                   57B80974

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                           8B000000

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                   56C35DE5

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[WMILIB.SYS!WmiSystemControl]                                                8D51FC4D

IAT             \SystemRoot\System32\Drivers\a6pfarg8.SYS[WMILIB.SYS!WmiCompleteRequest]                                              8D52FD55
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\WINDOWS\Explorer.EXE[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]                             [00C63880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\WINDOWS\Explorer.EXE[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                    [00C63930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\WINDOWS\Explorer.EXE[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]                                  [00C63A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

IAT             C:\WINDOWS\Explorer.EXE[2500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                        [00C639D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                                875D61F8
 

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
 

Device          \Driver\sptd \Device\405503274                                                                                        spzt.sys
 

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                               Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                               Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
 

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                      872BE1F8

Device          \Driver\usbuhci \Device\USBPDO-1                                                                                      872BE1F8

Device          \Driver\usbuhci \Device\USBPDO-2                                                                                      872BE1F8

Device          \Driver\usbuhci \Device\USBPDO-3                                                                                      872BE1F8

Device          \Driver\usbehci \Device\USBPDO-4                                                                                      872D21F8

Device          \Driver\PCI_PNP7024 \Device\00000062                                                                                  spzt.sys

Device          \Driver\PCI_PNP7024 \Device\00000063                                                                                  spzt.sys

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                8756B1F8
 

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                snapman.sys (Acronis Snapshot API/Acronis)
 

Device          \Driver\NetBT \Device\NetBT_Tcpip_{CD834581-2D0F-4C28-85BC-3ECC3508D4EE}                                              86D161F8

Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                8756B1F8
 

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                snapman.sys (Acronis Snapshot API/Acronis)
 

Device          \Driver\Cdrom \Device\CdRom0                                                                                          872CF1F8

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                           [F72D4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                    [F72D4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                    [F72D4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                           [F72D4B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device          \Driver\Cdrom \Device\CdRom1                                                                                          872CF1F8

Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                8756B1F8
 

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                                tdrpm251.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                                sr.sys (Dateisystemfilter-Treiber der Systemwiederherstellung/Microsoft Corporation)

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                                snapman.sys (Acronis Snapshot API/Acronis)
 

Device          \Driver\Cdrom \Device\CdRom2                                                                                          872CF1F8

Device          \Driver\Cdrom \Device\CdRom3                                                                                          872CF1F8

Device          \Driver\Cdrom \Device\CdRom4                                                                                          872CF1F8

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                               86D161F8

Device          \Driver\NetBT \Device\NetbiosSmb                                                                                      86D161F8

Device          \Driver\NetBT \Device\NetBT_Tcpip_{FFB665D1-56CF-4497-9200-0665B76BB699}                                              86D161F8

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                      872BE1F8

Device          \Driver\usbuhci \Device\USBFDO-1                                                                                      872BE1F8

Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                     868911F8

Device          \Driver\usbuhci \Device\USBFDO-2                                                                                      872BE1F8

Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                           868911F8

Device          \Driver\usbuhci \Device\USBFDO-3                                                                                      872BE1F8

Device          \Driver\usbehci \Device\USBFDO-4                                                                                      872D21F8

Device          \Driver\Ftdisk \Device\FtControl                                                                                      8756B1F8

Device          \Driver\sptd \Device\405347024                                                                                        spzt.sys

Device          \Driver\acybl2pt \Device\Scsi\acybl2pt1                                                                               871EA1F8

Device          \Driver\a6pfarg8 \Device\Scsi\a6pfarg81                                                                               871F9500

Device          \Driver\VClone \Device\Scsi\VClone1                                                                                   875D91F8

Device          \Driver\viamraid \Device\Scsi\viamraid1                                                                               875691F8

Device          \Driver\VClone \Device\Scsi\VClone1Port0Path0Target0Lun0                                                              875D91F8

Device          \Driver\a6pfarg8 \Device\Scsi\a6pfarg81Port5Path0Target0Lun0                                                          871F9500

Device          \Driver\acybl2pt \Device\Scsi\acybl2pt1Port4Path0Target0Lun0                                                          871EA1F8

Device          \Driver\VClone \Device\Scsi\VClone1Port0Path0Target1Lun0                                                              875D91F8

Device          \FileSystem\Cdfs \Cdfs                                                                                                87181500
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       0

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0xD6 0x86 0x94 0x4A ...

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x0E 0x15 0xBD 0xC8 ...

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x38 0xFF 0x92 0x56 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0xD6 0x86 0x94 0x4A ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x0E 0x15 0xBD 0xC8 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x38 0xFF 0x92 0x56 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       0

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0xD6 0x86 0x94 0x4A ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x0E 0x15 0xBD 0xC8 ...

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   

Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x38 0xFF 0x92 0x56 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       0

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0xD6 0x86 0x94 0x4A ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x0E 0x15 0xBD 0xC8 ...

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   

Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x38 0xFF 0x92 0x56 ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       0

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0xD6 0x86 0x94 0x4A ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x0E 0x15 0xBD 0xC8 ...

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   

Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x38 0xFF 0x92 0x56 ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 120\

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       1

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x15 0x81 0x38 0x45 ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x76 0xB3 0x83 0x9E ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xEA 0x14 0xAE 0xD3 ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       0

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0xD6 0x86 0x94 0x4A ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x0E 0x15 0xBD 0xC8 ...

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   

Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x38 0xFF 0x92 0x56 ...

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       0

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0xD6 0x86 0x94 0x4A ...

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x0E 0x15 0xBD 0xC8 ...

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   

Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x38 0xFF 0x92 0x56 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                    1266529610

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                    359103737

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                    2

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                   C:\Programme\Alcohol Soft\Alcohol 120\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0x15 0x81 0x38 0x45 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                             

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                          0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                       0x76 0xB3 0x83 0x9E ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                0x4A 0x94 0x4C 0x14 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                      

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                   C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                   0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                0xD6 0x86 0x94 0x4A ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                             

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                          0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                       0x0E 0x15 0xBD 0xC8 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                       

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                 0x38 0xFF 0x92 0x56 ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 120\

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       1

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x15 0x81 0x38 0x45 ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x76 0xB3 0x83 0x9E ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0x4A 0x94 0x4C 0x14 ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools\

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       0

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0xD6 0x86 0x94 0x4A ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x0E 0x15 0xBD 0xC8 ...

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   

Reg             HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x38 0xFF 0x92 0x56 ...
 

---- EOF - GMER 1.0.15 ----

Hier das von osam:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 10:37:30 on 13.06.2012
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Mozilla Corporation Firefox 12.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"NeroBurnRights.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\NeroBurnRights.cpl

"TWEAKUI.CPL" - "Brummelchen@gmx.at" - C:\WINDOWS\system32\TWEAKUI.CPL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

"QuickTime" - "Apple Inc." - C:\Programme\QuickTime Alternative\QTSystem\QuickTime.cpl

"SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP1.CPL
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%SystemRoot%\system32\tcpipcfg.dll,-50004" (tdx) - ? - C:\WINDOWS\System32\DRIVERS\tdx.sys  (File not found)

"a6pfarg8" (a6pfarg8) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a6pfarg8.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)

"ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV07.sys

"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys

"Acronis Try&Decide and Restore Points filter (build 251)" (tdrpman251) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tdrpm251.sys

"acybl2pt" (acybl2pt) - ? - C:\WINDOWS\system32\drivers\acybl2pt.sys  (Hidden registry entry, rootkit activity | File not found)

"afcdp" (afcdp) - "Acronis" - C:\WINDOWS\System32\DRIVERS\afcdp.sys

"Aspi32" (Aspi32) - "Adaptec" - C:\WINDOWS\system32\drivers\Aspi32.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys

"AVM Eject" (avmeject) - "AVM Berlin" - C:\WINDOWS\System32\drivers\avmeject.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

"dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\WINDOWS\System32\drivers\dgderdrv.sys

"ElbyCDFL" (ElbyCDFL) - "SlySoft, Inc." - C:\WINDOWS\System32\Drivers\ElbyCDFL.sys

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys

"ElbyDelay" (ElbyDelay) - "Elaborate Bytes AG" - C:\WINDOWS\System32\Drivers\ElbyDelay.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"kxroqfow" (kxroqfow) - ? - C:\DOKUME~1\Hammann\LOKALE~1\Temp\kxroqfow.sys  (Hidden registry entry, rootkit activity | File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys

"Notebook Hardware Control ACPI Driver" (nhcAcpi_driver) - ? - C:\WINDOWS\system32\drivers\nhcAcpi.sys  (File not found)

"Notebook Hardware Control Driver" (nhcDriverDevice) - ? - C:\WINDOWS\system32\drivers\nhcDriver.sys  (File not found)

"PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\WINDOWS\System32\Drivers\PCASp50.sys  (File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"VClone" (VClone) - "Elaborate Bytes AG" - C:\WINDOWS\System32\DRIVERS\VClone.sys

"vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

"zlportio" (zlportio) - ? - E:\Programme\Ultrastar\zlportio.sys  (File not found)
 

[Explorer]

-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll

{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Programme\Acronis\TrueImageHome\tishell.dll

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{FCF608CF-5716-47C3-A1A8-991D873AF72B} "Delphi Context Menu Shell Extension Example" - ? - C:\Programme\Exifer\exifershellext.dll  (File found, but it contains no detailed information)

{92085AD4-F48A-450D-BD93-B28CC7DF67CE} "eBay Toolbar" - ? -   (File not found | COM-object registry key not found)

{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)

{EBDF1F20-C829-11D1-8233-0020AF3E97A9} "IPS Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - E:\Programme\iTunes\iTunesMiniPlayer.dll

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -   (File not found | COM-object registry key not found)

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll

{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Programme\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL

{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.61 Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)

{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.61 Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)

{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.61 DragDrop Shell Extension" - ? -   (File not found | COM-object registry key not found)

{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.61 Property Sheet Shell Extension" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} "BatchDownloader Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\DigWXMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab

{A8482EAF-A1F3-4934-AE3F-56EB195A50BF} "DeskUpdate - Activex Control" - "Fujitsu Siemens Computers" - C:\WINDOWS\DOWNLO~1\activex.ocx / hxxp://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab

{3B36B017-7E49-426B-95B0-B5CECD83C2E2} "IfolorUploader Control" - "Ifolor AG" - C:\WINDOWS\DOWNLO~1\IFOLOR~1.OCX / hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab

{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx / hxxp://www.extrafilm.de/ImageUploader5.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_20\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{9122D757-5A4F-4768-82C5-B4171D8556A7} "PhotoPickConvert Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\PhtPkMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab

{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash32_11_2_202_233.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab

{406B5949-7190-4245-91A9-30A17DE16AD0} "Snapfish Activia" - "Snapfish" - C:\WINDOWS\Downloaded Program Files\SnapfishActivia1000.ocx / hxxp://www3.snapfish.de/SnapfishActivia.cab

{D4003189-95B1-4A2F-9A87-F2B03665960D} "VodClient Control Class" - ? - C:\WINDOWS\system32\nagasoft\vjocx.dll  (File not found) / hxxp://www.vexcast.com/download/vexcast.cab

{00000055-9980-0010-8000-00AA00389B71} "{00000055-9980-0010-8000-00AA00389B71}" - ? -   (File not found | COM-object registry key not found) / hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"AlcoholAutomount" - "Alcohol Soft Development Team" - "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"ATIPTA" - "ATI Technologies, Inc." - "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Oki Common XP Language Monitor" - "Oki Data Corporation" - C:\WINDOWS\system32\OKLMON32.DLL

"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"@%SystemRoot%\system32\iphlpsvc.dll,-200" (iphlpsvc) - ? - C:\WINDOWS\System32\iphlpsvc.dll  (File not found)

"Acronis Nonstop Backup service" (afcdpsrv) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\CDP\afcdpsrv.exe

"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe

"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe

"CyberLink Background Capture Service (CBCS)" (CLCapSvc) - ? - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

"CyberLink Media Library Service" (CyberLink Media Library Service) - "Cyberlink" - C:\Programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

"CyberLink Task Scheduler (CTS)" (CLSched) - ? - C:\Programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe

"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe

"GEARSecurity" (GEARSecurity) - "GEAR Software" - C:\WINDOWS\System32\GEARSEC.EXE

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE

"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe

"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Programme\PC Connectivity Solution\ServiceLayer.exe

"StarWind AE Service" (StarWindServiceAE) - "Rocket Division Software" - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Defender" (WinDefend) - ? - C:\Programme\Windows Defender\mpsvc.dll  (File not found)

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"WTGService" (WTGService) - ? - C:\Programme\Verbindungsassistent\WTGService.exe  (File found, but it contains no detailed information)
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Ja bitte sehr:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-06-13 10:39:07

-----------------------------

10:39:07.437    OS Version: Windows 5.1.2600 Service Pack 3

10:39:07.437    Number of processors: 1 586 0x2402

10:39:07.437    ComputerName: NOTEBOOK_CH  UserName: Hammann

10:39:07.843    Initialize success

10:41:23.500    AVAST engine defs: 12061201

10:41:49.390    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

10:41:49.406    Disk 0 Vendor: SAMSUNG_HM160HC LQ100-10 Size: 152627MB BusType: 3

10:41:49.468    Disk 0 MBR read successfully

10:41:49.468    Disk 0 MBR scan

10:41:49.578    Disk 0 Windows XP default MBR code

10:41:49.593    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        30937 MB offset 63

10:41:49.593    Disk 0 Partition - 00     0F Extended LBA            121687 MB offset 63360360

10:41:49.640    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       111443 MB offset 63360423

10:41:49.640    Disk 0 Partition - 00     05     Extended             10244 MB offset 291595815

10:41:49.687    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        10244 MB offset 291595878

10:41:49.750    Disk 0 scanning sectors +312576705

10:41:49.937    Disk 0 scanning C:\WINDOWS\system32\drivers

10:42:35.828    Service scanning

10:42:49.593    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

10:42:54.281    Modules scanning

10:43:32.625    Disk 0 trace - called modules:

10:43:32.656    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spzt.sys >>UNKNOWN [0x8758b938]<<

10:43:32.656    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87534ab8]

10:43:32.656    3 CLASSPNP.SYS[f75ccfd7] -> nt!IofCallDriver -> \Device\0000008e[0x8747c9e8]

10:43:32.656    5 ACPI.sys[f7319620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8747cd98]

10:43:34.375    AVAST engine scan C:\WINDOWS

10:44:07.781    AVAST engine scan C:\WINDOWS\system32

10:47:36.734    File: C:\WINDOWS\system32\prapproxy32.dll  **INFECTED** Win32:Kryptik-GHU [Trj]

10:51:44.109    AVAST engine scan C:\WINDOWS\system32\drivers

10:52:38.187    AVAST engine scan C:\Dokumente und Einstellungen\Hammann

11:25:47.062    AVAST engine scan C:\Dokumente und Einstellungen\All Users

11:30:07.875    Scan finished successfully

11:33:29.375    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Hammann\Desktop\MBR.dat"

11:33:29.375    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Hammann\Desktop\aswMBR.txt"

Eine Datei ist uns durch die Lappen gegangen

=> C:\WINDOWS\system32\prapproxy32.dll

Lad die mal bei uns hoch => http://www.trojaner-board.de/54791-a...ner-board.html
Versuch sie dann mal manuell zu löschen

Ich finde die Datei leider nicht. Weder mit der Windows Suche noch manuell mit versteckten Dateien anzeigen.

Mach einen OTL-Fix, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL):

Code:

:Files

C:\WINDOWS\system32\prapproxy32.dll

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Ok hab den Fix gemacht und den gezippten Ordner hochgeladen.
Hier das Log:

Code:

========== FILES ==========

C:\WINDOWS\system32\prapproxy32.dll moved successfully.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.46.0 log created on 06132012_233907

Mach bitte ein neues Log mit aswMBR

Bitte sehr:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-06-14 13:00:03

-----------------------------

13:00:03.484    OS Version: Windows 5.1.2600 Service Pack 3

13:00:03.484    Number of processors: 1 586 0x2402

13:00:03.484    ComputerName: NOTEBOOK_CH  UserName: Hammann

13:00:03.796    Initialize success

13:09:23.484    AVAST engine defs: 12061400

13:21:52.281    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

13:21:52.281    Disk 0 Vendor: SAMSUNG_HM160HC LQ100-10 Size: 152627MB BusType: 3

13:21:52.296    Disk 0 MBR read successfully

13:21:52.296    Disk 0 MBR scan

13:21:52.859    Disk 0 Windows XP default MBR code

13:21:52.859    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        30937 MB offset 63

13:21:54.687    Disk 0 Partition - 00     0F Extended LBA            121687 MB offset 63360360

13:21:54.750    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       111443 MB offset 63360423

13:21:55.062    Disk 0 Partition - 00     05     Extended             10244 MB offset 291595815

13:21:55.093    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        10244 MB offset 291595878

13:21:55.203    Disk 0 scanning sectors +312576705

13:21:55.750    Disk 0 scanning C:\WINDOWS\system32\drivers

13:22:19.203    Service scanning

13:22:34.828    Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32

13:22:39.734    Modules scanning

13:22:47.296    Disk 0 trace - called modules:

13:22:47.328    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spah.sys >>UNKNOWN [0x8758b938]<<

13:22:47.328    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x874e3920]

13:22:47.328    3 CLASSPNP.SYS[f75ccfd7] -> nt!IofCallDriver -> \Device\0000008e[0x8747b9e8]

13:22:47.328    5 ACPI.sys[f7319620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8747bd98]

13:22:47.593    AVAST engine scan C:\WINDOWS

13:23:01.718    AVAST engine scan C:\WINDOWS\system32

13:26:41.859    AVAST engine scan C:\WINDOWS\system32\drivers

13:27:01.375    AVAST engine scan C:\Dokumente und Einstellungen\Hammann

13:43:12.875    AVAST engine scan C:\Dokumente und Einstellungen\All Users

13:45:36.343    Scan finished successfully

14:33:38.984    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Hammann\Desktop\MBR.dat"

14:33:39.015    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Hammann\Desktop\aswMBR.txt"

14:37:02.593    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Hammann\Eigene Dateien\doc\MBR.dat"

14:37:02.593    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Hammann\Eigene Dateien\doc\aswMBR.txt"

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hier schonmal das Log von Malware:

Code:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.14.07
 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Hammann :: NOTEBOOK_CH [Administrator]
 

Schutz: Deaktiviert
 

14.06.2012 16:32:40

mbam-log-2012-06-14 (21-36-14).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 382419

Laufzeit: 2 Stunde(n), 12 Minute(n), 37 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Programme\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Keine Aktion durchgeführt.

C:\_OTL\MovedFiles\06012012_203034\C_Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe (Trojan.Agent.SZ) -> Keine Aktion durchgeführt.
 

(Ende)

Und hier noch das File von SuperAnti Spyware:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 06/18/2012 at 09:11 PM
 

Application Version : 5.0.1150
 

Core Rules Database Version : 8737

Trace Rules Database Version: 6549
 

Scan type       : Complete Scan

Total Scan Time : 03:13:49
 

Operating System Information

Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)

Administrator
 

Memory items scanned      : 607

Memory threats detected   : 0

Registry items scanned    : 37692

Registry threats detected : 0

File items scanned        : 183390

File threats detected     : 8
 

Adware.Tracking Cookie

        C:\Dokumente und Einstellungen\Hammann\Cookies\TXY9SC48.txt [ /atdmt.com ]

        C:\Dokumente und Einstellungen\Hammann\Cookies\95ZQMI39.txt [ /apmebf.com ]

        C:\Dokumente und Einstellungen\Hammann\Cookies\FWVNNOF1.txt [ /mediaplex.com ]

        C:\Dokumente und Einstellungen\Hammann\Cookies\LM1GJD43.txt [ /doubleclick.net ]

        C:\Dokumente und Einstellungen\Hammann\Cookies\B3F39N1I.txt [ /c.atdmt.com ]

        C:\Dokumente und Einstellungen\Hammann\Cookies\V8PXDWOB.txt [ /serving-sys.com ]

        C:\Dokumente und Einstellungen\Hammann\Cookies\0IT3IQ7I.txt [ /invitemedia.com ]
 

Trojan.Agent/Gen-Multi

        C:\DOKUMENTE UND EINSTELLUNGEN\HAMMANN\EIGENE DATEIEN\ABISCHNITT_2007\FWCENBJP.DLL

Code:

C:\Programme\Alcohol Soft\Alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> Keine Aktion durchgeführt.
 

Trojan.Agent/Gen-Multi

        C:\DOKUMENTE UND EINSTELLUNGEN\HAMMANN\EIGENE DATEIEN\ABISCHNITT_2007\FWCENBJP.DLL

Sollten Fehlalarme sein

Code:

C:\_OTL\MovedFiles\06012012_203034\C_Dokumente und Einstellungen\Hammann\Anwendungsdaten\5e1851.exe (Trojan.Agent.SZ) -> Keine Aktion durchgeführt.

Ein Schädling, den wir mit OTL gefixt haben. Der liegt nun harmlos weil nicht aktiv in der Q von OTL herum

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Ansonsten ist eigentlich alles OK. System läuft auch über längere Zeit einwandfrei...

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Ok hab Alles gemacht.
Vielen Dank nochmal für deine Hilfe!!!