Trojaner-Board - searchnu.com/410

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - searchnu.com/410 (https://www.trojaner-board.de/124783-searchnu-com-410-a.html)

searchnu.com/410

Hallo!

Vermutlich seit der Installation der Software "Free MP3 WMA Converter" habe ich mir den Trojaner "searchnu.com/410" eingefangen. Das äußert sich folgendermaßen: Immer, wenn ich einen Browser öffne, wird automatisch die Seite "hxxp://www.searchnu.com/410?tag=newtab" geöffnet, das Öffnen anderer Seiten über die Adressleiste ist nicht mehr möglich.

Über Hilfe würde ich mich sehr freuen!

Schon einmal vielen Dank und viele Grüße,

Hina

Ich habe gemäß der Anleitung folgende Logfiles erstellt:

Extras.txt

OTL Extras logfile created on: 27.09.2012 16:49:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 64,01% Memory free
3,99 Gb Paging File | 2,70 Gb Available in Paging File | 67,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,40 Gb Total Space | 9,31 Gb Free Space | 21,45% Space Free | Partition Type: NTFS
Drive D: | 68,39 Gb Total Space | 9,52 Gb Free Space | 13,92% Space Free | Partition Type: NTFS

Computer Name: KONSTRUKT-PC | User Name: konstrukt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11031941-BE6B-4DE2-8395-A18A3A25A12A}" = protocol=17 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{29B76703-105B-4541-86C8-D2EB96A66D2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A832083-0BD7-4960-A373-B594863E0871}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{43B4372F-4DE8-420B-B9C9-4C14805036B9}" = protocol=6 | dir=in | app=c:\program files\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{4F3AA094-B195-4DCF-8FC6-FDE588902174}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{5093970D-D694-4608-9804-535415103715}" = protocol=17 | dir=in | app=c:\users\konstrukt\appdata\roaming\dropbox\bin\dropbox.exe |
"{64429C1C-53FC-4CDB-8DBA-0F38800FB563}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\devicesetup.exe |
"{71CAD565-5422-4F7C-80C2-80EFE13BF6D6}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{8C302EEC-D6AB-4C59-9CDA-B1B036C63330}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{9102E217-F68E-458D-960E-12918703D83E}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{95EA6182-4D14-4C2F-8502-C5F51FD6232D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{9C036473-7E31-49C1-A139-DE673A458B7B}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710n-z\bin\hpnetworkcommunicator.exe |
"{B01FD49E-28D1-42C4-9639-A08571A8BCCB}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{B0CC7ACC-6DF0-4750-B6D0-760EA5919031}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{BAAA9C92-8927-4B17-BE27-EBD2A644A70B}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{C9E99473-9804-476A-9364-C50A42EB5D68}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{D6F1CFCC-1C49-4B5D-B889-83F0EC269EB4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{E2DCCD6A-3C93-4A24-80FA-CFF9CBD03B2D}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{E8AD5734-DE43-49F9-A547-D67A5905D0B3}" = protocol=6 | dir=in | app=c:\users\konstrukt\appdata\roaming\dropbox\bin\dropbox.exe |
"{EF46C271-BC82-44B1-ADA3-1CB3929A2710}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{D6C8C484-D48F-4330-99FF-E90E41BF0046}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{2D2C4879-DDB9-4ED3-9710-340ABDA85A54}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003CD4FD-DB3E-4D12-9A34-8C00FA8A680F}" = WirelessControl
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{130E5108-547F-4482-91EE-F45C784E08C7}" = HP Officejet 6500 E710n-z Hilfe
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23DD6DAA-DDEF-41F5-A527-CECF07FA2CAF}" = 1500
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E789BE5-3DE0-498C-8F74-35010DACA2ED}" = Wireless LAN Driver
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{75674E4C-CDE5-4E64-8014-FDF6D9204C4B}" = HP Officejet 6500 E710n-z - Grundlegende Software für das Gerät
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A2101ACC-DC36-42AA-A576-6FD6A8D466DA}" = 1500_Help
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A4C6B32D-5088-40AF-B74D-CDABEF144F04}" = 1500Trb
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB457913-028D-460E-BB4C-D9A6369752CA}" = TouchPad HotKey Utility
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.18
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.094
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Allway Sync_is1" = Allway Sync version 11.4.0
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Ext2Ifs_for_NT6" = Ext2 IFS 1.11a for Windows Vista/2008
"f42012" = f4 2012
"Free Audio Converter_is1" = Free Audio Converter version 5.0.17.903
"GnuPG" = GNU Privacy Guard
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.16
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Opera 11.51.1087" = Opera 11.51
"Samsung ML-1520 Series" = Samsung ML-1520 Series
"Searchqu Toolbar" = Windows Searchqu Toolbar
"SiS VGA Utilities" = SiS VGA Utilities
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TIPP10_is1" = TIPP10 Version 2.1.0
"TrueCrypt" = TrueCrypt
"Update Engine" = Sony Ericsson Update Engine
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"XMind" = XMind

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24.09.2012 02:38:05 | Computer Name = konstrukt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24.09.2012 02:38:06 | Computer Name = konstrukt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24.09.2012 02:38:06 | Computer Name = konstrukt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24.09.2012 02:38:10 | Computer Name = konstrukt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24.09.2012 02:38:10 | Computer Name = konstrukt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24.09.2012 02:38:12 | Computer Name = konstrukt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24.09.2012 02:38:12 | Computer Name = konstrukt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24.09.2012 02:38:16 | Computer Name = konstrukt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24.09.2012 02:38:18 | Computer Name = konstrukt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 24.09.2012 12:54:52 | Computer Name = konstrukt-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung FreeConverter.exe, Version 2.1.0.0, Zeitstempel
0x4efaea1d, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x00222ef4, Prozess-ID 0x14d4, Anwendungsstartzeit
01cd9a7541bef080.

[ System Events ]
Error - 12.01.2012 13:12:24 | Computer Name = konstrukt-PC | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0016446CD7A5 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

Error - 12.01.2012 13:13:15 | Computer Name = konstrukt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.01.2012 13:14:12 | Computer Name = konstrukt-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 12.01.2012 13:36:25 | Computer Name = konstrukt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12.01.2012 13:37:22 | Computer Name = konstrukt-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 12.01.2012 13:39:27 | Computer Name = konstrukt-PC | Source = DCOM | ID = 10005
Description =

Error - 12.01.2012 13:39:27 | Computer Name = konstrukt-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12.01.2012 13:39:27 | Computer Name = konstrukt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15.01.2012 15:11:29 | Computer Name = konstrukt-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 15.01.2012 15:11:45 | Computer Name = konstrukt-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

----

OTL.txt

OTL logfile created on: 27.09.2012 16:49:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,87 Gb Total Physical Memory | 1,20 Gb Available Physical Memory | 64,01% Memory free
3,99 Gb Paging File | 2,70 Gb Available in Paging File | 67,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 43,40 Gb Total Space | 9,31 Gb Free Space | 21,45% Space Free | Partition Type: NTFS
Drive D: | 68,39 Gb Total Space | 9,52 Gb Free Space | 13,92% Space Free | Partition Type: NTFS

Computer Name: KONSTRUKT-PC | User Name: konstrukt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.27 16:48:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012.09.06 15:04:58 | 000,412,672 | ---- | M] (Sciper) -- D:\Downloads\Battery-Tool.exe
PRC - [2012.09.02 13:21:22 | 001,890,744 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.09 20:02:32 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
PRC - [2011.09.12 11:45:30 | 000,094,112 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncappw.exe
PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.08.14 16:41:54 | 000,650,752 | ---- | M] (ITE Tech Inc.) -- C:\Programme\FSC\Wireless Utility\WirelessSelector.exe
PRC - [2007.08.14 13:29:00 | 000,552,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Programme\SiS VGA Utilities\SiSTray.exe
PRC - [2007.08.13 13:47:38 | 000,364,544 | ---- | M] () -- C:\Programme\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
PRC - [2007.08.09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.14 16:05:19 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll
MOD - [2012.06.14 14:48:18 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 14:47:53 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.12 16:20:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 16:20:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.12 16:18:38 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.12 16:16:07 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.12 16:15:28 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.02.17 21:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2011.09.12 11:45:30 | 000,094,112 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncappw.exe
MOD - [2011.09.12 10:16:56 | 007,499,264 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncapp.dll
MOD - [2011.09.12 10:16:02 | 000,043,520 | ---- | M] () -- C:\Programme\Allway Sync\Bin\SyncHook.dll
MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.08.13 13:47:38 | 000,364,544 | ---- | M] () -- C:\Programme\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe

========== Services (SafeList) ==========

SRV - [2012.09.11 11:43:04 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.05 11:42:35 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.10.09 15:55:17 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.12.13 12:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.09.25 18:37:38 | 000,189,888 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\Windows\System32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008.08.28 23:48:16 | 000,060,352 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\Windows\System32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2007.08.14 13:30:02 | 000,456,568 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
DRV - [2007.07.29 17:00:56 | 000,014,168 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007.07.04 10:04:54 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
DRV - [2007.06.13 23:47:00 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2007.01.24 17:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
DRV - [2006.12.05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2006.11.22 10:52:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2006.09.05 10:33:12 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.05.15 15:35:36 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27bus.sys -- (SE27bus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/410
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 B2 1C E6 31 87 CC 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=410&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3
FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2012.02.14
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: beamgeraet@web.de:4.11.0.24
FF - prefs.js..extensions.enabledItems: {5C655500-E712-41e7-9349-CE462F844B19}:0.9
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.10.09 16:57:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 11:43:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 17:38:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.18 10:59:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 11:43:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 17:38:23 | 000,000,000 | ---D | M]

[2012.09.24 18:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\Extensions
[2012.09.27 11:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\Firefox\Profiles\8n9j3n9b.default\extensions
[2012.09.19 22:45:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\konstrukt\AppData\Roaming\mozilla\Firefox\Profiles\8n9j3n9b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.10.09 15:48:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\konstrukt\AppData\Roaming\mozilla\Firefox\Profiles\8n9j3n9b.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.06.24 20:48:38 | 000,073,806 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\CompactMenuCE@Merci.chao.xpi
[2011.10.08 12:11:30 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi
[2012.09.27 11:41:55 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.08.23 11:43:25 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.07.26 17:48:29 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.02.05 14:12:58 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.10.30 09:15:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012.07.25 10:21:08 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.08.20 19:22:36 | 000,172,310 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2012.05.30 12:47:01 | 000,002,314 | ---- | M] () -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\searchplugins\forestle-de.xml
[2012.09.24 18:54:31 | 000,002,515 | ---- | M] () -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\searchplugins\Search_Results.xml
[2012.08.20 19:22:38 | 000,003,915 | ---- | M] () -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\searchplugins\sweetim.xml
[2012.09.24 18:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.30 19:54:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.24 18:54:57 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\WINDOWS SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
[2011.10.09 16:57:09 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2012.09.11 11:43:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.06.07 15:11:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.11 11:43:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.07 15:11:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.07 15:11:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.24 18:54:31 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2012.06.07 15:11:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.07 15:11:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SiSTray] C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [TouchPadHotKey] C:\Programme\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Allway Sync] C:\Program Files\Allway Sync\Bin\syncappw.exe ()
O4 - HKCU..\Run: [Battery-Tool] D:\Downloads\Battery-Tool.exe (Sciper)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01685FE7-16F4-4D64-900D-66FD15290D8B}: DhcpNameServer = 192.168.1.3
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Bilder\Frankreich September 2011\Frankreich September 2011 203.JPG
O24 - Desktop BackupWallPaper: D:\Bilder\Frankreich September 2011\Frankreich September 2011 203.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun
O33 - MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.27 12:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.27 12:22:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.27 12:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.24 19:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.09.24 19:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.09.24 19:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.09.24 19:06:47 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\DVDVideoSoft
[2012.09.24 18:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.09.24 18:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
[2012.09.24 18:54:26 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll
[2012.09.24 18:54:26 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll
[2012.09.24 18:54:26 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll
[2012.09.24 18:54:25 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll
[2012.09.24 18:54:25 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll
[2012.09.24 18:54:25 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll
[2012.09.24 18:54:25 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll
[2012.09.24 18:54:25 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll
[2012.09.24 18:54:23 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\FreeAudioPack
[2012.09.24 18:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter
[2012.09.20 19:14:41 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\TrueCrypt
[2012.09.18 21:07:22 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\Desktop\Hanna Aufnahmegerät
[2012.09.06 18:52:10 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\F4
[2012.09.06 18:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\f4_2012
[2012.09.06 18:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\f4_2012
[2012.09.06 15:36:19 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\Avira
[2012.09.06 15:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.09.06 15:29:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.09.06 15:29:41 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.09.06 15:29:41 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.09.06 15:29:41 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.09.06 15:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.09.06 15:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.09.05 11:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.09.27 16:47:24 | 000,000,000 | ---- | M] () -- C:\Users\konstrukt\defogger_reenable
[2012.09.27 16:25:48 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.27 16:25:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.27 16:25:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.27 15:30:03 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 15:30:03 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 12:26:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.09.27 12:26:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.09.27 12:26:50 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.09.27 12:26:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.09.27 12:22:26 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.27 11:40:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.26 03:21:08 | 2008,219,648 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.24 19:08:55 | 000,002,009 | ---- | M] () -- C:\Users\konstrukt\Desktop\Free Audio Converter.lnk
[2012.09.24 18:54:27 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[2012.09.15 20:14:09 | 000,103,424 | ---- | M] () -- C:\Users\konstrukt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 18:50:23 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\f4_2012.lnk
[2012.09.06 12:37:08 | 000,000,436 | ---- | M] () -- C:\Users\konstrukt\Desktop\Musik.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.09.27 16:47:24 | 000,000,000 | ---- | C] () -- C:\Users\konstrukt\defogger_reenable
[2012.09.27 12:22:26 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.24 19:08:55 | 000,002,009 | ---- | C] () -- C:\Users\konstrukt\Desktop\Free Audio Converter.lnk
[2012.09.24 18:54:27 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
[2012.09.24 18:54:26 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx
[2012.09.06 18:50:23 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\f4_2012.lnk
[2012.09.06 12:36:39 | 000,000,436 | ---- | C] () -- C:\Users\konstrukt\Desktop\Musik.lnk
[2012.08.23 13:02:34 | 000,028,511 | ---- | C] () -- C:\Users\konstrukt\.recently-used.xbel
[2012.07.02 22:23:23 | 000,164,247 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012.07.02 22:15:13 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.10.10 01:07:37 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.10.10 01:07:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.10.10 01:07:37 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.10.10 01:07:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011.10.09 19:16:41 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.10.09 19:16:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.10.09 19:15:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.10.09 19:15:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.10.09 17:30:09 | 000,000,454 | ---- | C] () -- C:\Users\konstrukt\Wissenschaft.lnk
[2011.10.09 17:22:37 | 000,103,424 | ---- | C] () -- C:\Users\konstrukt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.10.09 17:12:51 | 000,000,291 | ---- | C] () -- C:\Users\konstrukt\Download.lnk
[2011.10.09 16:04:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.10.09 16:03:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011.10.09 15:21:03 | 000,000,680 | ---- | C] () -- C:\Users\konstrukt\AppData\Local\d3d9caps.dat
[2011.10.09 14:29:19 | 000,000,022 | ---- | C] () -- C:\Program Files\cdex_151.zip

========== ZeroAccess Check ==========

[2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.08.15 13:02:01 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Azureus
[2011.12.11 12:31:07 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Canneverbe Limited
[2012.08.30 17:26:04 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Dropbox
[2012.09.24 19:09:07 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\DVDVideoSoft
[2012.09.25 16:02:22 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\F4
[2012.09.24 18:55:19 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\FreeAudioPack
[2012.05.16 13:09:59 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\gnupg
[2012.08.23 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\gtk-2.0
[2012.08.03 14:15:02 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Image Zone Express
[2011.11.27 13:47:45 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\KeePass
[2012.08.20 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\MyPhoneExplorer
[2011.10.10 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\OpenOffice.org
[2011.10.09 15:50:24 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Opera
[2011.10.09 16:04:50 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\pdfforge
[2012.07.27 17:22:13 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Printer Info Cache
[2012.05.24 17:05:23 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Swiss Academic Software
[2011.10.10 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Sync App Settings
[2011.10.09 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Thunderbird
[2012.06.06 17:33:49 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TIPP10
[2012.09.20 19:14:41 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TrueCrypt
[2012.08.20 19:23:56 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TuneUp Software

========== Purity Check ==========

< End of report >

----

gmer.txt

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-27 18:05:10
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1200BEVS-22UST0 rev.01.01A01
Running: v9npqzmb.exe; Driver: C:\Users\KONSTR~1\AppData\Local\Temp\ffldruow.sys

---- System - GMER 1.0.15 ----

SSDT 889DC8D6 ZwCreateSection
SSDT 889DC8E0 ZwRequestWaitReplyPort
SSDT 889DC8DB ZwSetContextThread
SSDT 889DC8E5 ZwSetSecurityObject
SSDT 889DC8EA ZwSystemDebugControl
SSDT 889DC877 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 215 820F38D8 4 Bytes [D6, C8, 9D, 88]
.text ntkrnlpa.exe!KeSetEvent + 539 820F3BFC 4 Bytes [E0, C8, 9D, 88]
.text ntkrnlpa.exe!KeSetEvent + 56D 820F3C30 4 Bytes [DB, C8, 9D, 88]
.text ntkrnlpa.exe!KeSetEvent + 5D1 820F3C94 4 Bytes [E5, C8, 9D, 88]
.text ntkrnlpa.exe!KeSetEvent + 619 820F3CDC 4 Bytes [EA, C8, 9D, 88]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!LdrLoadDll 77219378 5 Bytes JMP 62B90C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!NtClose 77254184 5 Bytes JMP 65FA8470 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!NtCreateFile 77254244 5 Bytes JMP 65FA8140 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!NtFlushBuffersFile 77254744 5 Bytes JMP 65FA8270 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!NtLockFile 77254914 5 Bytes JMP 65FA8360 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!NtOpenFile 77254A24 5 Bytes JMP 65FA80C0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!NtQueryInformationFile 77254C94 5 Bytes JMP 65F836F0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!NtReadFile 77254EA4 5 Bytes JMP 65F83550 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!NtSetInformationFile 77255154 5 Bytes JMP 65FA82E0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!NtUnlockFile 77255424 5 Bytes JMP 65FA83F0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] ntdll.dll!NtWriteFile 772554B4 5 Bytes JMP 65FA81E0 C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll (Data Manager/Bandoo Media, inc)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] kernel32.dll!HeapSetInformation + 26 7606A8C0 7 Bytes JMP 62B93FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] kernel32.dll!LockResource + C 76086B0B 7 Bytes JMP 62DC7B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] kernel32.dll!VirtualAllocEx + 54 7608AF70 7 Bytes JMP 62DC7B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2652] GDI32.dll!SetStretchBltMode + 256 75A5745C 7 Bytes JMP 62DC7AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval 604800

---- EOF - GMER 1.0.15 ----

Du hast Malwarebytes installiert - wo sind die Logs dazu? Bitte alle davon posten!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hier kommen die log Dateien. Hatte gestern malwarebytes drüber laufen lassen, aber die infizierte datei zur vorsicht nicht gelöscht.

Danke für deine Hilfe!
Hina

Code:

 Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.11.08
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

konstrukt :: KONSTRUKT-PC [Administrator]
 

11.03.2012 19:32:58

mbam-log-2012-03-11 (19-32-58).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 270654

Laufzeit: 58 Minute(n), 44 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.03.11.08
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

konstrukt :: KONSTRUKT-PC [Administrator]
 

11.03.2012 21:57:39

mbam-log-2012-03-11 (21-57-39).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 271142

Laufzeit: 1 Stunde(n), 34 Minute(n), 11 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.27.04
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

konstrukt :: KONSTRUKT-PC [Administrator]
 

27.09.2012 12:26:23

mbam-log-2012-09-27 (12-26-23).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|J:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 0

Laufzeit: 7 Sekunde(n) [Abgebrochen]
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.09.27.04
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

konstrukt :: KONSTRUKT-PC [Administrator]
 

27.09.2012 12:33:46

mbam-log-2012-09-27 (13-39-47).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|J:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 307153

Laufzeit: 56 Minute(n), 54 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\konstrukt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVBR1AXX\MyPhoneExplorer_v2_5185[1].exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt.
 

(Ende)

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hier kommt die log datei von ESEt online scanner:

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=cbcadbad746d4f4393ae093a4961a7a0

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-28 01:32:51

# local_time=2012-09-28 03:32:51 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 1900364 1900364 0 0

# compatibility_mode=5892 16776573 100 100 16649 186371245 0 0

# compatibility_mode=8192 67108863 100 0 121 121 0 0

# scanned=10803

# found=0

# cleaned=0

# scan_time=628

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=cbcadbad746d4f4393ae093a4961a7a0

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-28 05:00:17

# local_time=2012-09-28 07:00:17 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1792 16777215 100 0 1901170 1901170 0 0

# compatibility_mode=5892 16776573 100 100 17455 186372051 0 0

# compatibility_mode=8192 67108863 100 0 927 927 0 0

# scanned=183309

# found=8

# cleaned=0

# scan_time=12267

C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe        a variant of Win32/Toolbar.SearchSuite.A application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Users\konstrukt\AppData\Local\Temp\SetupDataMngr_Searchqu.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I

D:\$RECYCLE.BIN\S-1-5-21-1911846312-120104458-3615671691-1000\$R07SA97.exe        Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

${Memory}        a variant of Win32/Toolbar.SearchSuite application        00000000000000000000000000000000        I

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Hey cosinus, hier das Ergebnis vom adwcleaner...
lg

Code:

 # AdwCleaner v2.003 - Datei am 09/28/2012 um 21:20:31 erstellt

# Aktualisiert am 23/09/2012 von Xplode

# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)

# Benutzer : konstrukt - KONSTRUKT-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\konstrukt\Desktop\adwcleaner.exe

# Option [Suche]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gefunden : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

Datei Gefunden : C:\Users\KONSTR~1\AppData\Local\Temp\Searchqu.ini

Datei Gefunden : C:\Users\KONSTR~1\AppData\Local\Temp\searchqutoolbar-manifest.xml

Datei Gefunden : C:\Users\KONSTR~1\AppData\Local\Temp\SetupDataMngr_Searchqu.exe

Datei Gefunden : C:\Users\konstrukt\AppData\Roaming\Mozilla\Firefox\Profiles\8n9j3n9b.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

Datei Gefunden : C:\Users\konstrukt\AppData\Roaming\Mozilla\Firefox\Profiles\8n9j3n9b.default\searchplugins\Search_Results.xml

Datei Gefunden : C:\Users\konstrukt\AppData\Roaming\Mozilla\Firefox\Profiles\8n9j3n9b.default\searchplugins\SweetIm.xml

Datei Gefunden : C:\Users\konstrukt\Desktop\sweetpcfix.url

Ordner Gefunden : C:\Program Files\SweetIM

Ordner Gefunden : C:\Program Files\Windows Searchqu Toolbar

Ordner Gefunden : C:\ProgramData\boost_interprocess

Ordner Gefunden : C:\Users\konstrukt\AppData\LocalLow\Searchqutoolbar

Ordner Gefunden : C:\Users\konstrukt\AppData\Roaming\Mozilla\Firefox\Profiles\8n9j3n9b.default\Searchqutoolbar

Ordner Gefunden : C:\Users\konstrukt\AppData\Roaming\pdfforge
 

***** [Registrierungsdatenbank] *****
 

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll 

Schlüssel Gefunden : HKCU\Software\DataMngr

Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar

Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gefunden : HKCU\Software\SweetIm

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}

Schlüssel Gefunden : HKLM\Software\DataMngr

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar

Schlüssel Gefunden : HKLM\Software\SearchquMediabarTb

Schlüssel Gefunden : HKLM\SOFTWARE\Software

Schlüssel Gefunden : HKLM\Software\SweetIm

Schlüssel Gefunden : HKU\S-1-5-21-1911846312-120104458-3615671691-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/410
 

-\\ Mozilla Firefox v15.0.1 (de)
 

Profilname : default 

Datei : C:\Users\konstrukt\AppData\Roaming\Mozilla\Firefox\Profiles\8n9j3n9b.default\prefs.js
 

Gefunden : user_pref("browser.search.defaultenginename", "Search Results");

Gefunden : user_pref("browser.search.order.1", "Search Results");

Gefunden : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
 

-\\ Opera v11.51.1087.0
 

Datei : C:\Users\konstrukt\AppData\Roaming\Opera\Opera\operaprefs.ini
 

Gefunden : Home URL=hxxp://www.searchnu.com/410
 

*************************
 

AdwCleaner[R1].txt - [5372 octets] - [28/09/2012 21:20:31]
 

########## EOF - C:\AdwCleaner[R1].txt - [5432 octets] ##########

Sagmal, ist das ein Firmen-/Büro-PC?

Nein, wie kommst du darauf? Was hab ich denn komisches dadrauf?

Andererseits...mein privates Büro ist er quasi auch, ich mache halt alles mit dem PC...
Sollte ich mir Sorgen machen? (also noch mehr?)

Ja ist auch nun überhaupt nicht zu übersehen!

Benutzername: KONSTRUKT-PC

Zudem eine Business-Editition von Vista ist wirklich nicht gerade verbreitet im Heim-Umfeld!

Firmenrechner werden hier eigentlich nicht bereinigt

Siehe => http://www.trojaner-board.de/108422-...-anfragen.html

Zitat:

3. Grundsätzlich bereinigen wir keine gewerblich genutzten Rechner. Dafür ist die IT Abteilung eurer Firma zuständig.

Bei Kleinunternehmen, welche keinen IT Support haben, machen wir da eine Ausnahme und helfen gerne ( kleine Spende hilft auch uns ).
Voraussetzung: Ihr teilt uns dies in eurer ersten Antwort mit.
Bedenkt jedoch, dass Logfiles viele heikle Informationen enthalten können ( Kundendaten, Bankdaten, etc ) sowie das Malware die Möglichkeit besitzt, diese auszuspähen und zu missbrauchen. Hier legen wir euch ein Formatieren und Neuaufsetzen nahe.

Das ist wirklich kein Firmen-PC. Der Name ist der Überwachungsmaschinerie, (vielleicht paranoid ...) geschuldet und Vista war bei meinem PC mit dabei, hab Buisness statt Home installiert, weil ich dachte, das ist besser.
Ich schhreib gerade meine Abschlussarbeit und bin echt dankbar, dass es Leute gibt, die ihre Zeit daein investieren anderen zu helfen, die wie ich keine Ahnung haben...

Ok, dann glaub ich dir erstmal ;)

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Danke für dein Vertrauen!
(Bin selbst Teil eines kooperativen Projekts.)

Juchu - die Adresszeile funktioniert schon wieder!

Hier die log:

Code:

 # AdwCleaner v2.003 - Datei am 09/28/2012 um 22:33:25 erstellt

# Aktualisiert am 23/09/2012 von Xplode

# Betriebssystem : Windows Vista (TM) Business Service Pack 2 (32 bits)

# Benutzer : konstrukt - KONSTRUKT-PC

# Bootmodus : Normal

# Ausgeführt unter : C:\Users\konstrukt\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Datei Gelöscht : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

Datei Gelöscht : C:\Users\KONSTR~1\AppData\Local\Temp\Searchqu.ini

Datei Gelöscht : C:\Users\KONSTR~1\AppData\Local\Temp\searchqutoolbar-manifest.xml

Datei Gelöscht : C:\Users\KONSTR~1\AppData\Local\Temp\SetupDataMngr_Searchqu.exe

Datei Gelöscht : C:\Users\konstrukt\AppData\Roaming\Mozilla\Firefox\Profiles\8n9j3n9b.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi

Datei Gelöscht : C:\Users\konstrukt\AppData\Roaming\Mozilla\Firefox\Profiles\8n9j3n9b.default\searchplugins\Search_Results.xml

Datei Gelöscht : C:\Users\konstrukt\AppData\Roaming\Mozilla\Firefox\Profiles\8n9j3n9b.default\searchplugins\SweetIm.xml

Datei Gelöscht : C:\Users\konstrukt\Desktop\sweetpcfix.url

Gelöscht mit Neustart : C:\Program Files\Windows Searchqu Toolbar

Ordner Gelöscht : C:\Program Files\SweetIM

Ordner Gelöscht : C:\ProgramData\boost_interprocess

Ordner Gelöscht : C:\Users\konstrukt\AppData\LocalLow\Searchqutoolbar

Ordner Gelöscht : C:\Users\konstrukt\AppData\Roaming\Mozilla\Firefox\Profiles\8n9j3n9b.default\Searchqutoolbar

Ordner Gelöscht : C:\Users\konstrukt\AppData\Roaming\pdfforge
 

***** [Registrierungsdatenbank] *****
 

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll 

Schlüssel Gelöscht : HKCU\Software\DataMngr

Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar

Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gelöscht : HKCU\Software\SweetIm

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}

Schlüssel Gelöscht : HKLM\Software\DataMngr

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar

Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb

Schlüssel Gelöscht : HKLM\SOFTWARE\Software

Schlüssel Gelöscht : HKLM\Software\SweetIm

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]

Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/410 --> hxxp://www.google.com
 

-\\ Mozilla Firefox v15.0.1 (de)
 

Profilname : default 

Datei : C:\Users\konstrukt\AppData\Roaming\Mozilla\Firefox\Profiles\8n9j3n9b.default\prefs.js
 

Gelöscht : user_pref("browser.search.defaultenginename", "Search Results");

Gelöscht : user_pref("browser.search.order.1", "Search Results");

Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=410&sr=0&q=");
 

-\\ Opera v11.51.1087.0
 

Datei : C:\Users\konstrukt\AppData\Roaming\Opera\Opera\operaprefs.ini
 

Gelöscht : Home URL=hxxp://www.searchnu.com/410
 

*************************
 

AdwCleaner[R1].txt - [5501 octets] - [28/09/2012 21:20:31]

AdwCleaner[S1].txt - [5804 octets] - [28/09/2012 22:33:25]
 

########## EOF - C:\AdwCleaner[S1].txt - [5864 octets] ##########

Hätte da mal drei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Werbeeinblendungen bzw Weiterleitungen wie zB Incredibar oder Mystart sind nun weg?

1)Hochfahren war normal, Mailprogramm funktioniert, das offensichtliche scheint zu gehen. Beim Klicken durch die Programme im Startmenü reagiert er recht langsam (kann aber gerade nicht sagen, ob das schon immer so war.
Auf was muss ich noch achten, um zu wissen, ob Windows wieder richtig geht?

2) Im Startmenü unter Programme scheint nichts zu fehlen. es gibt leere Ordner unter C: Programme und zwar: Google, Hewlett-Packard, MSXML 4.0

3) die Weiterleitungen auf searchnu.com/searchqu.com im Browser sind weg und ich kann soweit ersichtlich wieder alle Seiten normal öffnen.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hello, hier die otl-log

OTL Logfile:

Code:

OTL logfile created on: 28.09.2012 23:55:42 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = D:\Downloads

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,87 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 56,18% Memory free

3,99 Gb Paging File | 2,88 Gb Available in Paging File | 72,28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 43,40 Gb Total Space | 9,87 Gb Free Space | 22,74% Space Free | Partition Type: NTFS

Drive D: | 68,39 Gb Total Space | 9,52 Gb Free Space | 13,92% Space Free | Partition Type: NTFS

 

Computer Name: KONSTRUKT-PC | User Name: konstrukt | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.28 23:52:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL(1).exe

PRC - [2012.09.06 15:04:58 | 000,412,672 | ---- | M] (Sciper) -- D:\Downloads\Battery-Tool.exe

PRC - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.07.18 18:04:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.09.14 21:04:08 | 002,742,286 | ---- | M] () -- C:\Programme\Vidalia Bundle\Tor\tor.exe

PRC - [2011.09.12 11:45:30 | 000,094,112 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncappw.exe

PRC - [2011.08.28 03:43:22 | 005,402,115 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe

PRC - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

PRC - [2009.04.10 23:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2007.08.14 16:41:54 | 000,650,752 | ---- | M] (ITE Tech Inc.) -- C:\Programme\FSC\Wireless Utility\WirelessSelector.exe

PRC - [2007.08.14 13:29:00 | 000,552,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\Programme\SiS VGA Utilities\SiSTray.exe

PRC - [2007.08.13 13:47:38 | 000,364,544 | ---- | M] () -- C:\Programme\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe

PRC - [2007.08.09 19:26:42 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.06.14 16:05:19 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\2467a133aee73396c830b9b0a9c7ec0d\Microsoft.VisualBasic.ni.dll

MOD - [2012.06.14 14:48:18 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll

MOD - [2012.06.14 14:47:53 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll

MOD - [2012.05.12 16:20:43 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll

MOD - [2012.05.12 16:20:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll

MOD - [2012.05.12 16:18:38 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll

MOD - [2012.05.12 16:16:07 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012.05.12 16:15:28 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2011.09.14 21:04:08 | 002,742,286 | ---- | M] () -- C:\Programme\Vidalia Bundle\Tor\tor.exe

MOD - [2011.09.12 11:45:30 | 000,094,112 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncappw.exe

MOD - [2011.09.12 10:16:56 | 007,499,264 | ---- | M] () -- C:\Programme\Allway Sync\Bin\syncapp.dll

MOD - [2011.09.12 10:16:02 | 000,043,520 | ---- | M] () -- C:\Programme\Allway Sync\Bin\SyncHook.dll

MOD - [2011.08.28 03:43:22 | 005,402,115 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\vidalia.exe

MOD - [2011.02.14 23:02:58 | 002,417,664 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\QtCore4.dll

MOD - [2010.03.07 05:31:36 | 000,024,110 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\mingwm10.dll

MOD - [2010.02.10 18:36:20 | 009,565,184 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\QtGui4.dll

MOD - [2010.02.10 18:11:00 | 001,148,416 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\QtNetwork4.dll

MOD - [2010.02.10 18:08:16 | 000,398,336 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\QtXml4.dll

MOD - [2009.06.22 20:42:42 | 000,043,008 | ---- | M] () -- C:\Programme\Vidalia Bundle\Vidalia\libgcc_s_dw2-1.dll

MOD - [2009.03.29 21:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2007.08.13 13:47:38 | 000,364,544 | ---- | M] () -- C:\Programme\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.09.11 11:43:04 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.09.05 11:42:35 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.01.18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)

SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012.07.18 18:04:42 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2012.07.18 18:04:42 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2012.07.18 18:04:42 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.10.09 15:55:17 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)

DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.09.05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2008.12.13 12:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2008.09.25 18:37:38 | 000,189,888 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\Windows\System32\drivers\ext2fs.sys -- (Ext2fs)

DRV - [2008.08.28 23:48:16 | 000,060,352 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\Windows\System32\drivers\ifsmount.sys -- (IfsMount)

DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)

DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)

DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)

DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)

DRV - [2007.08.14 13:30:02 | 000,456,568 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)

DRV - [2007.07.29 17:00:56 | 000,014,168 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)

DRV - [2007.07.04 10:04:54 | 000,047,616 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)

DRV - [2007.06.13 23:47:00 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)

DRV - [2007.01.24 17:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)

DRV - [2006.12.05 11:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)

DRV - [2006.11.22 10:52:08 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)

DRV - [2006.09.05 10:33:12 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)

DRV - [2006.05.15 15:35:36 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27bus.sys -- (SE27bus)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com

IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 94 B2 1C E6 31 87 CC 01  [binary data]

IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1911846312-120104458-3615671691-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.openintab: true

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1

FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7

FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68

FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10

FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3

FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2012.02.14

FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10

FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.6

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10

FF - prefs.js..extensions.enabledItems: beamgeraet@web.de:4.11.0.24

FF - prefs.js..extensions.enabledItems: {5C655500-E712-41e7-9349-CE462F844B19}:0.9

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165

FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.02.18

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.10.09 16:57:09 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 11:43:05 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 17:38:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.18 10:59:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.11 11:43:05 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 17:38:23 | 000,000,000 | ---D | M]

 

[2012.09.24 18:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\Extensions

[2012.09.28 22:39:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\Firefox\Profiles\8n9j3n9b.default\extensions

[2012.09.19 22:45:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\konstrukt\AppData\Roaming\mozilla\Firefox\Profiles\8n9j3n9b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.10.09 15:48:56 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\konstrukt\AppData\Roaming\mozilla\Firefox\Profiles\8n9j3n9b.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2012.06.24 20:48:38 | 000,073,806 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\CompactMenuCE@Merci.chao.xpi

[2011.10.08 12:11:30 | 000,097,169 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}.xpi

[2012.09.27 11:41:55 | 000,529,316 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

[2012.08.23 11:43:25 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

[2012.07.26 17:48:29 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.02.05 14:12:58 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

[2011.10.30 09:15:29 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi

[2012.07.25 10:21:08 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi

[2012.05.30 12:47:01 | 000,002,314 | ---- | M] () -- C:\Users\konstrukt\AppData\Roaming\mozilla\firefox\profiles\8n9j3n9b.default\searchplugins\forestle-de.xml

[2012.09.24 18:54:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.08.30 19:54:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2011.10.09 16:57:09 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX

[2012.09.11 11:43:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2012.06.07 15:11:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.11 11:43:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.06.07 15:11:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.07 15:11:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.07 15:11:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.07 15:11:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SiSTray] C:\Programme\SiS VGA Utilities\SiSTray.exe (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [TouchPadHotKey] C:\Programme\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1911846312-120104458-3615671691-1000..\Run: [Allway Sync] C:\Program Files\Allway Sync\Bin\syncappw.exe ()

O4 - HKU\S-1-5-21-1911846312-120104458-3615671691-1000..\Run: [Battery-Tool] D:\Downloads\Battery-Tool.exe (Sciper)

O4 - HKU\S-1-5-21-1911846312-120104458-3615671691-1000..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()

O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.7.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01685FE7-16F4-4D64-900D-66FD15290D8B}: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: D:\Bilder\Frankreich September 2011\Frankreich September 2011 203.JPG

O24 - Desktop BackupWallPaper: D:\Bilder\Frankreich September 2011\Frankreich September 2011 203.JPG

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\Shell - "" = AutoRun

O33 - MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\Shell - "" = AutoRun

O33 - MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun

O33 - MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun

O33 - MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun

O33 - MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun

O33 - MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

MsConfig - StartUpReg: KeePass 2 PreLoad - hkey= - key= - C:\Program Files\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)

MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - C:\Program Files\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)

 

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.28 15:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.09.28 15:18:21 | 002,322,184 | ---- | C] (ESET) -- C:\Users\konstrukt\Desktop\esetsmartinstaller_enu.exe

[2012.09.27 12:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.27 12:22:23 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.09.27 12:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.09.24 19:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2012.09.24 19:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft

[2012.09.24 19:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft

[2012.09.24 19:06:47 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\DVDVideoSoft

[2012.09.24 18:54:26 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioVisu.dll

[2012.09.24 18:54:26 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioRecord.dll

[2012.09.24 18:54:26 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\WMAFile.dll

[2012.09.24 18:54:25 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDesign.dll

[2012.09.24 18:54:25 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudFile.dll

[2012.09.24 18:54:25 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudioInfos.dll

[2012.09.24 18:54:25 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudPlayer.dll

[2012.09.24 18:54:25 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\AudDisplay.dll

[2012.09.24 18:54:23 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\FreeAudioPack

[2012.09.24 18:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Free mp3 Wma Converter

[2012.09.20 19:14:41 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\TrueCrypt

[2012.09.18 21:07:22 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\Desktop\Hanna Aufnahmegerät

[2012.09.06 18:52:10 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\F4

[2012.09.06 18:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\f4_2012

[2012.09.06 18:50:22 | 000,000,000 | ---D | C] -- C:\Program Files\f4_2012

[2012.09.06 15:36:19 | 000,000,000 | ---D | C] -- C:\Users\konstrukt\AppData\Roaming\Avira

[2012.09.06 15:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012.09.06 15:29:42 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2012.09.06 15:29:41 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012.09.06 15:29:41 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2012.09.06 15:29:41 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2012.09.06 15:29:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2012.09.06 15:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012.09.05 11:46:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.28 23:24:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.28 23:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.09.28 22:38:00 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.09.28 22:38:00 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.09.28 22:37:50 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.28 22:37:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.09.28 22:37:34 | 2010,300,416 | -HS- | M] () -- C:\hiberfil.sys

[2012.09.28 21:19:22 | 000,513,501 | ---- | M] () -- C:\Users\konstrukt\Desktop\adwcleaner.exe

[2012.09.28 15:34:21 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.09.28 15:34:21 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.09.28 15:34:21 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.09.28 15:34:21 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.09.28 15:18:23 | 002,322,184 | ---- | M] (ESET) -- C:\Users\konstrukt\Desktop\esetsmartinstaller_enu.exe

[2012.09.27 16:47:24 | 000,000,000 | ---- | M] () -- C:\Users\konstrukt\defogger_reenable

[2012.09.27 12:22:26 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.24 19:08:55 | 000,002,009 | ---- | M] () -- C:\Users\konstrukt\Desktop\Free Audio Converter.lnk

[2012.09.15 20:14:09 | 000,103,424 | ---- | M] () -- C:\Users\konstrukt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.09.06 18:50:23 | 000,000,759 | ---- | M] () -- C:\Users\Public\Desktop\f4_2012.lnk

[2012.09.06 12:37:08 | 000,000,436 | ---- | M] () -- C:\Users\konstrukt\Desktop\Musik.lnk

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.28 21:18:59 | 000,513,501 | ---- | C] () -- C:\Users\konstrukt\Desktop\adwcleaner.exe

[2012.09.27 16:47:24 | 000,000,000 | ---- | C] () -- C:\Users\konstrukt\defogger_reenable

[2012.09.27 12:22:26 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.24 19:08:55 | 000,002,009 | ---- | C] () -- C:\Users\konstrukt\Desktop\Free Audio Converter.lnk

[2012.09.24 18:54:26 | 000,116,296 | ---- | C] () -- C:\Windows\System32\NCTWMAProfiles.prx

[2012.09.06 18:50:23 | 000,000,759 | ---- | C] () -- C:\Users\Public\Desktop\f4_2012.lnk

[2012.09.06 12:36:39 | 000,000,436 | ---- | C] () -- C:\Users\konstrukt\Desktop\Musik.lnk

[2012.08.23 13:02:34 | 000,028,511 | ---- | C] () -- C:\Users\konstrukt\.recently-used.xbel

[2012.07.02 22:23:23 | 000,164,247 | ---- | C] () -- C:\Windows\hpoins19.dat

[2012.07.02 22:15:13 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat

[2011.10.10 01:07:37 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2011.10.10 01:07:37 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2011.10.10 01:07:37 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2011.10.10 01:07:37 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2011.10.09 19:16:41 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.10.09 19:16:30 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011.10.09 19:15:39 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011.10.09 19:15:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011.10.09 17:30:09 | 000,000,454 | ---- | C] () -- C:\Users\konstrukt\Wissenschaft.lnk

[2011.10.09 17:22:37 | 000,103,424 | ---- | C] () -- C:\Users\konstrukt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.10.09 17:12:51 | 000,000,291 | ---- | C] () -- C:\Users\konstrukt\Download.lnk

[2011.10.09 16:04:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2011.10.09 16:03:29 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2011.10.09 15:21:03 | 000,000,680 | ---- | C] () -- C:\Users\konstrukt\AppData\Local\d3d9caps.dat

[2011.10.09 14:29:19 | 000,000,022 | ---- | C] () -- C:\Program Files\cdex_151.zip

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 14:54:18 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 
 ========== LOP Check ==========

 

[2012.08.15 13:02:01 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Azureus

[2011.12.11 12:31:07 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Canneverbe Limited

[2012.08.30 17:26:04 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Dropbox

[2012.09.24 19:09:07 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\DVDVideoSoft

[2012.09.28 15:13:49 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\F4

[2012.09.24 18:55:19 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\FreeAudioPack

[2012.05.16 13:09:59 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\gnupg

[2012.08.23 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\gtk-2.0

[2012.08.03 14:15:02 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Image Zone Express

[2011.11.27 13:47:45 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\KeePass

[2012.08.20 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\MyPhoneExplorer

[2011.10.10 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\OpenOffice.org

[2011.10.09 15:50:24 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Opera

[2012.07.27 17:22:13 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Printer Info Cache

[2012.05.24 17:05:23 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Swiss Academic Software

[2011.10.10 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Sync App Settings

[2011.10.09 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Thunderbird

[2012.06.06 17:33:49 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TIPP10

[2012.09.20 19:14:41 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TrueCrypt

[2012.08.20 19:23:56 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TuneUp Software

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.10.10 14:22:43 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Adobe

[2012.05.10 10:33:02 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Apple Computer

[2012.09.06 15:36:19 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Avira

[2012.08.15 13:02:01 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Azureus

[2011.12.11 12:31:07 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Canneverbe Limited

[2012.08.30 17:26:04 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Dropbox

[2011.12.20 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\dvdcss

[2012.09.24 19:09:07 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\DVDVideoSoft

[2012.09.28 15:13:49 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\F4

[2012.09.24 18:55:19 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\FreeAudioPack

[2012.05.16 13:09:59 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\gnupg

[2012.08.23 13:00:17 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\gtk-2.0

[2012.08.03 14:16:17 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\HP

[2011.10.09 15:21:09 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Identities

[2012.08.03 14:15:02 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Image Zone Express

[2011.10.09 16:09:49 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\InstallShield

[2011.11.27 13:47:45 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\KeePass

[2011.10.09 16:34:21 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Macromedia

[2012.03.11 20:31:40 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Malwarebytes

[2012.08.14 16:34:25 | 000,000,000 | --SD | M] -- C:\Users\konstrukt\AppData\Roaming\Microsoft

[2011.10.09 15:47:31 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Mozilla

[2012.08.20 19:22:32 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\MyPhoneExplorer

[2011.10.10 17:05:03 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\OpenOffice.org

[2011.10.09 15:50:24 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Opera

[2012.07.27 17:22:13 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Printer Info Cache

[2012.09.27 17:10:18 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Skype

[2012.05.24 17:05:23 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Swiss Academic Software

[2011.10.10 17:12:59 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Sync App Settings

[2011.10.09 16:01:38 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Thunderbird

[2012.06.06 17:33:49 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TIPP10

[2012.09.28 23:33:44 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Tor

[2012.09.20 19:14:41 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TrueCrypt

[2012.08.20 19:23:56 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\TuneUp Software

[2012.09.28 10:41:18 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Vidalia

[2012.02.17 23:23:05 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\vlc

[2012.08.22 09:29:39 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\Winamp

[2012.03.11 20:43:16 | 000,000,000 | ---D | M] -- C:\Users\konstrukt\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2012.04.06 11:37:29 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\konstrukt\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe

[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\konstrukt\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.05.04 20:41:38 | 000,872,104 | ---- | M] (Dropbox, Inc.) -- C:\Users\konstrukt\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\konstrukt\AppData\Roaming\Dropbox\bin\Uninstall.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2011.10.09 16:00:17 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys

[2011.10.09 16:00:17 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys

[2011.10.09 16:00:16 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2007.08.22 10:46:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys

[2007.08.22 10:46:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys

[2007.01.05 22:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2007.08.22 10:51:14 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2007.08.22 10:51:14 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 <           >

[2006.11.02 15:01:23 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

[2006.11.02 15:01:23 | 000,032,550 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.04.28 10:53:41 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[2012.08.01 18:40:59 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2012.08.01 18:41:01 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 

< End of report >

--- --- ---

nächtliche Grüße Hina

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - user.js - File not found

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\Shell - "" = AutoRun

O33 - MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\Shell - "" = AutoRun

O33 - MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun

O33 - MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun

O33 - MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun

O33 - MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\Shell - "" = AutoRun

O33 - MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe

:Files

C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe

C:\Program Files\Windows Searchqu Toolbar

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

So hier mal wieder eine log-file:

Code:

 All processes killed

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52fb2aa4-3945-11e1-b6c8-00a0d1ca3ca6}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52fb2ab7-3945-11e1-b6c8-00a0d1ca3ca6}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a856-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a859-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a8aa-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b26a8ab-2a6b-11e1-807e-00a0d1ca3ca6}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f16548ad-399e-11e1-8299-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f16548ad-399e-11e1-8299-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f16548ad-399e-11e1-8299-806e6f6e6963}\ not found.

File F:\AutoRun.exe not found.

========== FILES ==========

C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe moved successfully.

File\Folder C:\Program Files\Windows Searchqu Toolbar not found.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\konstrukt\Desktop\cmd.bat deleted successfully.

C:\Users\konstrukt\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: konstrukt

->Temp folder emptied: 26575628 bytes

->Temporary Internet Files folder emptied: 58620183 bytes

->Java cache emptied: 11584 bytes

->FireFox cache emptied: 173954865 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 916 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 216860086 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 675840 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 12277717 bytes

RecycleBin emptied: 493343111 bytes

 

Total Files Cleaned = 937,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 09292012_010845
 

Files\Folders moved on Reboot...
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Ich weiss leider nicht, wie lange ich mich noch wach halten kann und bin dann aber leider bis Montag morgen nicht online. Vll hast du aber auch eine grobe Ahnung wie lange wir noch brauchen würden; oder es geht dir genauso (zzzz)... schon mal vielen, vielen dank!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

tadddaa...

Code:

 01:37:56.0023 0252  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

01:37:56.0226 0252  ============================================================

01:37:56.0226 0252  Current date / time: 2012/09/29 01:37:56.0226

01:37:56.0226 0252  SystemInfo:

01:37:56.0226 0252  

01:37:56.0226 0252  OS Version: 6.0.6002 ServicePack: 2.0

01:37:56.0226 0252  Product type: Workstation

01:37:56.0242 0252  ComputerName: KONSTRUKT-PC

01:37:56.0242 0252  UserName: konstrukt

01:37:56.0242 0252  Windows directory: C:\Windows

01:37:56.0242 0252  System windows directory: C:\Windows

01:37:56.0242 0252  Processor architecture: Intel x86

01:37:56.0242 0252  Number of processors: 2

01:37:56.0242 0252  Page size: 0x1000

01:37:56.0242 0252  Boot type: Normal boot

01:37:56.0242 0252  ============================================================

01:37:57.0724 0252  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

01:37:57.0724 0252  ============================================================

01:37:57.0724 0252  \Device\Harddisk0\DR0:

01:37:57.0724 0252  MBR partitions:

01:37:57.0724 0252  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x56CE000

01:37:57.0724 0252  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x56CE800, BlocksNum 0x88C5800

01:37:57.0724 0252  ============================================================

01:37:57.0771 0252  C: <-> \Device\Harddisk0\DR0\Partition1

01:37:57.0817 0252  D: <-> \Device\Harddisk0\DR0\Partition2

01:37:57.0817 0252  ============================================================

01:37:57.0817 0252  Initialize success

01:37:57.0817 0252  ============================================================

01:38:16.0881 2416  ============================================================

01:38:16.0881 2416  Scan started

01:38:16.0881 2416  Mode: Manual; SigCheck; TDLFS; 

01:38:16.0881 2416  ============================================================

01:38:17.0661 2416  ================ Scan system memory ========================

01:38:17.0661 2416  System memory - ok

01:38:17.0661 2416  ================ Scan services =============================

01:38:17.0863 2416  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys

01:38:18.0113 2416  ACPI - ok

01:38:18.0207 2416  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

01:38:18.0238 2416  AdobeARMservice - ok

01:38:18.0316 2416  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

01:38:18.0363 2416  AdobeFlashPlayerUpdateSvc - ok

01:38:18.0425 2416  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

01:38:18.0487 2416  adp94xx - ok

01:38:18.0534 2416  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci         C:\Windows\system32\drivers\adpahci.sys

01:38:18.0581 2416  adpahci - ok

01:38:18.0612 2416  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys

01:38:18.0643 2416  adpu160m - ok

01:38:18.0675 2416  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320         C:\Windows\system32\drivers\adpu320.sys

01:38:18.0706 2416  adpu320 - ok

01:38:18.0753 2416  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

01:38:18.0893 2416  AeLookupSvc - ok

01:38:18.0955 2416  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys

01:38:19.0033 2416  AFD - ok

01:38:19.0080 2416  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys

01:38:19.0111 2416  aic78xx - ok

01:38:19.0158 2416  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe

01:38:19.0314 2416  ALG - ok

01:38:19.0345 2416  [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide          C:\Windows\system32\drivers\aliide.sys

01:38:19.0377 2416  aliide - ok

01:38:19.0408 2416  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

01:38:19.0439 2416  amdagp - ok

01:38:19.0470 2416  [ 6F65F4147C54398D7280B18CEBBED215 ] amdide          C:\Windows\system32\drivers\amdide.sys

01:38:19.0501 2416  amdide - ok

01:38:19.0533 2416  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys

01:38:19.0767 2416  AmdK7 - ok

01:38:19.0798 2416  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

01:38:19.0938 2416  AmdK8 - ok

01:38:20.0032 2416  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe

01:38:20.0110 2416  AntiVirSchedulerService - ok

01:38:20.0157 2416  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe

01:38:20.0188 2416  AntiVirService - ok

01:38:20.0235 2416  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll

01:38:20.0281 2416  Appinfo - ok

01:38:20.0359 2416  [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt         C:\Windows\System32\appmgmts.dll

01:38:20.0437 2416  AppMgmt - ok

01:38:20.0469 2416  [ 5F673180268BB1FDB69C99B6619FE379 ] arc             C:\Windows\system32\drivers\arc.sys

01:38:20.0500 2416  arc - ok

01:38:20.0515 2416  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys

01:38:20.0562 2416  arcsas - ok

01:38:20.0609 2416  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

01:38:20.0687 2416  AsyncMac - ok

01:38:20.0734 2416  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys

01:38:20.0765 2416  atapi - ok

01:38:20.0859 2416  [ 2846F5EE802889D500FCF5CC48B28381 ] athr            C:\Windows\system32\DRIVERS\athr.sys

01:38:21.0077 2416  athr - ok

01:38:21.0155 2416  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

01:38:21.0233 2416  AudioEndpointBuilder - ok

01:38:21.0264 2416  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll

01:38:21.0311 2416  Audiosrv - ok

01:38:21.0358 2416  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys

01:38:21.0405 2416  avgntflt - ok

01:38:21.0436 2416  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys

01:38:21.0467 2416  avipbb - ok

01:38:21.0483 2416  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys

01:38:21.0514 2416  avkmgr - ok

01:38:21.0576 2416  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys

01:38:21.0654 2416  Beep - ok

01:38:21.0717 2416  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll

01:38:21.0826 2416  BFE - ok

01:38:21.0904 2416  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll

01:38:22.0044 2416  BITS - ok

01:38:22.0060 2416  blbdrive - ok

01:38:22.0138 2416  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

01:38:22.0185 2416  bowser - ok

01:38:22.0231 2416  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys

01:38:22.0309 2416  BrFiltLo - ok

01:38:22.0341 2416  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys

01:38:22.0403 2416  BrFiltUp - ok

01:38:22.0450 2416  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll

01:38:22.0528 2416  Browser - ok

01:38:22.0559 2416  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys

01:38:22.0668 2416  Brserid - ok

01:38:22.0699 2416  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys

01:38:22.0824 2416  BrSerWdm - ok

01:38:22.0840 2416  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys

01:38:22.0965 2416  BrUsbMdm - ok

01:38:22.0965 2416  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys

01:38:23.0089 2416  BrUsbSer - ok

01:38:23.0121 2416  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

01:38:23.0245 2416  BTHMODEM - ok

01:38:23.0308 2416  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

01:38:23.0401 2416  cdfs - ok

01:38:23.0433 2416  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

01:38:23.0511 2416  cdrom - ok

01:38:23.0573 2416  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll

01:38:23.0651 2416  CertPropSvc - ok

01:38:23.0682 2416  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys

01:38:23.0791 2416  circlass - ok

01:38:23.0838 2416  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys

01:38:23.0885 2416  CLFS - ok

01:38:23.0963 2416  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

01:38:23.0994 2416  clr_optimization_v2.0.50727_32 - ok

01:38:24.0088 2416  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

01:38:24.0119 2416  clr_optimization_v4.0.30319_32 - ok

01:38:24.0166 2416  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys

01:38:24.0244 2416  CmBatt - ok

01:38:24.0275 2416  [ 59172A0724F2AB769F31D61B0571D75B ] cmdide          C:\Windows\system32\drivers\cmdide.sys

01:38:24.0306 2416  cmdide - ok

01:38:24.0353 2416  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys

01:38:24.0384 2416  Compbatt - ok

01:38:24.0400 2416  COMSysApp - ok

01:38:24.0431 2416  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

01:38:24.0462 2416  crcdisk - ok

01:38:24.0478 2416  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys

01:38:24.0603 2416  Crusoe - ok

01:38:24.0649 2416  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

01:38:24.0712 2416  CryptSvc - ok

01:38:24.0774 2416  [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC             C:\Windows\system32\drivers\csc.sys

01:38:24.0868 2416  CSC - ok

01:38:24.0930 2416  [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService      C:\Windows\System32\cscsvc.dll

01:38:25.0024 2416  CscService - ok

01:38:25.0086 2416  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll

01:38:25.0180 2416  DcomLaunch - ok

01:38:25.0211 2416  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

01:38:25.0273 2416  DfsC - ok

01:38:25.0398 2416  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe

01:38:25.0601 2416  DFSR - ok

01:38:25.0648 2416  [ 770471DE2550820FEEB7E5D24BF2E273 ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys

01:38:25.0679 2416  DgiVecp ( UnsignedFile.Multi.Generic ) - warning

01:38:25.0679 2416  DgiVecp - detected UnsignedFile.Multi.Generic (1)

01:38:25.0741 2416  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll

01:38:25.0819 2416  Dhcp - ok

01:38:25.0851 2416  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys

01:38:25.0897 2416  disk - ok

01:38:25.0960 2416  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll

01:38:26.0022 2416  Dnscache - ok

01:38:26.0053 2416  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll

01:38:26.0131 2416  dot3svc - ok

01:38:26.0194 2416  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys

01:38:26.0287 2416  Dot4 - ok

01:38:26.0350 2416  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys

01:38:26.0428 2416  Dot4Print - ok

01:38:26.0459 2416  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys

01:38:26.0537 2416  dot4usb - ok

01:38:26.0584 2416  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll

01:38:26.0662 2416  DPS - ok

01:38:26.0724 2416  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

01:38:26.0771 2416  drmkaud - ok

01:38:26.0833 2416  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

01:38:26.0927 2416  DXGKrnl - ok

01:38:26.0974 2416  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys

01:38:27.0083 2416  E1G60 - ok

01:38:27.0130 2416  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll

01:38:27.0192 2416  EapHost - ok

01:38:27.0239 2416  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys

01:38:27.0270 2416  Ecache - ok

01:38:27.0333 2416  [ D71233D7CCC2E64F8715A20428D5A33B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys

01:38:27.0348 2416  ElbyCDIO - ok

01:38:27.0395 2416  [ E8F3F21A71720C84BCF423B80028359F ] elxstor         C:\Windows\system32\drivers\elxstor.sys

01:38:27.0442 2416  elxstor - ok

01:38:27.0504 2416  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll

01:38:27.0629 2416  EMDMgmt - ok

01:38:27.0676 2416  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll

01:38:27.0754 2416  EventSystem - ok

01:38:27.0785 2416  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys

01:38:27.0863 2416  exfat - ok

01:38:27.0925 2416  [ 920AE11441C78C00C6CF084993C817F8 ] Ext2fs          C:\Windows\system32\DRIVERS\ext2fs.sys

01:38:27.0957 2416  Ext2fs - ok

01:38:28.0019 2416  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

01:38:28.0081 2416  fastfat - ok

01:38:28.0144 2416  [ DFBA0F60FA301E5B1BFB1403A93EE23E ] Fax             C:\Windows\system32\fxssvc.exe

01:38:28.0206 2416  Fax - ok

01:38:28.0269 2416  [ 63BDADA84951B9C03E641800E176898A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

01:38:28.0393 2416  fdc - ok

01:38:28.0425 2416  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll

01:38:28.0487 2416  fdPHost - ok

01:38:28.0534 2416  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll

01:38:28.0643 2416  FDResPub - ok

01:38:28.0659 2416  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

01:38:28.0690 2416  FileInfo - ok

01:38:28.0721 2416  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

01:38:28.0783 2416  Filetrace - ok

01:38:28.0815 2416  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

01:38:28.0939 2416  flpydisk - ok

01:38:28.0986 2416  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

01:38:29.0017 2416  FltMgr - ok

01:38:29.0111 2416  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll

01:38:29.0236 2416  FontCache - ok

01:38:29.0314 2416  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

01:38:29.0345 2416  FontCache3.0.0.0 - ok

01:38:29.0376 2416  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

01:38:29.0439 2416  Fs_Rec - ok

01:38:29.0485 2416  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

01:38:29.0517 2416  gagp30kx - ok

01:38:29.0595 2416  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll

01:38:29.0704 2416  gpsvc - ok

01:38:29.0829 2416  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe

01:38:29.0844 2416  gupdate - ok

01:38:29.0860 2416  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe

01:38:29.0891 2416  gupdatem - ok

01:38:29.0938 2416  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

01:38:30.0063 2416  HdAudAddService - ok

01:38:30.0125 2416  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

01:38:30.0234 2416  HDAudBus - ok

01:38:30.0281 2416  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys

01:38:30.0390 2416  HidBth - ok

01:38:30.0406 2416  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys

01:38:30.0515 2416  HidIr - ok

01:38:30.0562 2416  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\system32\hidserv.dll

01:38:30.0609 2416  hidserv - ok

01:38:30.0640 2416  [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb          C:\Windows\system32\drivers\hidusb.sys

01:38:30.0749 2416  HidUsb - ok

01:38:30.0796 2416  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll

01:38:30.0889 2416  hkmsvc - ok

01:38:30.0921 2416  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys

01:38:30.0952 2416  HpCISSs - ok

01:38:31.0108 2416  [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

01:38:31.0123 2416  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

01:38:31.0123 2416  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

01:38:31.0155 2416  [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

01:38:31.0170 2416  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

01:38:31.0170 2416  hpqddsvc - detected UnsignedFile.Multi.Generic (1)

01:38:31.0233 2416  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys

01:38:31.0342 2416  HTTP - ok

01:38:31.0420 2416  [ 92CA47DA32009CCC00A5ADED04ABBD78 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys

01:38:31.0467 2416  hwdatacard - ok

01:38:31.0529 2416  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp           C:\Windows\system32\drivers\i2omp.sys

01:38:31.0560 2416  i2omp - ok

01:38:31.0623 2416  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

01:38:31.0701 2416  i8042prt - ok

01:38:31.0732 2416  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys

01:38:31.0763 2416  iaStorV - ok

01:38:31.0857 2416  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

01:38:31.0966 2416  idsvc - ok

01:38:31.0997 2416  [ 45D7414BDDA6A6E4C887598EE47FDB16 ] IfsMount        C:\Windows\system32\DRIVERS\ifsmount.sys

01:38:32.0028 2416  IfsMount - ok

01:38:32.0059 2416  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

01:38:32.0091 2416  iirsp - ok

01:38:32.0137 2416  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll

01:38:32.0231 2416  IKEEXT - ok

01:38:32.0356 2416  [ 97CAC2A7E92FFCB30C15101AB002ED30 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

01:38:32.0527 2416  IntcAzAudAddService - ok

01:38:32.0559 2416  [ E5EA1C17DA5065032E346591FF64F3AF ] intelide        C:\Windows\system32\drivers\intelide.sys

01:38:32.0590 2416  intelide - ok

01:38:32.0637 2416  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

01:38:32.0715 2416  intelppm - ok

01:38:32.0761 2416  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

01:38:32.0824 2416  IPBusEnum - ok

01:38:32.0855 2416  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

01:38:32.0933 2416  IpFilterDriver - ok

01:38:32.0980 2416  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll

01:38:33.0042 2416  iphlpsvc - ok

01:38:33.0058 2416  IpInIp - ok

01:38:33.0089 2416  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys

01:38:33.0198 2416  IPMIDRV - ok

01:38:33.0214 2416  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys

01:38:33.0323 2416  IPNAT - ok

01:38:33.0339 2416  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

01:38:33.0417 2416  IRENUM - ok

01:38:33.0432 2416  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

01:38:33.0463 2416  isapnp - ok

01:38:33.0526 2416  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys

01:38:33.0557 2416  iScsiPrt - ok

01:38:33.0588 2416  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys

01:38:33.0619 2416  iteatapi - ok

01:38:33.0635 2416  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys

01:38:33.0666 2416  iteraid - ok

01:38:33.0713 2416  [ C1632FE31D1824A43DEA29725312E3FA ] JRAID           C:\Windows\system32\drivers\jraid.sys

01:38:33.0760 2416  JRAID - ok

01:38:33.0807 2416  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

01:38:33.0838 2416  kbdclass - ok

01:38:33.0869 2416  [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys

01:38:33.0978 2416  kbdhid - ok

01:38:34.0009 2416  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe

01:38:34.0072 2416  KeyIso - ok

01:38:34.0119 2416  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

01:38:34.0197 2416  KSecDD - ok

01:38:34.0243 2416  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll

01:38:34.0431 2416  KtmRm - ok

01:38:34.0477 2416  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll

01:38:34.0524 2416  LanmanServer - ok

01:38:34.0587 2416  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

01:38:34.0618 2416  LanmanWorkstation - ok

01:38:34.0680 2416  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

01:38:34.0758 2416  lltdio - ok

01:38:34.0805 2416  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

01:38:34.0883 2416  lltdsvc - ok

01:38:34.0914 2416  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll

01:38:35.0055 2416  lmhosts - ok

01:38:35.0101 2416  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

01:38:35.0133 2416  LSI_FC - ok

01:38:35.0148 2416  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

01:38:35.0195 2416  LSI_SAS - ok

01:38:35.0226 2416  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

01:38:35.0257 2416  LSI_SCSI - ok

01:38:35.0304 2416  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys

01:38:35.0382 2416  luafv - ok

01:38:35.0413 2416  [ D153B14FC6598EAE8422A2037553ADCE ] megasas         C:\Windows\system32\drivers\megasas.sys

01:38:35.0460 2416  megasas - ok

01:38:35.0491 2416  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll

01:38:35.0585 2416  MMCSS - ok

01:38:35.0616 2416  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys

01:38:35.0694 2416  Modem - ok

01:38:35.0741 2416  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

01:38:35.0803 2416  monitor - ok

01:38:35.0835 2416  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

01:38:35.0866 2416  mouclass - ok

01:38:35.0897 2416  [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid          C:\Windows\system32\drivers\mouhid.sys

01:38:36.0022 2416  mouhid - ok

01:38:36.0053 2416  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys

01:38:36.0084 2416  MountMgr - ok

01:38:36.0162 2416  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

01:38:36.0193 2416  MozillaMaintenance - ok

01:38:36.0225 2416  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys

01:38:36.0256 2416  mpio - ok

01:38:36.0287 2416  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

01:38:36.0349 2416  mpsdrv - ok

01:38:36.0412 2416  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll

01:38:36.0490 2416  MpsSvc - ok

01:38:36.0521 2416  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys

01:38:36.0552 2416  Mraid35x - ok

01:38:36.0599 2416  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

01:38:36.0661 2416  MRxDAV - ok

01:38:36.0708 2416  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

01:38:36.0755 2416  mrxsmb - ok

01:38:36.0802 2416  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

01:38:36.0864 2416  mrxsmb10 - ok

01:38:36.0911 2416  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

01:38:36.0958 2416  mrxsmb20 - ok

01:38:36.0973 2416  [ 86068B8B54A5EB092F51657F00B2222A ] msahci          C:\Windows\system32\drivers\msahci.sys

01:38:37.0020 2416  msahci - ok

01:38:37.0036 2416  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

01:38:37.0083 2416  msdsm - ok

01:38:37.0129 2416  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe

01:38:37.0192 2416  MSDTC - ok

01:38:37.0270 2416  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

01:38:37.0348 2416  Msfs - ok

01:38:37.0410 2416  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

01:38:37.0441 2416  msisadrv - ok

01:38:37.0488 2416  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

01:38:37.0566 2416  MSiSCSI - ok

01:38:37.0582 2416  msiserver - ok

01:38:37.0629 2416  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

01:38:37.0707 2416  MSKSSRV - ok

01:38:37.0738 2416  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

01:38:37.0816 2416  MSPCLOCK - ok

01:38:37.0831 2416  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

01:38:37.0909 2416  MSPQM - ok

01:38:37.0956 2416  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

01:38:38.0003 2416  MsRPC - ok

01:38:38.0034 2416  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

01:38:38.0065 2416  mssmbios - ok

01:38:38.0065 2416  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

01:38:38.0159 2416  MSTEE - ok

01:38:38.0206 2416  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys

01:38:38.0237 2416  Mup - ok

01:38:38.0284 2416  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll

01:38:38.0346 2416  napagent - ok

01:38:38.0409 2416  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

01:38:38.0455 2416  NativeWifiP - ok

01:38:38.0518 2416  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys

01:38:38.0580 2416  NDIS - ok

01:38:38.0611 2416  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

01:38:38.0674 2416  NdisTapi - ok

01:38:38.0689 2416  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

01:38:38.0767 2416  Ndisuio - ok

01:38:38.0783 2416  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

01:38:38.0845 2416  NdisWan - ok

01:38:38.0877 2416  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

01:38:38.0939 2416  NDProxy - ok

01:38:39.0001 2416  [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

01:38:39.0017 2416  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

01:38:39.0017 2416  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

01:38:39.0048 2416  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

01:38:39.0111 2416  NetBIOS - ok

01:38:39.0142 2416  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys

01:38:39.0220 2416  netbt - ok

01:38:39.0251 2416  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe

01:38:39.0282 2416  Netlogon - ok

01:38:39.0313 2416  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll

01:38:39.0391 2416  Netman - ok

01:38:39.0438 2416  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll

01:38:39.0516 2416  netprofm - ok

01:38:39.0563 2416  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

01:38:39.0594 2416  NetTcpPortSharing - ok

01:38:39.0641 2416  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

01:38:39.0672 2416  nfrd960 - ok

01:38:39.0703 2416  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll

01:38:39.0797 2416  NlaSvc - ok

01:38:39.0859 2416  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

01:38:39.0906 2416  Npfs - ok

01:38:39.0953 2416  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll

01:38:40.0047 2416  nsi - ok

01:38:40.0062 2416  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

01:38:40.0140 2416  nsiproxy - ok

01:38:40.0218 2416  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

01:38:40.0359 2416  Ntfs - ok

01:38:40.0405 2416  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys

01:38:40.0515 2416  ntrigdigi - ok

01:38:40.0546 2416  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys

01:38:40.0608 2416  Null - ok

01:38:40.0639 2416  [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

01:38:40.0717 2416  nvraid - ok

01:38:40.0733 2416  [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

01:38:40.0780 2416  nvstor - ok

01:38:40.0811 2416  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

01:38:40.0842 2416  nv_agp - ok

01:38:40.0858 2416  NwlnkFlt - ok

01:38:40.0873 2416  NwlnkFwd - ok

01:38:40.0905 2416  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys

01:38:41.0014 2416  ohci1394 - ok

01:38:41.0107 2416  [ DA345DE3B450E9E1691E7B9956D8FFC3 ] OMSI download service C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

01:38:41.0123 2416  OMSI download service ( UnsignedFile.Multi.Generic ) - warning

01:38:41.0123 2416  OMSI download service - detected UnsignedFile.Multi.Generic (1)

01:38:41.0185 2416  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll

01:38:41.0341 2416  p2pimsvc - ok

01:38:41.0357 2416  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll

01:38:41.0419 2416  p2psvc - ok

01:38:41.0482 2416  [ DCA942C0A19A0AD2ABCD9ACF94EB4B10 ] PAC207          C:\Windows\system32\DRIVERS\PFC027.SYS

01:38:41.0560 2416  PAC207 - ok

01:38:41.0591 2416  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys

01:38:41.0716 2416  Parport - ok

01:38:41.0763 2416  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys

01:38:41.0794 2416  partmgr - ok

01:38:41.0809 2416  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys

01:38:41.0919 2416  Parvdm - ok

01:38:41.0965 2416  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll

01:38:42.0012 2416  PcaSvc - ok

01:38:42.0059 2416  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys

01:38:42.0106 2416  pci - ok

01:38:42.0168 2416  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys

01:38:42.0199 2416  pciide - ok

01:38:42.0231 2416  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

01:38:42.0262 2416  pcmcia - ok

01:38:42.0340 2416  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

01:38:42.0511 2416  PEAUTH - ok

01:38:42.0699 2416  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll

01:38:42.0855 2416  pla - ok

01:38:42.0917 2416  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

01:38:42.0964 2416  PlugPlay - ok

01:38:42.0995 2416  [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

01:38:43.0026 2416  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

01:38:43.0026 2416  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

01:38:43.0057 2416  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll

01:38:43.0120 2416  PNRPAutoReg - ok

01:38:43.0167 2416  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll

01:38:43.0213 2416  PNRPsvc - ok

01:38:43.0291 2416  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

01:38:43.0385 2416  PolicyAgent - ok

01:38:43.0447 2416  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

01:38:43.0525 2416  PptpMiniport - ok

01:38:43.0572 2416  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor       C:\Windows\system32\drivers\processr.sys

01:38:43.0713 2416  Processor - ok

01:38:43.0759 2416  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll

01:38:43.0837 2416  ProfSvc - ok

01:38:43.0869 2416  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

01:38:43.0915 2416  ProtectedStorage - ok

01:38:44.0040 2416  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys

01:38:44.0134 2416  PSched - ok

01:38:44.0181 2416  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys

01:38:44.0305 2416  ql2300 - ok

01:38:44.0337 2416  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

01:38:44.0368 2416  ql40xx - ok

01:38:44.0415 2416  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll

01:38:44.0477 2416  QWAVE - ok

01:38:44.0508 2416  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

01:38:44.0539 2416  QWAVEdrv - ok

01:38:44.0571 2416  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

01:38:44.0649 2416  RasAcd - ok

01:38:44.0664 2416  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll

01:38:44.0727 2416  RasAuto - ok

01:38:44.0789 2416  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

01:38:44.0867 2416  Rasl2tp - ok

01:38:44.0914 2416  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll

01:38:44.0976 2416  RasMan - ok

01:38:45.0101 2416  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

01:38:45.0179 2416  RasPppoe - ok

01:38:45.0210 2416  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

01:38:45.0257 2416  RasSstp - ok

01:38:45.0335 2416  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

01:38:45.0413 2416  rdbss - ok

01:38:45.0460 2416  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

01:38:45.0522 2416  RDPCDD - ok

01:38:45.0616 2416  [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys

01:38:45.0694 2416  rdpdr - ok

01:38:45.0725 2416  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

01:38:45.0819 2416  RDPENCDD - ok

01:38:46.0006 2416  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

01:38:46.0115 2416  RDPWD - ok

01:38:46.0177 2416  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll

01:38:46.0271 2416  RemoteAccess - ok

01:38:46.0318 2416  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll

01:38:46.0380 2416  RemoteRegistry - ok

01:38:46.0443 2416  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe

01:38:46.0474 2416  RpcLocator - ok

01:38:46.0661 2416  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll

01:38:46.0755 2416  RpcSs - ok

01:38:46.0817 2416  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

01:38:46.0879 2416  rspndr - ok

01:38:46.0942 2416  [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys

01:38:46.0973 2416  s0016bus - ok

01:38:47.0004 2416  [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys

01:38:47.0035 2416  s0016mdfl - ok

01:38:47.0082 2416  [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys

01:38:47.0113 2416  s0016mdm - ok

01:38:47.0145 2416  [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys

01:38:47.0176 2416  s0016mgmt - ok

01:38:47.0191 2416  [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys

01:38:47.0223 2416  s0016nd5 - ok

01:38:47.0238 2416  [ 36792935847143E4A3CDA0DC87248487 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys

01:38:47.0269 2416  s0016obex - ok

01:38:47.0285 2416  [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys

01:38:47.0316 2416  s0016unic - ok

01:38:47.0347 2416  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe

01:38:47.0379 2416  SamSs - ok

01:38:47.0410 2416  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

01:38:47.0441 2416  sbp2port - ok

01:38:47.0488 2416  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

01:38:47.0550 2416  SCardSvr - ok

01:38:47.0613 2416  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll

01:38:47.0691 2416  Schedule - ok

01:38:47.0706 2416  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll

01:38:47.0769 2416  SCPolicySvc - ok

01:38:47.0815 2416  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

01:38:47.0878 2416  SDRSVC - ok

01:38:47.0909 2416  [ 59A9EB4073A39895AF314780D0A032FA ] SE27bus         C:\Windows\system32\DRIVERS\SE27bus.sys

01:38:47.0940 2416  SE27bus ( UnsignedFile.Multi.Generic ) - warning

01:38:47.0940 2416  SE27bus - detected UnsignedFile.Multi.Generic (1)

01:38:47.0971 2416  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

01:38:48.0081 2416  secdrv - ok

01:38:48.0096 2416  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll

01:38:48.0174 2416  seclogon - ok

01:38:48.0221 2416  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll

01:38:48.0299 2416  SENS - ok

01:38:48.0330 2416  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys

01:38:48.0439 2416  Serenum - ok

01:38:48.0471 2416  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys

01:38:48.0595 2416  Serial - ok

01:38:48.0642 2416  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

01:38:48.0705 2416  sermouse - ok

01:38:48.0751 2416  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll

01:38:48.0829 2416  SessionEnv - ok

01:38:48.0845 2416  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

01:38:48.0892 2416  sffdisk - ok

01:38:48.0907 2416  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

01:38:48.0939 2416  sffp_mmc - ok

01:38:48.0970 2416  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

01:38:49.0001 2416  sffp_sd - ok

01:38:49.0017 2416  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

01:38:49.0157 2416  sfloppy - ok

01:38:49.0282 2416  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

01:38:49.0360 2416  SharedAccess - ok

01:38:49.0407 2416  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

01:38:49.0469 2416  ShellHWDetection - ok

01:38:49.0531 2416  [ 98506361720D79C108377CBD2904ECB8 ] SiS6350         C:\Windows\system32\DRIVERS\SISGRKMD.sys

01:38:49.0578 2416  SiS6350 - ok

01:38:49.0609 2416  [ DF1AF7F5F1EC7800B3AC398ACC06C754 ] SISAGP          C:\Windows\system32\DRIVERS\SISAGPX.sys

01:38:49.0656 2416  SISAGP - ok

01:38:49.0703 2416  [ 7A83BA25421C3254B4A133F2EC7C46AD ] SiSGbeLH        C:\Windows\system32\DRIVERS\SiSGB6.sys

01:38:49.0765 2416  SiSGbeLH - ok

01:38:49.0797 2416  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys

01:38:49.0828 2416  SiSRaid2 - ok

01:38:49.0859 2416  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

01:38:49.0890 2416  SiSRaid4 - ok

01:38:50.0109 2416  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

01:38:50.0483 2416  Skype C2C Service - ok

01:38:50.0577 2416  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe

01:38:50.0608 2416  SkypeUpdate - ok

01:38:50.0811 2416  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe

01:38:51.0107 2416  slsvc - ok

01:38:51.0154 2416  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll

01:38:51.0232 2416  SLUINotify - ok

01:38:51.0263 2416  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

01:38:51.0310 2416  Smb - ok

01:38:51.0372 2416  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

01:38:51.0403 2416  SNMPTRAP - ok

01:38:51.0481 2416  [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe

01:38:51.0513 2416  Sony PC Companion - ok

01:38:51.0544 2416  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys

01:38:51.0591 2416  spldr - ok

01:38:51.0637 2416  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe

01:38:51.0669 2416  Spooler - ok

01:38:51.0715 2416  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys

01:38:51.0793 2416  srv - ok

01:38:51.0840 2416  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

01:38:51.0887 2416  srv2 - ok

01:38:51.0934 2416  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

01:38:51.0981 2416  srvnet - ok

01:38:52.0012 2416  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

01:38:52.0090 2416  SSDPSRV - ok

01:38:52.0137 2416  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys

01:38:52.0168 2416  ssmdrv - ok

01:38:52.0199 2416  [ 5F77725EC309DE1242D8EFC8E9259A9F ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys

01:38:52.0230 2416  SSPORT ( UnsignedFile.Multi.Generic ) - warning

01:38:52.0230 2416  SSPORT - detected UnsignedFile.Multi.Generic (1)

01:38:52.0261 2416  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

01:38:52.0324 2416  SstpSvc - ok

01:38:52.0371 2416  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys

01:38:52.0417 2416  StillCam - ok

01:38:52.0480 2416  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll

01:38:52.0542 2416  stisvc - ok

01:38:52.0573 2416  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

01:38:52.0605 2416  swenum - ok

01:38:52.0651 2416  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll

01:38:52.0745 2416  swprv - ok

01:38:52.0761 2416  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys

01:38:52.0792 2416  Symc8xx - ok

01:38:52.0823 2416  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys

01:38:52.0854 2416  Sym_hi - ok

01:38:52.0870 2416  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys

01:38:52.0901 2416  Sym_u3 - ok

01:38:52.0963 2416  [ 9131B8AB722629A33649D6DEEE4FBFBE ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys

01:38:53.0010 2416  SynTP - ok

01:38:53.0041 2416  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll

01:38:53.0260 2416  SysMain - ok

01:38:53.0322 2416  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

01:38:53.0416 2416  TabletInputService - ok

01:38:53.0463 2416  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll

01:38:53.0525 2416  TapiSrv - ok

01:38:53.0556 2416  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll

01:38:53.0650 2416  TBS - ok

01:38:53.0712 2416  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

01:38:53.0821 2416  Tcpip - ok

01:38:53.0884 2416  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys

01:38:53.0977 2416  Tcpip6 - ok

01:38:54.0024 2416  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

01:38:54.0055 2416  tcpipreg - ok

01:38:54.0102 2416  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

01:38:54.0180 2416  TDPIPE - ok

01:38:54.0211 2416  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

01:38:54.0274 2416  TDTCP - ok

01:38:54.0289 2416  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

01:38:54.0367 2416  tdx - ok

01:38:54.0383 2416  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

01:38:54.0414 2416  TermDD - ok

01:38:54.0445 2416  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll

01:38:54.0539 2416  TermService - ok

01:38:54.0586 2416  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll

01:38:54.0633 2416  Themes - ok

01:38:54.0648 2416  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll

01:38:54.0711 2416  THREADORDER - ok

01:38:54.0757 2416  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll

01:38:54.0820 2416  TrkWks - ok

01:38:54.0867 2416  [ 746B8CF9CEDEDDD865472544EDF626DA ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys

01:38:54.0898 2416  truecrypt - ok

01:38:54.0945 2416  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

01:38:54.0991 2416  TrustedInstaller - ok

01:38:55.0038 2416  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

01:38:55.0116 2416  tssecsrv - ok

01:38:55.0163 2416  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys

01:38:55.0194 2416  tunmp - ok

01:38:55.0225 2416  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

01:38:55.0257 2416  tunnel - ok

01:38:55.0303 2416  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys

01:38:55.0335 2416  uagp35 - ok

01:38:55.0381 2416  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

01:38:55.0428 2416  udfs - ok

01:38:55.0491 2416  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

01:38:55.0569 2416  UI0Detect - ok

01:38:55.0600 2416  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

01:38:55.0631 2416  uliagpkx - ok

01:38:55.0662 2416  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci         C:\Windows\system32\drivers\uliahci.sys

01:38:55.0709 2416  uliahci - ok

01:38:55.0725 2416  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys

01:38:55.0771 2416  UlSata - ok

01:38:55.0787 2416  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys

01:38:55.0834 2416  ulsata2 - ok

01:38:55.0881 2416  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

01:38:55.0959 2416  umbus - ok

01:38:55.0990 2416  [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService    C:\Windows\System32\umrdp.dll

01:38:56.0037 2416  UmRdpService - ok

01:38:56.0083 2416  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll

01:38:56.0177 2416  upnphost - ok

01:38:56.0224 2416  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

01:38:56.0271 2416  usbccgp - ok

01:38:56.0302 2416  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

01:38:56.0411 2416  usbcir - ok

01:38:56.0458 2416  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

01:38:56.0520 2416  usbehci - ok

01:38:56.0567 2416  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

01:38:56.0661 2416  usbhub - ok

01:38:56.0692 2416  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys

01:38:56.0754 2416  usbohci - ok

01:38:56.0801 2416  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

01:38:56.0863 2416  usbprint - ok

01:38:56.0926 2416  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

01:38:56.0988 2416  usbscan - ok

01:38:57.0004 2416  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

01:38:57.0066 2416  USBSTOR - ok

01:38:57.0097 2416  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

01:38:57.0207 2416  usbuhci - ok

01:38:57.0238 2416  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys

01:38:57.0316 2416  usbvideo - ok

01:38:57.0363 2416  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll

01:38:57.0425 2416  UxSms - ok

01:38:57.0456 2416  [ FCE98C43B5C5DB8E0DA8EA0E2B45E044 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys

01:38:57.0503 2416  VClone - ok

01:38:57.0534 2416  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe

01:38:57.0643 2416  vds - ok

01:38:57.0675 2416  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

01:38:57.0799 2416  vga - ok

01:38:57.0846 2416  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys

01:38:57.0909 2416  VgaSave - ok

01:38:57.0924 2416  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys

01:38:57.0955 2416  viaagp - ok

01:38:57.0987 2416  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7           C:\Windows\system32\drivers\viac7.sys

01:38:58.0111 2416  ViaC7 - ok

01:38:58.0143 2416  [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide          C:\Windows\system32\drivers\viaide.sys

01:38:58.0174 2416  viaide - ok

01:38:58.0189 2416  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

01:38:58.0236 2416  volmgr - ok

01:38:58.0283 2416  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

01:38:58.0345 2416  volmgrx - ok

01:38:58.0392 2416  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

01:38:58.0501 2416  volsnap - ok

01:38:58.0517 2416  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

01:38:58.0564 2416  vsmraid - ok

01:38:58.0642 2416  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe

01:38:58.0751 2416  VSS - ok

01:38:58.0813 2416  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll

01:38:58.0891 2416  W32Time - ok

01:38:58.0923 2416  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

01:38:59.0047 2416  WacomPen - ok

01:38:59.0094 2416  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys

01:38:59.0141 2416  Wanarp - ok

01:38:59.0157 2416  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

01:38:59.0203 2416  Wanarpv6 - ok

01:38:59.0281 2416  [ 20B23332885DFB93FE0185362EE811E9 ] wbengine        C:\Windows\system32\wbengine.exe

01:38:59.0375 2416  wbengine - ok

01:38:59.0422 2416  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll

01:38:59.0515 2416  wcncsvc - ok

01:38:59.0562 2416  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

01:38:59.0640 2416  WcsPlugInService - ok

01:38:59.0687 2416  [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd              C:\Windows\system32\drivers\wd.sys

01:38:59.0718 2416  Wd - ok

01:38:59.0781 2416  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

01:38:59.0843 2416  Wdf01000 - ok

01:38:59.0874 2416  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

01:38:59.0952 2416  WdiServiceHost - ok

01:38:59.0968 2416  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

01:39:00.0030 2416  WdiSystemHost - ok

01:39:00.0061 2416  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll

01:39:00.0108 2416  WebClient - ok

01:39:00.0155 2416  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll

01:39:00.0217 2416  Wecsvc - ok

01:39:00.0233 2416  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

01:39:00.0311 2416  wercplsupport - ok

01:39:00.0358 2416  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll

01:39:00.0420 2416  WerSvc - ok

01:39:00.0498 2416  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

01:39:00.0529 2416  WinDefend - ok

01:39:00.0545 2416  WinHttpAutoProxySvc - ok

01:39:00.0623 2416  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

01:39:00.0685 2416  Winmgmt - ok

01:39:00.0763 2416  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll

01:39:00.0888 2416  WinRM - ok

01:39:00.0951 2416  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll

01:39:01.0013 2416  Wlansvc - ok

01:39:01.0060 2416  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys

01:39:01.0169 2416  WmiAcpi - ok

01:39:01.0216 2416  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

01:39:01.0294 2416  wmiApSrv - ok

01:39:01.0387 2416  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

01:39:01.0512 2416  WMPNetworkSvc - ok

01:39:01.0559 2416  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

01:39:01.0621 2416  WPDBusEnum - ok

01:39:01.0684 2416  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys

01:39:01.0731 2416  WpdUsb - ok

01:39:01.0871 2416  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

01:39:01.0949 2416  WPFFontCache_v0400 - ok

01:39:01.0996 2416  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

01:39:02.0058 2416  ws2ifsl - ok

01:39:02.0105 2416  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll

01:39:02.0136 2416  wscsvc - ok

01:39:02.0152 2416  WSearch - ok

01:39:02.0277 2416  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

01:39:02.0448 2416  wuauserv - ok

01:39:02.0511 2416  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

01:39:02.0573 2416  WUDFRd - ok

01:39:02.0620 2416  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

01:39:02.0713 2416  wudfsvc - ok

01:39:02.0760 2416  [ BDFA6A3A7CE1D083889B316A484A356A ] zntport         C:\Windows\system32\drivers\zntport.sys

01:39:02.0791 2416  zntport - ok

01:39:02.0823 2416  ================ Scan global ===============================

01:39:02.0885 2416  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

01:39:02.0916 2416  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

01:39:02.0963 2416  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

01:39:03.0010 2416  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

01:39:03.0025 2416  [Global] - ok

01:39:03.0025 2416  ================ Scan MBR ==================================

01:39:03.0041 2416  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

01:39:03.0821 2416  \Device\Harddisk0\DR0 - ok

01:39:03.0821 2416  ================ Scan VBR ==================================

01:39:03.0821 2416  [ 4EF172DD7A4CD5924A084A0D200D08F7 ] \Device\Harddisk0\DR0\Partition1

01:39:03.0837 2416  \Device\Harddisk0\DR0\Partition1 - ok

01:39:03.0883 2416  [ 7DEB30EC83B59E080D7E47ECD9B29CFF ] \Device\Harddisk0\DR0\Partition2

01:39:03.0883 2416  \Device\Harddisk0\DR0\Partition2 - ok

01:39:03.0883 2416  ============================================================

01:39:03.0883 2416  Scan finished

01:39:03.0883 2416  ============================================================

01:39:03.0915 1940  Detected object count: 8

01:39:03.0915 1940  Actual detected object count: 8

01:39:29.0530 1940  DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user

01:39:29.0530 1940  DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip 

01:39:29.0530 1940  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

01:39:29.0530 1940  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

01:39:29.0545 1940  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

01:39:29.0545 1940  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

01:39:29.0545 1940  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

01:39:29.0545 1940  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

01:39:29.0561 1940  OMSI download service ( UnsignedFile.Multi.Generic ) - skipped by user

01:39:29.0561 1940  OMSI download service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

01:39:29.0561 1940  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

01:39:29.0561 1940  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

01:39:29.0561 1940  SE27bus ( UnsignedFile.Multi.Generic ) - skipped by user

01:39:29.0561 1940  SE27bus ( UnsignedFile.Multi.Generic ) - User select action: Skip 

01:39:29.0561 1940  SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user

01:39:29.0561 1940  SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo!
Hier die combofix-log...

Combofix Logfile:

Code:

ComboFix 12-09-30.03 - konstrukt 01.10.2012  11:02:15.1.2 - x86

Microsoft® Windows Vista™ Business   6.0.6002.2.1252.49.1031.18.1916.1071 [GMT 2:00]

ausgeführt von:: c:\users\konstrukt\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\konstrukt\AppData\Local\assembly\tmp

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-09-01 bis 2012-10-01  ))))))))))))))))))))))))))))))

.

.

2012-10-01 09:09 . 2012-10-01 09:09        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-09-30 21:16 . 2012-09-30 21:16        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE1DDFDF-4A6F-4C0B-944F-724178E6D951}\offreg.dll

2012-09-28 23:08 . 2012-09-28 23:08        --------        d-----w-        C:\_OTL

2012-09-28 13:20 . 2012-09-28 13:20        --------        d-----w-        c:\program files\ESET

2012-09-28 08:44 . 2012-08-30 08:17        6980552        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE1DDFDF-4A6F-4C0B-944F-724178E6D951}\mpengine.dll

2012-09-27 10:22 . 2012-09-27 10:22        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-09-27 10:22 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-09-24 17:08 . 2012-09-24 17:08        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft

2012-09-24 17:08 . 2012-09-24 17:08        --------        d-----w-        c:\program files\DVDVideoSoft

2012-09-24 17:06 . 2012-09-24 17:09        --------        d-----w-        c:\users\konstrukt\AppData\Roaming\DVDVideoSoft

2012-09-20 17:14 . 2012-09-20 17:14        --------        d-----w-        c:\users\konstrukt\AppData\Roaming\TrueCrypt

2012-09-11 09:43 . 2012-09-11 09:43        73696        ----a-w-        c:\program files\Mozilla Firefox\breakpadinjector.dll

2012-09-06 16:52 . 2012-09-28 13:13        --------        d-----w-        c:\users\konstrukt\AppData\Roaming\F4

2012-09-06 16:50 . 2012-09-06 16:50        --------        d-----w-        c:\program files\f4_2012

2012-09-06 13:36 . 2012-09-06 13:36        --------        d-----w-        c:\users\konstrukt\AppData\Roaming\Avira

2012-09-06 13:29 . 2012-07-18 16:04        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-09-06 13:29 . 2012-07-18 16:04        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-09-06 13:29 . 2012-07-18 16:04        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-09-06 13:29 . 2012-09-06 13:29        --------        d-----w-        c:\programdata\Avira

2012-09-06 13:29 . 2012-09-06 13:29        --------        d-----w-        c:\program files\Avira

2012-09-05 09:46 . 2012-09-05 09:46        --------        d-----w-        c:\program files\Common Files\Java

2012-09-05 09:46 . 2012-09-05 09:45        93672        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-05 09:45 . 2012-08-14 15:01        821736        ----a-w-        c:\windows\system32\npDeployJava1.dll

2012-09-05 09:45 . 2011-10-09 13:55        746984        ----a-w-        c:\windows\system32\deployJava1.dll

2012-09-05 09:42 . 2012-04-28 08:53        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-09-05 09:42 . 2011-10-09 14:33        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-04 14:02 . 2012-08-15 11:00        2047488        ----a-w-        c:\windows\system32\win32k.sys

2012-09-11 09:43 . 2011-10-09 13:40        266720        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        94208        ----a-w-        c:\users\konstrukt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        94208        ----a-w-        c:\users\konstrukt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32        94208        ----a-w-        c:\users\konstrukt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2011-08-28 5402115]

"Allway Sync"="c:\program files\Allway Sync\Bin\syncappw.exe" [2011-09-12 94112]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]

"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-05-16 213936]

"Battery-Tool"="d:\downloads\Battery-Tool.exe" [2012-09-06 412672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-08-14 552960]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 869936]

"TouchPadHotKey"="c:\program files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-08-13 364544]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WirelessSelector.lnk - c:\program files\FSC\Wireless Utility\WirelessSelector.exe [2011-10-9 650752]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2012-07-18 16:04        348664        ----a-w-        c:\program files\Avira\AntiVir Desktop\avgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]

2011-07-12 08:01        1764352        ----a-w-        c:\program files\KeePass Password Safe 2\KeePass.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2007-08-03 11:22        1826816        ----a-w-        c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]

2011-03-07 13:33        89456        ----a-w-        c:\program files\VirtualCloneDrive\VCDDaemon.exe

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 09:42]

.

2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-01 16:40]

.

2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-01 16:40]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com

IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\konstrukt\AppData\Roaming\Mozilla\Firefox\Profiles\8n9j3n9b.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-10-01 11:09

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]

"value"="?\04\05\06\09$,e"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(5024)

c:\users\konstrukt\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

Zeit der Fertigstellung: 2012-10-01  11:12:29

ComboFix-quarantined-files.txt  2012-10-01 09:12

.

Vor Suchlauf: 7 Verzeichnis(se), 11.357.327.360 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 11.177.992.192 Bytes frei

.

- - End Of File - - 9C0FCE4342F9F0A57818720C7818702D

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hier schon mal die logs von Gmer und Osam...

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-10-01 16:01:12

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD1200BEVS-22UST0 rev.01.01A01

Running: g60modso.exe; Driver: C:\Users\KONSTR~1\AppData\Local\Temp\ffldruow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            8A308506                                                                                            ZwCreateSection

SSDT            8A308510                                                                                            ZwRequestWaitReplyPort

SSDT            8A30850B                                                                                            ZwSetContextThread

SSDT            8A308515                                                                                            ZwSetSecurityObject

SSDT            8A30851A                                                                                            ZwSystemDebugControl

SSDT            8A3084A7                                                                                            ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                       820E98D8 4 Bytes  [06, 85, 30, 8A]

.text           ntkrnlpa.exe!KeSetEvent + 539                                                                       820E9BFC 4 Bytes  [10, 85, 30, 8A]

.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                       820E9C30 4 Bytes  [0B, 85, 30, 8A]

.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                       820E9C94 4 Bytes  [15, 85, 30, 8A]

.text           ntkrnlpa.exe!KeSetEvent + 619                                                                       820E9CDC 4 Bytes  [1A, 85, 30, 8A]

.text           ...                                                                                                 
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                [74BE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                 [74C2B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]             [74BEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]       [74BDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                 [74BE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]              [74BDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]  [74C173F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]     [74BEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]             [74BDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]              [74BDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]               [74BD71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]       [74C6CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]          [74C0C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]             [74BDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                       [74BD6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                      [74BD687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT             C:\Windows\Explorer.EXE[624] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]         [74BE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                             Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Code:

 

OSAM Logfile:
 

        Code:


        
Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 16:10:56 on 01.10.2012
 

OS: Windows Vista Business Edition Service Pack 2 (Build 6002), 32-bit

Default Browser: Mozilla Corporation Firefox 15.0.1
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\Users\KONSTR~1\AppData\Local\Temp\catchme.sys  (File not found)

"DgiVecp" (DgiVecp) - "Samsung Electronics Co., Ltd." - C:\Windows\system32\Drivers\DgiVecp.sys

"ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys

"Ext2fs" (Ext2fs) - "Stephan Schreiber" - C:\Windows\System32\DRIVERS\ext2fs.sys

"ffldruow" (ffldruow) - ? - C:\Users\KONSTR~1\AppData\Local\Temp\ffldruow.sys  (Hidden registry entry, rootkit activity | File not found)

"IfsMount" (IfsMount) - "Stephan Schreiber" - C:\Windows\System32\DRIVERS\ifsmount.sys

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"NTPort Library Driver" (zntport) - "Zeal SoftStudio" - C:\Windows\system32\drivers\zntport.sys

"Sony Ericsson Device 039 Driver driver (WDM)" (SE27bus) - "MCCI" - C:\Windows\System32\DRIVERS\SE27bus.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys

"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{B7056B8E-4F99-44f8-8CBD-282390FE5428} "VirtualCloneDrive Shell Extension" - "Elaborate Bytes AG" - C:\Program Files\VirtualCloneDrive\ElbyVCDShell.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
 

[Logon]

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"WirelessSelector.lnk" - "ITE Tech Inc." - C:\Program Files\FSC\Wireless Utility\WirelessSelector.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Allway Sync" - ? - "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m

"Battery-Tool" - "Sciper" - D:\Downloads\Battery-Tool.exe

"ISUSPM" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

"Vidalia" - ? - "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"HP Software Update" - "Hewlett-Packard Co." - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

"SiSTray" - "Silicon Integrated Systems Corporation" - %ProgramFiles%\SiS VGA Utilities\SiSTray.exe

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"TouchPadHotKey" - ? - C:\Program Files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"HP Discovery Port Monitor (HP Officejet 6500 E710n-z)" - "Hewlett-Packard Co." - C:\Windows\system32\HPDiscoPM5412.dll

"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe

"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)

"Sony PC Companion" (Sony PC Companion) - "Avanquest Software" - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===

 
--- --- ---
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR schon fertig?

und hier der aswMBR scan:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-10-01 16:17:19

-----------------------------

16:17:19.041    OS Version: Windows 6.0.6002 Service Pack 2

16:17:19.041    Number of processors: 2 586 0xF0D

16:17:19.041    ComputerName: KONSTRUKT-PC  UserName: konstrukt

16:17:20.211    Initialize success

16:18:24.881    AVAST engine defs: 12100100

16:27:42.487    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1

16:27:42.487    Disk 0 Vendor: WDC_WD1200BEVS-22UST0 01.01A01 Size: 114473MB BusType: 3

16:27:42.705    Disk 0 MBR read successfully

16:27:42.721    Disk 0 MBR scan

16:27:42.768    Disk 0 Windows VISTA default MBR code

16:27:42.830    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        44444 MB offset 2048

16:27:42.908    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        70027 MB offset 91023360

16:27:43.033    Disk 0 scanning sectors +234438656

16:27:43.548    Disk 0 scanning C:\Windows\system32\drivers

16:29:25.868    Service scanning

16:29:55.103    Modules scanning

16:31:40.605    Disk 0 trace - called modules:

16:31:40.683    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 

16:31:40.699    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x853c8298]

16:31:40.715    3 CLASSPNP.SYS[87bc68b3] -> nt!IofCallDriver -> [0x84d26918]

16:31:40.730    5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x84d115e0]

16:31:41.323    AVAST engine scan C:\Windows

16:32:28.513    AVAST engine scan C:\Windows\system32

16:47:03.501    AVAST engine scan C:\Windows\system32\drivers

16:47:23.391    AVAST engine scan C:\Users\konstrukt

16:51:38.997    AVAST engine scan C:\ProgramData

16:54:24.045    Scan finished successfully

17:09:16.943    Disk 0 MBR has been saved successfully to "C:\Users\konstrukt\Desktop\MBR.dat"

17:09:16.958    The log file has been saved successfully to "C:\Users\konstrukt\Desktop\aswMBR.txt"

danke!!!

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Guten Morgen, hat etwas gedauert...
Das ist ja sehr erfreulich, dass wir uns dem Ende nähern!

Hier die SuperAntiSpyware log

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 10/03/2012 at 01:35 AM
 

Application Version : 5.5.1022
 

Core Rules Database Version : 9329

Trace Rules Database Version: 7141
 

Scan type       : Complete Scan

Total Scan Time : 01:19:07
 

Operating System Information

Windows Vista Business 32-bit, Service Pack 2 (Build 6.00.6002)

UAC On - Administrator
 

Memory items scanned      : 639

Memory threats detected   : 0

Registry items scanned    : 33755

Registry threats detected : 0

File items scanned        : 59422

File threats detected     : 43
 

Adware.Tracking Cookie

        C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\BZLVGZTU.txt [ /doubleclick.net ]

        C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\N4XLE32E.txt [ /atdmt.com ]

        C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\FAOAUQNK.txt [ /adfarm1.adition.com ]

        C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\SHKF72JX.txt [ /zanox.com ]

        C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\Q2MCWAEP.txt [ /mediaplex.com ]

        C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\VDY0MMUL.txt [ /ad.zanox.com ]

        C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\SK4978YC.txt [ /c.atdmt.com ]

        C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\B05KJEN0.txt [ /apmebf.com ]

        C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\CI7J6TL5.txt [ /atdmt.com ]

        C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\ITYKV0KJ.txt [ /imrworldwide.com ]

        C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\EGVK3TA0.txt [ /ad1.adfarm1.adition.com ]

        C:\Users\konstrukt\AppData\Roaming\Microsoft\Windows\Cookies\4JIBRW3S.txt [ /fastclick.net ]

        C:\USERS\KONSTRUKT\Cookies\BZLVGZTU.txt [ Cookie:konstrukt@doubleclick.net/ ]

        C:\USERS\KONSTRUKT\Cookies\N4XLE32E.txt [ Cookie:konstrukt@atdmt.com/ ]

        C:\USERS\KONSTRUKT\Cookies\SHKF72JX.txt [ Cookie:konstrukt@zanox.com/ ]

        C:\USERS\KONSTRUKT\Cookies\VDY0MMUL.txt [ Cookie:konstrukt@ad.zanox.com/ ]

        C:\USERS\KONSTRUKT\Cookies\SK4978YC.txt [ Cookie:konstrukt@c.atdmt.com/ ]

        C:\USERS\KONSTRUKT\Cookies\B05KJEN0.txt [ Cookie:konstrukt@apmebf.com/ ]

        C:\USERS\KONSTRUKT\Cookies\CI7J6TL5.txt [ Cookie:konstrukt@atdmt.com/ ]

        C:\USERS\KONSTRUKT\Cookies\ITYKV0KJ.txt [ Cookie:konstrukt@imrworldwide.com/cgi-bin ]

        C:\USERS\KONSTRUKT\Cookies\4JIBRW3S.txt [ Cookie:konstrukt@fastclick.net/ ]

        .imrworldwide.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        www.bluecounter.de [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        accounts.youtube.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        .statcounter.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        accounts.google.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        de.sitestat.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        www.tracker.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        www.tracker.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        www.countrymusicnews.de [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        media.video-mv.de [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        .deutschepostag.112.2o7.net [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        count.primawebtools.de [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        www.etracker.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        .estat.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

        .apmebf.com [ C:\USERS\KONSTRUKT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8N9J3N9B.DEFAULT\COOKIES.SQLITE ]

und die Malwarebytes log

Code:

 

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.10.02.07
 

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

konstrukt :: KONSTRUKT-PC [Administrator]
 

02.10.2012 18:24:58

mbam-log-2012-10-02 (18-24-58).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|J:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 305171

Laufzeit: 1 Stunde(n), 42 Minute(n), 47 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Liebe_r cosinus!
Leider keine Zeit gehabt früher zu antworten...

Nein, es funktioniert alles wieder (bis auf eine Ausnahme s.u.) - dank dir!

Ich habe noch ein paar kleinere Fragen: Kann ich das Programm, mit dem ich mir vermutlich searchnu eingfangen habe wieder nutzen? Und ich verstehe nicht, wie ich es vermeiden kann, dass sowas wieder passiert. Ich hab das Programm bei chip runtergeladen und antivir nach dem runterladen drüberlaufen lassen und auch eigentlich darauf geachtet alle häkchen zu entfernen... Konntest du sehen, an welchem Programm searchnu hing, war es überhaupt der vermutete wma to wav converter?

Ein kleines Problem gibt es noch und das ist "tor". Wenn ich den PC starte sagt tor, dass es eine alte version ist. Ich habe versucht "Vidalia Bundle" zu deinstallieren, aber es öffnet sich beim Hochfahren trotzdem tor. Kann das was mit dem alten Problem zu tun haben, oder soll ich es woanders posten?

Vielen, vielen Dank nochmal für deine Hilfe - ich bin sehr beeindruckt von deiner Arbeit und deinem/eurem Wissen und deiner Hilfe!

LG Hina

Wenn du nicht weißt was TOR ist, dann lass es ein

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.