Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677" (https://www.trojaner-board.de/125185-bekomme-meldung-troj-jsredir-hz-mw-js-jj677.html)

StefHei 04.10.2012 23:11
Bekomme Meldung "Troj/JSRedir-HZ" und "MW:JS:JJ677"
 
Hallo!

Auf einigen von mir ins Netz gestellten Webseiten wird der Aufruf mit der Meldung über den trojaner "Troj/JSRedir-HZ" abgewiesen. Dies ist nur an meinem PC beim Arbeitgeber der Fall. Zu Hause kommen keine solchen Meldungen. Ein Online-Scan der Webseiten über "labs.sucuri.net" ergibt folgenden Fund: "MW:JS:JJ677". Um sicher zu sein, dass die Ursache nicht bei meinem Heimrechner liegt, poste ich das Problem hier.

Danke schonmal für's "Annehmen" des Problems!

1. Defogger hat nichts gefunden
2. Malwarebytes (Quickscna) auch nichts
3. OTL:

Code:
OTL logfile created on: 04.10.2012 23:07:41 - Run 1
OTL by OldTimer - Version 3.2.70.2    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,90% Memory free
4,24 Gb Paging File | 2,43 Gb Available in Paging File | 57,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 112,15 Gb Free Space | 25,17% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 11,03 Gb Free Space | 54,72% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.04 23:07:30 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.10.04 23:05:33 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
PRC - [2012.09.26 20:14:15 | 004,780,928 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012.09.09 16:06:47 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012.09.07 17:04:44 | 000,981,656 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.08.08 17:36:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.06.06 11:41:48 | 001,823,160 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.09 19:20:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 19:20:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 19:20:27 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.11.11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.11.11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.28 14:48:58 | 000,974,848 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011.03.30 17:44:58 | 001,324,008 | ---- | M] (Iminent) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe
PRC - [2011.01.22 16:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011.01.22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2010.04.30 13:47:28 | 001,086,760 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2007.11.14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.10.04 23:05:33 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
MOD - [2012.10.04 22:02:21 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.10.04 22:02:21 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.06.18 21:10:41 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
MOD - [2012.06.18 20:40:57 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.18 20:40:39 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.15 19:15:11 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.28 10:04:13 | 005,457,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\2c3e80bf92ccaab8fa9102919c60e419\System.Xml.ni.dll
MOD - [2012.05.28 10:04:09 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ac40d23be2c4ad58c8d22eca5a8297f1\System.Configuration.ni.dll
MOD - [2012.05.14 08:21:49 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.02.12 20:49:06 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.02.12 20:49:06 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011.11.11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.11.11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011.08.12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.08.12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.08.12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.08.12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.08.12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011.04.19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011.04.19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011.03.30 17:45:12 | 000,016,360 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll
MOD - [2011.03.30 17:45:06 | 000,236,520 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Windows.dll
MOD - [2011.03.30 17:45:06 | 000,218,600 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Workflow.dll
MOD - [2011.03.30 17:45:04 | 001,869,288 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Services.dll
MOD - [2011.03.30 17:45:02 | 000,041,960 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Business.TinyUrl.dll
MOD - [2011.03.30 17:45:00 | 000,337,896 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Booster.UI.dll
MOD - [2011.01.22 16:57:54 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.09 16:06:47 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012.09.03 19:32:45 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.09 19:20:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 19:20:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.01.22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.02.29 23:12:12 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008.02.22 14:34:57 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DIAGNOSE\WSTGER\uxddrv.sys -- (uxddrv)
DRV - [2012.10.04 22:55:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.05.09 19:20:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 19:20:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.19 11:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011.08.19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.04.04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011.03.31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011.03.16 22:42:02 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2011.03.04 19:27:19 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.03.04 19:27:18 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.01.22 16:58:24 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eufs.sys -- (EUFS)
DRV - [2011.01.22 16:58:22 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011.01.22 16:58:20 | 000,031,112 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011.01.22 16:58:18 | 000,188,296 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010.03.12 19:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2010.01.25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.01.29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009.01.29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.12.14 04:28:00 | 008,244,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.10.01 20:54:44 | 000,419,344 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SkyNET.sys -- (SKYNET)
DRV - [2007.09.21 11:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2a21be620000000000000008c9a0638c&tlver=1.4.19.19&affID=17160
IE - HKCU\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{51DD28B5-EACA-4F35-B291-9C25A2E55699}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www27.yoog.com/search.php?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=161&systemid=406&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.20 18:11:53 | 000,000,000 | ---D | M]
 
[2011.04.01 23:15:34 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
O1 HOSTS File: ([2010.12.22 00:26:09 | 000,427,674 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14729 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuse.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663 (MUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Unable to open value key)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B37002-36E9-4A77-9DC4-D081363E3413}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F590491-063E-4E74-978F-82A33451A8F9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F076153C-EE15-41C0-8EB0-C3697B4B3D66}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.04 23:07:28 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.04 23:05:05 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\10_2012
[2012.10.04 22:55:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.09.10 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.04 23:07:30 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.10.04 23:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.04 23:05:48 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.10.04 23:05:33 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.10.04 22:55:59 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.10.04 22:52:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\Packard Bell Data Secure for ***.job
[2012.10.04 22:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.04 22:06:16 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.04 22:06:16 | 000,607,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.04 22:06:16 | 000,131,710 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.04 22:06:16 | 000,108,644 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.04 21:59:58 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.04 21:59:50 | 000,604,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.04 21:59:50 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 21:59:50 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.04 21:59:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.04 21:58:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.04 21:34:49 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.26 20:34:01 | 000,100,864 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.06 20:36:36 | 000,000,768 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.04 23:05:48 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.10.04 23:05:28 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.09.06 20:36:36 | 000,000,768 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.20 17:35:13 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 08:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.07.13 14:24:53 | 000,038,446 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.04.04 19:15:27 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2
[2011.04.04 19:15:23 | 000,000,016 | -H-- | C] () -- C:\Users\***\mxfilerelatedcache.mxc2
[2011.03.16 22:43:07 | 000,000,098 | ---- | C] () -- C:\Windows\Videodeluxe.INI
[2011.03.13 14:33:00 | 000,000,032 | ---- | C] () -- C:\Windows\System32\EUOD.DAT
[2011.03.04 19:11:40 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.03.04 19:11:37 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.01.23 15:19:04 | 000,038,426 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.01.20 19:02:49 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini
[2010.12.24 11:55:29 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010.09.29 23:29:14 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2010.09.27 21:44:34 | 000,006,138 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin
[2010.08.22 16:45:41 | 000,139,152 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys
[2009.11.09 22:26:45 | 000,038,425 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2009.01.24 20:01:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.12.13 02:15:46 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\Default.PLS
[2008.07.12 18:18:53 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2008.04.02 16:00:56 | 000,000,557 | ---- | C] () -- C:\Users\***\AppData\Roaming\TheLastRipper.xml
[2008.03.15 20:55:36 | 000,100,864 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.22 21:34:03 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.22 14:44:08 | 000,000,094 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.09.29 15:45:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2009.05.03 17:24:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2008.07.06 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASCON Installer
[2011.04.14 17:32:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\avidemux
[2010.09.27 21:15:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service GmbH
[2011.11.19 11:00:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Byotov
[2008.04.13 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010.11.26 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\cock
[2011.01.20 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Codecd3d
[2011.07.22 14:44:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2008.02.25 23:30:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CoSoSys
[2009.01.13 14:23:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Crystal Player
[2012.10.04 22:02:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.07.10 14:15:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.05.29 14:39:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.28 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FarmingSimulator2008
[2008.09.03 17:51:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fotobuch.de AG
[2009.04.25 10:05:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Monitor for Google
[2011.04.01 23:23:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2011.01.26 00:02:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Itsth
[2010.11.21 18:58:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Juniper Networks
[2012.08.04 23:00:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2011.11.20 20:06:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.01.09 23:16:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LimeWire
[2011.07.22 14:39:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.01.26 00:32:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MyPhoneExplorer
[2008.04.16 15:02:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NewSoft
[2010.03.15 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pegasys Inc
[2008.04.13 20:12:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ScanSoft
[2008.12.31 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skinux
[2010.10.03 22:33:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SMSout
[2008.08.06 22:42:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sonavis
[2010.07.31 20:47:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SuperMailer
[2008.07.12 18:18:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2008.09.17 21:13:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TVcentral-Core
[2012.08.04 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2011.11.18 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Upur
[2012.08.04 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 

< End of report >
Code:
OTL Extras logfile created on: 04.10.2012 23:07:41 - Run 1
OTL by OldTimer - Version 3.2.70.2    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,86 Gb Available Physical Memory | 42,90% Memory free
4,24 Gb Paging File | 2,43 Gb Available in Paging File | 57,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 112,15 Gb Free Space | 25,17% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 11,03 Gb Free Space | 54,72% Space Free | Partition Type: FAT32
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Unable to open value key File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Dateien\Downloads\Fotobuch\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Dateien\Downloads\Fotobuch\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
"C:\Dateien\Alexandra\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Dateien\Alexandra\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0201F59C-2A42-4168-B6B3-0742E5C310B9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0C374FB5-C899-43F0-8440-CEF2C997466A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1518B4B1-47F0-454E-870F-A83E43BB0003}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{16CA8772-9CFC-4479-AB82-F3D0EDB737DE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1AAFA3D1-57AC-45D2-B1EC-0E67FE66E630}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1F6033E4-9018-4FFD-9DE0-AB3C2B32C051}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F7A2B43-39B1-4595-9BD3-E9DF6500598B}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{22E5DAEB-6EF8-4768-9FE9-02A3C9CF0BD0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{239A7D70-29B6-4EFE-A9DD-E931FEF69E24}" = rport=137 | protocol=17 | dir=out | app=system |
"{3093077A-A4DA-446A-B8A6-56926CE9987D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{327B40F8-3A96-41DD-98EF-975A84E152E0}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{32DA4576-3502-4566-A3F7-20C9D8BE930C}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{43AC3E41-E303-413C-85B8-0575B0532089}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A22D451-B80E-444F-BD57-CF3659A1AD5E}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{64DD3AA3-6C78-468F-8C19-062A97787F6D}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6C7ABAEA-94EC-4F40-A78E-F2E7FF53D3EC}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6D4368A2-515B-4932-B719-1184C7752B63}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6F30EEAC-6DBD-40E4-9596-39696C3F6C39}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{715CA0D4-A98F-401B-AC78-89ECBDB349D3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{74808D74-C2BD-4A44-AC30-791CD7B9F552}" = lport=139 | protocol=6 | dir=in | app=system |
"{74DA62FC-0629-4CA1-8A0F-3292C621547D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76021415-672B-4BCA-B811-AC4BD3D956FB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{76BB8A26-5137-4959-91DE-A544DE014778}" = rport=445 | protocol=6 | dir=out | app=system |
"{7951D290-6C16-4660-AA11-BE856F384E45}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D9972D8-4A7D-4060-9BCD-BAB3A90EAEE9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7F51410D-E049-4FCF-99EE-85CF9E5E2E70}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8446FBC6-5150-4991-93EC-2EC0AD81ED96}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{87E96F97-35F1-41E9-B390-7949D1AADBEA}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{8A2810D4-2EE8-4E4C-8BD0-FE761B7D7D28}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{90119939-426B-49D7-97BC-0DAC63F39D81}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{96D3B22B-7AB5-4ECA-BB09-B0B3AFF16731}" = lport=137 | protocol=17 | dir=in | app=system |
"{ABE7A324-DFA9-488A-9D24-30BE2C720CCD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{BAAAAAD3-4046-4A38-8385-980E90373444}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{BEA55080-9409-4E50-A6EF-F28CE67A7FA6}" = rport=138 | protocol=17 | dir=out | app=system |
"{C104868A-E41F-430A-9A0E-71F1C19D55E0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DD8C93B5-C428-4F8F-927B-D47E4C143769}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DE171572-4743-471A-8A63-D11154E857C8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC7832DF-1DED-4986-8BDA-95898C853F85}" = rport=139 | protocol=6 | dir=out | app=system |
"{F1DDFF17-B9F2-4235-B371-141B01438809}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FC58C0F7-580D-431C-9D23-11321A42056D}" = lport=138 | protocol=17 | dir=in | app=system |
"{FDF1D35E-458B-4BC7-83F5-B651D7D99EC9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FDF91233-0723-477B-BD79-CBF101054E7E}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D254ED-9826-4CF1-ACD8-D1732D481C7A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{08488E07-A207-42AB-8C3C-6234D4396596}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0BE04582-A3D0-4724-B1D1-18F701998C19}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe |
"{11320A4E-C369-4050-9037-652326A3953B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{15AD1714-57F8-45D4-BB36-38FB0005CA13}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{17928989-23AD-45A1-B328-F4E7B48D9D42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{180BC910-87AD-4BE4-9CF0-4CD1A942FE0E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1C29A5E9-1F6B-4E23-801C-EA30A51E1972}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1C37DE41-E3BF-427A-9BE5-6ECA3FAE25FB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1D5A908B-8BFA-4831-A11F-3D1430B9C6D7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2825FD05-8E9E-4F6B-991E-5CFEEA5F841E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2E46EB3C-480D-4D0E-AF80-572C3B12DE95}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2EC05C3B-AF24-4E33-BFFE-7081C60BF964}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2EDF8A3C-2FCF-40D4-8DBB-3DEBD09C146C}" = protocol=6 | dir=in | app=c:\program files\lgnas\nasdetector\nasdetector.exe |
"{2FFBBAFD-24F9-491A-9C9B-5C53047559C5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{36AB7289-69E8-4406-9ACB-D849CBC89157}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{395C9D7B-C4AC-454E-A9C9-A27ED810A8B6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3CDFB4C1-B800-4D04-B0AE-36EFC87CB051}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3D8EA1C3-8B1D-4F13-B5E2-ED0336057A24}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3F95A07C-1F03-4610-A52B-9F5856D9DFC8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4130BA16-172C-4907-9EAD-6444ECE778FC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{41CB5248-31AC-40D4-B543-E959845B6369}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4223D670-0C76-493C-97FC-48EDAD66CD39}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{42C4C4AB-ED99-4011-B9A9-0F6C60630F1C}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{436C73AB-F50A-42DC-909C-357E7BACD274}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4A6A6F1F-946A-475C-92C2-04682888C7A9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4B126F9E-065A-470F-9C57-52CB0D311214}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4BE09AE3-8CEA-4D5A-83F6-9B259977B5A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4C920248-1C27-42F6-A992-8940750818D0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4EDAAC79-8CE8-4EDC-89B4-5A453A79A54C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5296BD95-B0C9-41C8-892E-4EBDD6228956}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{55769CE4-6FD5-4D49-AA8A-2F6497F362AC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5FE68731-57D6-4BBE-A189-4CDD3DEB8EA4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{637E056F-BB80-44AA-83D0-18D13BC5D005}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6A7CB09F-4801-48DC-BAFA-6BD594F30F17}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6D6E7386-1D55-459D-928F-B099D1F5CDD8}" = protocol=6 | dir=in | app=c:\program files\iminent\imbooster\imbooster.exe |
"{6F3ECAFA-4177-48A7-94A8-6B6DAE4F9A2E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7011A1BC-C5F3-4374-81B3-81493CD9B1C5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{705A9499-0508-4DB6-A0DA-B07CB757CB71}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{712F08D0-B161-4F7E-B97A-01B05C400584}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7329836A-FF09-48A1-85E6-9FCE61342786}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{74DC73B1-AEAB-46BE-AF7B-9676ADA91C79}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{75D38908-D88F-4BCD-8673-ACBA9F14C821}" = protocol=6 | dir=out | app=c:\program files\iminent\mmserver\iminent.mmserver.exe |
"{79B7172D-5A63-4FD2-A06D-789F731AABD2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7BE8CB32-F8AF-44F9-9EB4-CA3F3D28B706}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7C352E82-A9AE-4161-A086-6A7FDB17CB58}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{82CCB4E1-227E-431E-8A38-6A6F97BE8229}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8365281E-FE34-4F34-ACFC-BB8639624FBE}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{8A7CBBDB-F778-4169-9CF9-06BE3DB69BB1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8AAAE017-0EEE-4EFE-BEE9-AD38B6809B3F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8F8628ED-03FB-459A-9828-7FAF30B5029F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{8FEA870F-A015-41D5-B12C-B48681121F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{90CFDA12-EC19-4C9C-93BD-4D5F0DF0B93C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{91279B02-AC12-4F1E-9045-79C9BDED63A4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9170DEBD-144B-42BF-92FB-5492B0B97876}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{92DAADF2-E286-41EA-AD09-4CE91022D5AF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{977C7884-AED8-430E-9144-1338B53EBDAC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{98C48465-0D56-46F2-AFBA-4F1826F61E23}" = protocol=17 | dir=in | app=c:\program files\lgnas\nasdetector\nasdetector.exe |
"{9B0936E0-523C-4AB4-982B-4BB8AC559731}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9CC6AE99-3770-4BD5-ABE1-8B0C4E4DCB8A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9F4A847F-D43B-42E3-AD21-5688C065B128}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{A1CC2240-AEF8-4204-B042-CD1095CC280D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A25973C6-12CF-4C19-AF17-86BDFB75B5B8}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A3732A94-E176-4A4F-B187-D744E879CF77}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{A76CDABD-2FB8-43DE-80E2-B8BD9FC372FD}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A8109008-5F0E-46FF-9DAC-D1CBCEFC9376}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A90B3C99-CF4F-4544-835B-9E8BDA060145}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe |
"{A9DBA0F3-E2BF-4D3F-9A76-39C9A0947EBB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AC3A0640-F4C2-4B7E-B8B4-413A71852736}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AC9635B3-D98E-4D91-8B97-2CD66B5783E8}" = protocol=6 | dir=out | app=c:\program files\iminent\imbooster\imbooster.exe |
"{B1747447-BF0E-422B-B6B7-E4A8E68AF401}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B2853FF3-0A8E-43D7-8CC4-3219CF3221C3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B40D92F6-73DA-4845-BCCB-426269BC6EEC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B628B371-F445-49D8-B181-97125F42E99E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BAB63DAB-B2DE-4371-AE2E-135634F56F49}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BC894A4C-B3BD-4CB5-9063-20D69D9E44FA}" = protocol=6 | dir=in | app=c:\program files\iminent\mmserver\iminent.mmserver.exe |
"{C2E53F8F-64CD-49C6-8D66-3CDF0F739606}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C2E57F66-7940-429E-8FF5-CBF18FB5B1E8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C3A4033A-3F0F-419C-ACE5-BEC637D3D1DA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C58D1DCD-EE4E-4840-8553-81311D85DC70}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C663D907-5F36-46D4-891B-2F9126AD1BE8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C6D3DF86-C56D-4A0D-A9B7-451108644B9E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CCA07642-C99D-461B-990F-A2E81292271F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CDE31234-C3CC-45AB-BAF1-08B2356C4393}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D089D7B7-95C5-4821-8AB4-9D5021A0F7C4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D2A238BA-6013-4A05-A7DF-2F8EDC0ED6CF}" = protocol=17 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{D3EF62A3-F4B2-4A3C-AC80-B64A40991BF1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D565D3CA-4C44-4462-98CD-C71E9E5292B0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D8286C37-31A3-456B-96E7-51C01B820700}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D9B3EA17-0C0D-45BD-8AF6-4EA77EA2F314}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DC69D7D6-C91D-4829-87D1-360A048FD903}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DF221089-7BD5-46C6-A634-E80D1DF92CE5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E635663D-12F6-4FC4-8DC2-12AA1BBF5A15}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E8B60ED1-4A67-43E2-A373-8193F101C35E}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"{E8B6F1F3-99E0-471C-8124-940E991DDC39}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EB48FF3E-C256-4C0E-9594-FDB88D9D3E50}" = protocol=6 | dir=in | app=c:\program files\searchqu toolbar\datamngr\toolbar\dtuser.exe |
"{F1101A87-0E34-472D-8164-19D1ADF188E2}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe |
"{F1CE6CA0-8BDB-4DFA-BBA9-872AA517DDC0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F315DCD3-0B59-4F42-9BE3-B66552AAA5F7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F6548B0C-5362-4354-AF36-28E59F03792C}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe |
"{F66CB2D4-D35C-45CD-8E6F-E2EC92917714}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F96A2944-D4AF-453E-A674-38E75BBA035C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FAE6C358-C4A9-4B18-92D4-4665779AE73D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FC52596E-010B-41B6-81A0-33F919895C11}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{10ECA3A8-B5F2-4F81-8B66-DBF220F8976F}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{3B497CA2-34F2-46FD-825C-CDD8F6340BFB}C:\team17\worms2\frontend.exe" = protocol=6 | dir=in | app=c:\team17\worms2\frontend.exe |
"TCP Query User{412001A3-3FF8-428D-8B53-A4274F1BA699}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{4EDC2E1F-8DE3-46B4-90CB-19CCF9D2B712}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{4EF09714-D2F2-4879-9159-F27352479B1C}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{549B736E-6DC4-4FD9-BBB2-1B6752134463}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{65DAC3FB-121F-467F-9330-896576A5A7FF}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{81C149D8-EEB4-426C-AC3C-9799CABC53E2}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{B67DBBF1-ACE6-4D5E-BE22-3BBEB8B1037D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{C42D7F3E-7804-4177-8A1C-0940A55A7379}C:\program files\motorola\software update\msu.exe" = protocol=6 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"TCP Query User{CF8E1166-9340-4BA5-BBD1-3DDDAA12375C}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{D01091A6-C9CC-4242-BC86-3899BCA700A7}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=6 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"TCP Query User{D33545E8-764C-4394-AFED-5AC272B6F744}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{E43557DA-AF16-421B-A49A-415280A38953}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{EB6A1FF4-4C10-49E9-ACF9-B57380E9C389}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"TCP Query User{ED9E25E4-1781-49F9-B0B6-43F5300E3B25}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{01E375B9-E3CB-460A-B3A6-27EE354E1077}C:\program files\motorola\software update\msu.exe" = protocol=17 | dir=in | app=c:\program files\motorola\software update\msu.exe |
"UDP Query User{0683E01C-8237-41D2-A849-0EE87465F524}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{11730B34-FDDE-4A85-AFA0-DEC333F78C5B}C:\program files\ws_ftp\ws_ftp95.exe" = protocol=17 | dir=in | app=c:\program files\ws_ftp\ws_ftp95.exe |
"UDP Query User{1D131489-9A37-40E8-872C-75D3246BFD3A}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{377AA072-31ED-4073-86F2-4065960F001E}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{3CAB603B-C142-47B7-B07A-17AC38774F05}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{437BE1CB-487A-434B-B399-FE4C0403B89D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{4FF3F819-CF78-4F6C-B58F-7924EBFEE8DA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{5001422C-26EE-4188-8334-0DC78F453230}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe |
"UDP Query User{55862774-3A6E-498E-B9A1-AD30B2581E67}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{724EED51-F6B8-4BA0-A49D-F1675AB8C270}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{A9AFE218-0C4C-412B-B84D-041C5A8E47BB}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{AEF77A85-1C1D-4899-A3D6-8FE8D0556E34}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D4B910B3-336E-4C74-90B6-D9D4BCC516CD}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{E7585E13-A285-46CD-A494-941D998BC189}C:\team17\worms2\frontend.exe" = protocol=17 | dir=in | app=c:\team17\worms2\frontend.exe |
"UDP Query User{EB8BAD84-C0C5-4E17-8511-E5E5EC731E90}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{241E9E85-7173-4AEC-9EE4-82A205EE6075}" = Application Suite
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59DC43FF-8F26-40B2-A566-C69C9457BF7D}" = Moorhuhn Soccer
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}" = Adobe Download Assistant
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Essentials
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6844E55F-37A1-42BC-B316-326B48C49ADC}" = Pro Evolution Soccer 2012 DEMO
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81388290-5DFA-493E-83D6-244B652DE5AA}" = LG NASDetector
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{870815CA-6B60-47B6-88DD-A67F42D2F03E}" = GPL MPEG-1/2 DirectShow Decoder Filter
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DBDBDAB-E729-451E-A7A7-858607C08E98}" = zacman for smartphone (arm/xscale)
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{A05BD6BC-4710-402C-8BF3-B72A09119AE5}" = Doodle Outlook Plugin
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2008-12-16
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BFEDA49F-2E91-4B54-A366-F5A198FE1173}" = DVB-PC TV Star
"{C35CCBEB-5A54-4DD8-9EC8-110F2A8154B3}" = Motorola Mobile Drivers Installation 5.1.0
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}" = WinZip 15.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D032A7F0-8B5C-4603-8B46-235025D5F9C1}" = TechniSat DVB-PC TV Star
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4BA029E-0303-48D2-B9F9-2763D468DC64}" = MainConcept DTV Decoder Standard
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E38DA569-3CC2-4E9A-BAE2-77D9295DE734}" = Motorola Software Update
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.22
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F33D9B-49B4-4D17-B1D9-CA16E9E65062}" = Iminent
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.4.2
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AudioCon" = AudioCon
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"AudioNoise_is1" = AudioNoise 1.3.2
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Bagger-Simulator 2008" = Bagger-Simulator 2008
"Bounty Hunter 2099 Pinball" = Bounty Hunter 2099 Pinball
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"Catan - Das Kartenspiel MMP" = Catan - Das Kartenspiel MMP
"Catan Online Welt" = Catan Online Welt
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CodeWallet Pro 2006 Desktop Companion" = CodeWallet Pro 2006 Desktop Companion
"CodeWallet Pro 2006 for Windows Mobile" = CodeWallet Pro 2006 for Windows Mobile
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"Designer 2.0_is1" = Designer 2.0
"Digital Image Recovery_is1" = Digital Image Recovery 1.47
"DivX Setup" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"DVBViewer_is1" = DVBViewer Technisat Edition
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EASEUS Todo Backup Home 2.0_is1" = EASEUS Todo Backup Home 2.0
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FarmingSimulator2008_is1" = Landwirtschafts Simulator 2008
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free DVD Video Burner_is1" = Free DVD Video Burner version 3.1.3.1117
"Free Monitor for Google_is1" = Free Monitor for Google 2.4
"Free MP4 Video Converter_is1" = Free MP4 Video Converter version 5.0.6.221
"Free Video Dub_is1" = Free Video Dub version 2.0.0.1117
"Free Video to Android Converter_is1" = Free Video to Android Converter version 2.2.17.324
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.6.221
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.2.19.324
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IMBoosterARP" = Iminent
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = CorelDRAW Graphics Suite 11
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InterActual Player" = InterActual Player
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"MAGIX Foto Clinic 5.5 D" = MAGIX Foto Clinic 5.5 (D)
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service (D)
"MAGIX Video deluxe 2007 PLUS D" = MAGIX Video deluxe 2007 PLUS (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MotoHelper" = MotoHelper 2.0.46 Driver 5.0.0
"MPE" = MyPhoneExplorer
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"ResInfo" = WR-Tools ResInfo
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"Rossmannr Online Print Wizard Installer_is1" = Rossmann Online Print Wizard Installer 1.0
"Scriptdoc" = Windows Script V5.6 Dokumentation
"Searchqu Toolbar" = Searchqu Toolbar
"SuperMailer" = SuperMailer 5.00
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"Vistumbler" = Vistumbler
"VLC media player" = VLC media player 1.1.8
"WhisRaider" = WhisRaider
"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen
"Worms2" = Worms2
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.09.2012 21:00:22 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
 
Error - 24.09.2012 14:05:19 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 1594  Anfangszeit: 01cd9a7f1da19fe0  Zeitpunkt
 der Beendigung: 30
 
Error - 28.09.2012 09:54:48 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 28.09.2012 13:21:55 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.350.10, Zeitstempel 0x503d64cb,
 fehlerhaftes Modul nvoglv32.dll, Version 7.15.11.6926, Zeitstempel 0x4761b346,
Ausnahmecode 0xc0000005, Fehleroffset 0x0034617a,  Prozess-ID 0x1478, Anwendungsstartzeit
 01cd9d93315fa618.
 
Error - 29.09.2012 06:31:28 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.350.10, Zeitstempel 0x503d64cb,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
 0xc0000005, Fehleroffset 0x00067967,  Prozess-ID 0x17c0, Anwendungsstartzeit 01cd9e2cc13cdcf5.
 
Error - 29.09.2012 06:36:13 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.350.10, Zeitstempel 0x503d64cb,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
 0xc0000005, Fehleroffset 0x00068851,  Prozess-ID 0x1398, Anwendungsstartzeit 01cd9e2d9b9a8145.
 
Error - 29.09.2012 06:58:24 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung javaw.exe, Version 6.0.350.10, Zeitstempel 0x503d64cb,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18541, Zeitstempel 0x4ec3e3d5, Ausnahmecode
 0xc0000005, Fehleroffset 0x00041caf,  Prozess-ID 0x10e4, Anwendungsstartzeit 01cd9e2e4ae16295.
 
Error - 01.10.2012 14:55:53 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 9.0.8112.16450 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 528  Anfangszeit: 01cda00640f20070  Zeitpunkt
 der Beendigung: 31
 
Error - 01.10.2012 16:00:14 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 01.10.2012 16:00:14 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3013
Description =
 
[ OSession Events ]
Error - 13.11.2009 15:57:09 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 127
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 10.08.2010 17:24:37 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 28
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 17.10.2010 13:03:25 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 380
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 05.01.2011 17:29:30 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 142
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 27.05.2012 06:54:19 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 153
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.08.2012 17:15:31 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19.08.2012 01:34:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 19.08.2012 09:12:04 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
 
Error - 02.09.2012 06:29:18 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
 
Error - 13.09.2012 15:14:29 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
 
Error - 13.09.2012 15:19:48 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
 
Error - 13.09.2012 15:19:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 13.09.2012 15:19:48 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 28.09.2012 13:41:52 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
 
Error - 04.10.2012 15:58:01 | Computer Name = ***-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
4. GMER bricht mit Fehler ab

cosinus 05.10.2012 08:58
Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

StefHei 05.10.2012 19:14
Danke für die Rückmeldung ;-)

Malware hat etwas gefunden:

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.05.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-PC [Administrator]

05.10.2012 16:43:37
mbam-log-2012-10-05 (20-04-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 545395
Laufzeit: 3 Stunde(n), 1 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\DVBViewerTE\SkystarIR.exe (Spyware.Zbot) -> Keine Aktion durchgeführt.

(Ende)
ältere Logdateien:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.06.12

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: STEFAN-PC [Administrator]

06.08.2012 22:00:23
mbam-log-2012-08-06 (22-00-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 527403
Laufzeit: 2 Stunde(n), 56 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: STEFAN-PC [Administrator]

22.07.2012 14:08:52
mbam-log-2012-07-22 (14-08-52).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 1
Laufzeit: 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.08.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: STEFAN-PC [Administrator]

08.02.2012 19:09:09
mbam-log-2012-02-08 (19-09-09).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 527291
Laufzeit: 2 Stunde(n), 53 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Habe noch mehr, falls gewünscht!

Und hier noch der ESET-Log:

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
Und das Ergebnis:

Code:
C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll        a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe        a variant of Win32/Toolbar.SearchSuite.A application
C:\Program Files\Searchqu Toolbar\Datamngr\DnsBHO.dll        a variant of Win32/Toolbar.SearchSuite application
C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll        Win32/Toolbar.SearchSuite application
Operating memory        multiple threats

cosinus 06.10.2012 20:00
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

StefHei 06.10.2012 21:19
Ok, hier ist sie!

Code:
# AdwCleaner v2.003 - Datei am 10/06/2012 um 22:19:18 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Stefan - STEFAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\Program Files\Iminent
Ordner Gefunden : C:\Program Files\Searchqu Toolbar
Ordner Gefunden : C:\ProgramData\Iminent
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gefunden : C:\Users\Alexandra\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Alexandra\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Alexandra\AppData\LocalLow\Searchqutoolbar
Ordner Gefunden : C:\Users\Marek\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Marek\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Marek\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Marek\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Mika\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Mika\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Mika\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Stefan\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Stefan\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Stefan\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Stefan\AppData\LocalLow\Searchqutoolbar

***** [Registrierungsdatenbank] *****

Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Schlüssel Gefunden : HKCU\Software\AppDataLow\HavingFunOnline
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\Iminent
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKCU\Software\pdfforge.org
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\SweetIm
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\Software\ilivid
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gefunden : HKLM\Software\pdfforge.org
Schlüssel Gefunden : HKLM\Software\SearchquMediabarTb
Schlüssel Gefunden : HKLM\Software\SweetIm
Schlüssel Gefunden : HKU\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKU\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gefunden : HKU\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

*************************

AdwCleaner[R1].txt - [9799 octets] - [06/10/2012 22:19:19]

########## EOF - C:\AdwCleaner[R1].txt - [9859 octets] ##########

cosinus 07.10.2012 07:30
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

StefHei 07.10.2012 07:57
Guten Morgen ;-)

Code:
# AdwCleaner v2.003 - Datei am 10/07/2012 um 08:52:29 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Stefan - STEFAN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gelöscht : C:\Program Files\Iminent
Ordner Gelöscht : C:\Program Files\Searchqu Toolbar
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent
Ordner Gelöscht : C:\Users\Alexandra\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Alexandra\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Alexandra\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Marek\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Marek\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Marek\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Marek\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Mika\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Mika\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Mika\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Stefan\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Stefan\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Stefan\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Stefan\AppData\LocalLow\Searchqutoolbar

***** [Registrierungsdatenbank] *****

Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
Schlüssel Gelöscht : HKCU\Software\AppDataLow\HavingFunOnline
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKCU\Software\pdfforge.org
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\SweetIm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandle.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ActiveContentHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IminentWebBooster.TinyUrlHandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\Software\ilivid
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\Software\pdfforge.org
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\Software\SweetIm
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[R1].txt - [9928 octets] - [06/10/2012 22:19:19]
AdwCleaner[S1].txt - [9821 octets] - [07/10/2012 08:52:29]

########## EOF - C:\AdwCleaner[S1].txt - [9881 octets] ##########

cosinus 07.10.2012 09:18
Hätte da mal drei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Werbeeinblendungen bzw Weiterleitungen wie zB Incredibar oder Mystart sind nun weg?

StefHei 07.10.2012 10:41
Gern!

zu 1) Der Modus ging vorher und geht auch jetzt uneingeschränkt.

zu 2) Startmenü sieht gut aus. Leere Ordner sind auch nicht zu sehen.

zu 3) Sowas hatte ich nicht, zumindest nicht bewusst. Wäre mir aber sicher aufgefallen. Mein Problem ist vielmehr der "Befall" meiner Internetseiten. Da wäre mir auch wichtig, wie ich mich am Ende verhalten soll. Löschen der Dateien auf dem Host und Hochladen der lokalen Dateien oder wie?

Hier nochmal die Virenmeldung bei Aufruf der Internetseiten:

Zitat:
WARNING: ProxyAV has detected a virus/PUS in this file!

File has been dropped.

[..]

Antivirus Vendor: Sophos, Plc.
Scan Engine Version: 3.35.1
Machine name: AVHB02
Virus/PUS: "Troj/JSRedir-HZ" found!

cosinus 07.10.2012 18:53
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

StefHei 07.10.2012 20:08
OK!

Code:
OTL logfile created on: 07.10.2012 20:46:33 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,34% Memory free
4,24 Gb Paging File | 3,34 Gb Available in Paging File | 78,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,60 Gb Total Space | 111,73 Gb Free Space | 25,07% Space Free | Partition Type: NTFS
Drive D: | 20,15 Gb Total Space | 11,03 Gb Free Space | 54,72% Space Free | Partition Type: FAT32
 
Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.07 20:45:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
PRC - [2012.09.09 16:06:47 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012.08.08 17:36:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.09 19:20:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 19:20:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 19:20:27 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.11.11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.28 14:48:58 | 000,974,848 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011.01.22 16:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011.01.22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2007.11.14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.11 15:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.11.11 15:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.08.12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011.08.12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.08.12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.08.12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.08.12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.08.12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.04.26 22:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011.04.19 12:39:46 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2011.04.19 12:39:44 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2011.01.22 16:57:54 | 000,050,056 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\CodeLog.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.09.09 16:06:47 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012.09.03 19:32:45 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.09 19:20:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 19:20:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.04.26 22:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.01.22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2008.02.29 23:12:12 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008.02.22 14:34:57 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DIAGNOSE\WSTGER\uxddrv.sys -- (uxddrv)
DRV - [2012.05.09 19:20:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 19:20:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.19 11:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011.08.19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.04.04 14:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2011.03.31 14:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2011.03.16 22:42:02 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2011.03.04 19:27:19 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.03.04 19:27:18 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.01.22 16:58:24 | 000,021,896 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eufs.sys -- (EUFS)
DRV - [2011.01.22 16:58:22 | 000,015,240 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011.01.22 16:58:20 | 000,031,112 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011.01.22 16:58:18 | 000,188,296 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.04.01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010.03.12 19:22:18 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2010.01.25 19:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2009.01.29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009.01.29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007.12.14 04:28:00 | 008,244,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.10.01 20:54:44 | 000,419,344 | ---- | M] (TechniSat Digital, S.A.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SkyNET.sys -- (SKYNET)
DRV - [2007.09.21 11:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.07.07 15:13:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.11.30 16:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 11:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..\SearchScopes,DefaultScope = {51DD28B5-EACA-4F35-B291-9C25A2E55699}
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..\SearchScopes\{51DD28B5-EACA-4F35-B291-9C25A2E55699}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www27.yoog.com/search.php?q={searchTerms}
IE - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Stefan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.20 18:11:53 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2010.12.22 00:26:09 | 000,427,674 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14729 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe /warmup File not found
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk =  File not found
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuse.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..Trusted Ranges: GD ([http] in Lokales Intranet)
O15 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///E:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab (JordanUploader Class)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///E:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab (EAFO3AXLauncher Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663 (MUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///E:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34B37002-36E9-4A77-9DC4-D081363E3413}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F590491-063E-4E74-978F-82A33451A8F9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F076153C-EE15-41C0-8EB0-C3697B4B3D66}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe - (TechniSat Digital, S.A.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE - (WinZip Computing, S.L.)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: TrayServer - hkey= - key= - C:\MAGIX\Video_deluxe_2007_PLUS\Trayserver.exe (MAGIX AG)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.MKVC - C:\Windows\System32\KMVIDC32.DLL ()
Drivers32: vidc.VSPX - C:\Windows\System32\vspxvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.07 20:45:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012.10.05 20:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.10.04 23:05:05 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\10_2012
[2012.09.10 19:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.07 20:48:21 | 000,642,258 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.10.07 20:48:21 | 000,607,268 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.10.07 20:48:21 | 000,131,710 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.10.07 20:48:21 | 000,108,644 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.10.07 20:45:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe
[2012.10.07 20:41:44 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.07 20:41:41 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 20:41:41 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.07 20:41:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.07 11:42:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.10.06 22:18:59 | 000,513,501 | ---- | M] () -- C:\Users\Stefan\Desktop\adwcleaner.exe
[2012.10.05 23:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.05 22:30:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.04 23:22:04 | 000,302,592 | ---- | M] () -- C:\Users\Stefan\Desktop\vmnl35d1.exe
[2012.10.04 23:05:48 | 000,000,000 | ---- | M] () -- C:\Users\Stefan\defogger_reenable
[2012.10.04 23:05:33 | 000,050,477 | ---- | M] () -- C:\Users\Stefan\Desktop\Defogger.exe
[2012.10.04 22:52:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\Packard Bell Data Secure for Stefan.job
[2012.10.04 21:59:50 | 000,604,856 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.10.04 21:34:49 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.26 20:34:01 | 000,100,864 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Stefan\AppData\Roaming\*.tmp files -> C:\Users\Stefan\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.06 22:18:54 | 000,513,501 | ---- | C] () -- C:\Users\Stefan\Desktop\adwcleaner.exe
[2012.10.04 23:22:02 | 000,302,592 | ---- | C] () -- C:\Users\Stefan\Desktop\vmnl35d1.exe
[2012.10.04 23:05:48 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\defogger_reenable
[2012.10.04 23:05:28 | 000,050,477 | ---- | C] () -- C:\Users\Stefan\Desktop\Defogger.exe
[2011.11.20 17:35:13 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2011.08.19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011.08.19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011.08.19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011.08.12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011.07.26 08:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2011.07.13 14:24:53 | 000,038,446 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.04.04 19:15:27 | 000,000,016 | -H-- | C] () -- C:\Program Files\mxfilerelatedcache.mxc2
[2011.04.04 19:15:23 | 000,000,016 | -H-- | C] () -- C:\Users\Stefan\mxfilerelatedcache.mxc2
[2011.03.16 22:43:07 | 000,000,098 | ---- | C] () -- C:\Windows\Videodeluxe.INI
[2011.03.13 14:33:00 | 000,000,032 | ---- | C] () -- C:\Windows\System32\EUOD.DAT
[2011.03.04 19:11:40 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.03.04 19:11:37 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.01.23 15:19:04 | 000,038,426 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011.01.20 19:02:49 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini
[2010.12.24 11:55:29 | 000,321,536 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010.09.29 23:29:14 | 000,000,680 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat
[2010.09.27 21:44:34 | 000,006,138 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\mdbu.bin
[2010.08.22 16:45:41 | 000,139,152 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\PnkBstrK.sys
[2009.11.09 22:26:45 | 000,038,425 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2009.01.24 20:01:36 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.12.13 02:15:46 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Default.PLS
[2008.07.12 18:18:53 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\wklnhst.dat
[2008.04.02 16:00:56 | 000,000,557 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\TheLastRipper.xml
[2008.03.15 20:55:36 | 000,100,864 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.22 21:34:03 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008.02.22 14:44:08 | 000,000,094 | ---- | C] () -- C:\Users\Stefan\AppData\Local\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2008.09.07 17:42:50 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Canon
[2008.09.03 21:33:59 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\fotobuch.de AG
[2010.11.21 12:45:37 | 000,000,000 | ---D | M] -- C:\Users\Alexandra\AppData\Roaming\Juniper Networks
[2012.09.29 15:45:40 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft
[2009.05.03 17:24:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Amazon
[2008.07.06 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ASCON Installer
[2011.04.14 17:32:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\avidemux
[2010.09.27 21:15:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Buhl Data Service GmbH
[2011.11.19 11:00:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Byotov
[2008.04.13 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Canon
[2010.11.26 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\cock
[2011.01.20 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Codecd3d
[2011.07.22 14:44:13 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2008.02.25 23:30:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CoSoSys
[2009.01.13 14:23:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Crystal Player
[2012.10.07 20:42:25 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2012.07.10 14:15:48 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
[2011.05.29 14:39:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.28 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FarmingSimulator2008
[2008.09.03 17:51:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\fotobuch.de AG
[2009.04.25 10:05:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Free Monitor for Google
[2011.04.01 23:23:30 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GetRightToGo
[2011.01.26 00:02:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Itsth
[2010.11.21 18:58:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Juniper Networks
[2012.08.04 23:00:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\kock
[2011.11.20 20:06:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Leadertech
[2010.01.09 23:16:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LimeWire
[2011.07.22 14:39:11 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MAGIX
[2011.01.26 00:32:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MyPhoneExplorer
[2008.04.16 15:02:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\NewSoft
[2010.03.15 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Pegasys Inc
[2008.04.13 20:12:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ScanSoft
[2008.12.31 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skinux
[2010.10.03 22:33:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SMSout
[2008.08.06 22:42:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sonavis
[2010.07.31 20:47:15 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SuperMailer
[2008.07.12 18:18:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Template
[2008.09.17 21:13:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TVcentral-Core
[2012.08.04 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\UAs
[2011.11.18 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Upur
[2012.08.04 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.09.29 15:45:40 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\.minecraft
[2011.07.22 14:56:33 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Adobe
[2009.05.03 17:24:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Amazon
[2012.06.15 18:32:59 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ArcSoft
[2008.07.06 11:31:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ASCON Installer
[2011.04.14 17:32:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\avidemux
[2011.12.25 10:19:47 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Avira
[2010.09.27 21:15:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Buhl Data Service GmbH
[2011.11.19 11:00:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Byotov
[2008.04.13 20:19:56 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Canon
[2010.11.26 21:58:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\cock
[2011.01.20 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Codecd3d
[2011.07.22 14:44:13 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.01.10 22:03:05 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Corel
[2008.02.25 23:30:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CoSoSys
[2009.01.13 14:23:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Crystal Player
[2008.12.13 02:15:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\CyberLink
[2011.10.31 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DivX
[2012.10.07 20:42:25 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Dropbox
[2011.04.14 17:29:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVD Flick
[2012.01.20 20:31:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\dvdcss
[2012.07.10 14:15:48 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoft
[2011.05.29 14:39:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.28 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\FarmingSimulator2008
[2008.09.03 17:51:32 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\fotobuch.de AG
[2009.04.25 10:05:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Free Monitor for Google
[2011.04.01 23:23:30 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\GetRightToGo
[2008.04.04 23:51:22 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Google
[2008.02.29 23:25:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Help
[2008.02.22 14:43:49 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Identities
[2009.01.05 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\InstallShield
[2011.01.26 00:02:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Itsth
[2010.11.21 18:58:38 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Juniper Networks
[2012.08.04 23:00:01 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\kock
[2011.11.20 20:06:43 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Leadertech
[2010.01.09 23:16:16 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\LimeWire
[2011.02.27 16:59:51 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Logitech
[2008.02.29 23:19:23 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Macromedia
[2011.07.22 14:39:11 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MAGIX
[2011.01.17 20:44:40 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Media Center Programs
[2011.11.20 20:06:43 | 000,000,000 | --SD | M] -- C:\Users\Stefan\AppData\Roaming\Microsoft
[2011.01.26 00:32:10 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\MyPhoneExplorer
[2011.09.04 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Nero
[2008.04.16 15:02:28 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\NewSoft
[2010.03.15 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Pegasys Inc
[2008.03.01 01:35:45 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Real
[2008.04.13 20:12:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\ScanSoft
[2008.12.31 17:20:39 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skinux
[2012.09.06 20:41:04 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Skype
[2010.10.03 22:33:35 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SMSout
[2008.08.06 22:42:53 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Sonavis
[2012.02.12 20:48:57 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SUPERAntiSpyware.com
[2010.07.31 20:47:15 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\SuperMailer
[2008.07.12 18:18:54 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Template
[2008.09.17 21:13:08 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\TVcentral-Core
[2012.08.04 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\UAs
[2011.11.18 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\Upur
[2011.08.14 19:14:58 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\vlc
[2012.08.04 23:03:31 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2007.05.10 10:29:40 | 000,057,344 | ---- | M] (SBS) -- C:\Users\Stefan\AppData\Roaming\ASCON Installer\ASUNINST.EXE
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.05.08 01:28:58 | 000,314,184 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\64bitProxy.exe
[2011.11.15 03:22:50 | 000,334,920 | ---- | M] (Juniper Networks") -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe
[2011.11.15 03:22:50 | 000,253,000 | ---- | M] (Juniper Networks) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
[2011.11.15 03:22:52 | 000,171,080 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\InstallHelper.exe
[2011.11.15 03:23:06 | 000,057,880 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Host Checker\uninstall.exe
[2011.10.16 19:56:34 | 000,149,368 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2011.10.16 19:56:58 | 000,282,544 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperCompMgrInstaller.exe
[2011.10.16 19:56:32 | 000,571,256 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2011.10.16 19:56:06 | 000,348,224 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2011.10.16 19:49:44 | 000,236,576 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupXP.exe
[2011.10.16 19:56:58 | 000,056,952 | ---- | M] (Juniper Networks, Inc.) -- C:\Users\Stefan\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2011.11.20 20:06:43 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.02.07 20:34:08 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2012.08.30 23:08:35 | 000,006,656 | R--- | M] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe
[2008.02.08 12:10:10 | 000,004,608 | ---- | M] (Curio Laboratories) -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\SendTo\RemoveOnReboot.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.09.10 13:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.09.10 13:13:48 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.02.22 21:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.22 21:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.22 21:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.22 21:39:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\drivers\nvstor32.sys
[2007.10.31 12:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_a4ed2674\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.11.14 23:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.11.14 23:54:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2008.02.28 23:45:51 | 000,000,350 | ---- | C] () -- C:\Windows\Tasks\Packard Bell Data Secure for Stefan.job
[2012.03.24 10:15:22 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.03.24 10:15:23 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.03.31 17:40:46 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< End of report >

cosinus 07.10.2012 20:44
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - Startup: C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk =  File not found
O4 - Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuse.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKU\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Users\Stefan\AppData\Roaming\Byotov
C:\Users\Stefan\AppData\Roaming\kock
C:\Users\Stefan\AppData\Roaming\xmdlm
C:\Users\Stefan\AppData\Roaming\UAs
C:\Users\Stefan\AppData\Roaming\upur
C:\Program Files\Searchqu Toolbar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

StefHei 07.10.2012 21:17
Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Last.fm Helper.lnk moved successfully.
C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netuse.bat moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue not found.
Registry value HKEY_USERS\S-1-5-21-781496924-3805918316-1371711088-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
C:\Users\Stefan\AppData\Roaming\Byotov folder moved successfully.
C:\Users\Stefan\AppData\Roaming\kock folder moved successfully.
File\Folder C:\Users\Stefan\AppData\Roaming\xmdlm not found.
C:\Users\Stefan\AppData\Roaming\UAs folder moved successfully.
C:\Users\Stefan\AppData\Roaming\Upur folder moved successfully.
File\Folder C:\Program Files\Searchqu Toolbar not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Stefan\Desktop\cmd.bat deleted successfully.
C:\Users\Stefan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alexandra
->Temp folder emptied: 12398982 bytes
->Temporary Internet Files folder emptied: 181043078 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 912 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mika
->Temp folder emptied: 2212563 bytes
->Temporary Internet Files folder emptied: 89491 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Stefan
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3391488 bytes
->Java cache emptied: 4759233 bytes
->Flash cache emptied: 523 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 486806 bytes
RecycleBin emptied: 601088 bytes
 
Total Files Cleaned = 196,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10072012_221101

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 07.10.2012 21:18
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

StefHei 07.10.2012 21:24
Code:
22:21:02.0303 3128  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:21:02.0366 3128  ============================================================
22:21:02.0366 3128  Current date / time: 2012/10/07 22:21:02.0366
22:21:02.0366 3128  SystemInfo:
22:21:02.0366 3128 
22:21:02.0366 3128  OS Version: 6.0.6002 ServicePack: 2.0
22:21:02.0366 3128  Product type: Workstation
22:21:02.0366 3128  ComputerName: STEFAN-PC
22:21:02.0366 3128  UserName: Stefan
22:21:02.0366 3128  Windows directory: C:\Windows
22:21:02.0366 3128  System windows directory: C:\Windows
22:21:02.0366 3128  Processor architecture: Intel x86
22:21:02.0366 3128  Number of processors: 2
22:21:02.0366 3128  Page size: 0x1000
22:21:02.0366 3128  Boot type: Normal boot
22:21:02.0366 3128  ============================================================
22:21:02.0740 3128  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:21:02.0771 3128  ============================================================
22:21:02.0771 3128  \Device\Harddisk0\DR0:
22:21:02.0771 3128  MBR partitions:
22:21:02.0787 3128  \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x37B31C38, BlocksNum 0x2853009
22:21:02.0787 3128  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x37B31BBA
22:21:02.0787 3128  ============================================================
22:21:02.0818 3128  C: <-> \Device\Harddisk0\DR0\Partition2
22:21:02.0834 3128  D: <-> \Device\Harddisk0\DR0\Partition1
22:21:02.0834 3128  ============================================================
22:21:02.0834 3128  Initialize success
22:21:02.0834 3128  ============================================================
22:22:46.0948 5844  ============================================================
22:22:46.0948 5844  Scan started
22:22:46.0948 5844  Mode: Manual; SigCheck; TDLFS;
22:22:46.0948 5844  ============================================================
22:22:47.0291 5844  ================ Scan system memory ========================
22:22:47.0291 5844  System memory - ok
22:22:47.0291 5844  ================ Scan services =============================
22:22:47.0385 5844  [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
22:22:47.0478 5844  !SASCORE - ok
22:22:47.0790 5844  [ 651C54AC4EC5C5397C5AFF5D575CA45B ] 3xHybrid        C:\Windows\system32\DRIVERS\3xHybrid.sys
22:22:47.0884 5844  3xHybrid - ok
22:22:47.0931 5844  [ 585E64BB6DFBC0A2F1F0B554DED012DF ] 61883          C:\Windows\system32\DRIVERS\61883.sys
22:22:48.0071 5844  61883 - ok
22:22:48.0180 5844  [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
22:22:48.0212 5844  AAV UpdateService - ok
22:22:48.0258 5844  [ 4E5451DD0AEC8504D7F8030DD2D4C416 ] ACEDRV07        C:\Windows\system32\drivers\ACEDRV07.sys
22:22:48.0290 5844  ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
22:22:48.0290 5844  ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
22:22:48.0336 5844  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:22:48.0352 5844  ACPI - ok
22:22:48.0461 5844  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:22:48.0461 5844  AdobeARMservice - ok
22:22:48.0539 5844  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:22:48.0555 5844  AdobeFlashPlayerUpdateSvc - ok
22:22:48.0602 5844  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
22:22:48.0617 5844  adp94xx - ok
22:22:48.0664 5844  [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci        C:\Windows\system32\drivers\adpahci.sys
22:22:48.0680 5844  adpahci - ok
22:22:48.0695 5844  [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:22:48.0711 5844  adpu160m - ok
22:22:48.0726 5844  [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320        C:\Windows\system32\drivers\adpu320.sys
22:22:48.0742 5844  adpu320 - ok
22:22:48.0789 5844  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
22:22:48.0929 5844  AeLookupSvc - ok
22:22:48.0992 5844  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
22:22:49.0070 5844  AFD - ok
22:22:49.0101 5844  [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:22:49.0116 5844  agp440 - ok
22:22:49.0163 5844  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
22:22:49.0179 5844  aic78xx - ok
22:22:49.0226 5844  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
22:22:49.0288 5844  ALG - ok
22:22:49.0319 5844  [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:22:49.0335 5844  aliide - ok
22:22:49.0366 5844  [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:22:49.0382 5844  amdagp - ok
22:22:49.0397 5844  [ 6F65F4147C54398D7280B18CEBBED215 ] amdide          C:\Windows\system32\drivers\amdide.sys
22:22:49.0413 5844  amdide - ok
22:22:49.0444 5844  [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
22:22:49.0584 5844  AmdK7 - ok
22:22:49.0616 5844  [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
22:22:49.0678 5844  AmdK8 - ok
22:22:49.0803 5844  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:22:49.0818 5844  AntiVirSchedulerService - ok
22:22:49.0865 5844  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:22:49.0881 5844  AntiVirService - ok
22:22:49.0959 5844  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
22:22:50.0037 5844  Appinfo - ok
22:22:50.0099 5844  [ 5F673180268BB1FDB69C99B6619FE379 ] arc            C:\Windows\system32\drivers\arc.sys
22:22:50.0099 5844  arc - ok
22:22:50.0162 5844  [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:22:50.0162 5844  arcsas - ok
22:22:50.0208 5844  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:22:50.0255 5844  AsyncMac - ok
22:22:50.0286 5844  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
22:22:50.0302 5844  atapi - ok
22:22:50.0364 5844  [ E46D344412D1ABC60C58E95C73BCDC70 ] atksgt          C:\Windows\system32\DRIVERS\atksgt.sys
22:22:50.0380 5844  atksgt - ok
22:22:50.0427 5844  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:22:50.0458 5844  AudioEndpointBuilder - ok
22:22:50.0489 5844  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:22:50.0505 5844  Audiosrv - ok
22:22:50.0552 5844  [ F4B56425A00BEB32F5FA6603FF7B0EA2 ] Avc            C:\Windows\system32\DRIVERS\avc.sys
22:22:50.0598 5844  Avc - ok
22:22:50.0676 5844  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
22:22:50.0692 5844  avgntflt - ok
22:22:50.0739 5844  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
22:22:50.0754 5844  avipbb - ok
22:22:50.0786 5844  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
22:22:50.0801 5844  avkmgr - ok
22:22:50.0848 5844  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:22:50.0910 5844  Beep - ok
22:22:51.0004 5844  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE            C:\Windows\System32\bfe.dll
22:22:51.0051 5844  BFE - ok
22:22:51.0113 5844  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll
22:22:51.0207 5844  BITS - ok
22:22:51.0269 5844  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:22:51.0332 5844  bowser - ok
22:22:51.0363 5844  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:22:51.0410 5844  BrFiltLo - ok
22:22:51.0441 5844  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:22:51.0488 5844  BrFiltUp - ok
22:22:51.0519 5844  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
22:22:51.0566 5844  Browser - ok
22:22:51.0612 5844  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
22:22:51.0659 5844  Brserid - ok
22:22:51.0690 5844  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:22:51.0768 5844  BrSerWdm - ok
22:22:51.0800 5844  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:22:51.0862 5844  BrUsbMdm - ok
22:22:51.0893 5844  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:22:51.0956 5844  BrUsbSer - ok
22:22:52.0018 5844  [ 4813DF77EDE536A52E3737971F910BAA ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys
22:22:52.0080 5844  BTCFilterService - ok
22:22:52.0127 5844  [ 6D39C954799B63BA866910234CF7D726 ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
22:22:52.0190 5844  BthEnum - ok
22:22:52.0221 5844  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:22:52.0283 5844  BTHMODEM - ok
22:22:52.0314 5844  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
22:22:52.0361 5844  BthPan - ok
22:22:52.0439 5844  [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
22:22:52.0502 5844  BTHPORT - ok
22:22:52.0548 5844  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ        C:\Windows\System32\bthserv.dll
22:22:52.0564 5844  BthServ - ok
22:22:52.0611 5844  [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
22:22:52.0642 5844  BTHUSB - ok
22:22:52.0689 5844  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:22:52.0751 5844  cdfs - ok
22:22:52.0782 5844  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
22:22:52.0845 5844  cdrom - ok
22:22:52.0907 5844  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
22:22:52.0954 5844  CertPropSvc - ok
22:22:52.0985 5844  [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass        C:\Windows\system32\drivers\circlass.sys
22:22:53.0048 5844  circlass - ok
22:22:53.0126 5844  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
22:22:53.0172 5844  CLFS - ok
22:22:53.0235 5844  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:22:53.0297 5844  clr_optimization_v2.0.50727_32 - ok
22:22:53.0360 5844  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:22:53.0391 5844  clr_optimization_v4.0.30319_32 - ok
22:22:53.0406 5844  [ 59172A0724F2AB769F31D61B0571D75B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:22:53.0422 5844  cmdide - ok
22:22:53.0438 5844  [ 82B8C91D327CFECF76CB58716F7D4997 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:22:53.0453 5844  Compbatt - ok
22:22:53.0469 5844  COMSysApp - ok
22:22:53.0484 5844  [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
22:22:53.0484 5844  crcdisk - ok
22:22:53.0500 5844  [ 22A7F883508176489F559EE745B5BF5D ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:22:53.0562 5844  Crusoe - ok
22:22:53.0594 5844  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:22:53.0656 5844  CryptSvc - ok
22:22:53.0687 5844  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:22:53.0750 5844  DcomLaunch - ok
22:22:53.0781 5844  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:22:53.0843 5844  DfsC - ok
22:22:53.0921 5844  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
22:22:54.0124 5844  DFSR - ok
22:22:54.0218 5844  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:22:54.0264 5844  Dhcp - ok
22:22:54.0311 5844  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
22:22:54.0327 5844  disk - ok
22:22:54.0389 5844  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:22:54.0452 5844  Dnscache - ok
22:22:54.0483 5844  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
22:22:54.0498 5844  dot3svc - ok
22:22:54.0576 5844  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
22:22:54.0623 5844  DPS - ok
22:22:54.0670 5844  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
22:22:54.0701 5844  drmkaud - ok
22:22:54.0857 5844  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
22:22:54.0935 5844  DXGKrnl - ok
22:22:54.0998 5844  [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
22:22:55.0060 5844  E1G60 - ok
22:22:55.0122 5844  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
22:22:55.0154 5844  EapHost - ok
22:22:55.0247 5844  [ 2EA8CCC4AF7D9223DD397D8CCB636F5D ] EASEUS Agent    C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
22:22:55.0310 5844  EASEUS Agent ( UnsignedFile.Multi.Generic ) - warning
22:22:55.0310 5844  EASEUS Agent - detected UnsignedFile.Multi.Generic (1)
22:22:55.0356 5844  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:22:55.0372 5844  Ecache - ok
22:22:55.0434 5844  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
22:22:55.0497 5844  ehRecvr - ok
22:22:55.0512 5844  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
22:22:55.0559 5844  ehSched - ok
22:22:55.0575 5844  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
22:22:55.0606 5844  ehstart - ok
22:22:55.0653 5844  [ E8F3F21A71720C84BCF423B80028359F ] elxstor        C:\Windows\system32\drivers\elxstor.sys
22:22:55.0684 5844  elxstor - ok
22:22:55.0715 5844  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
22:22:55.0793 5844  EMDMgmt - ok
22:22:55.0856 5844  [ 0C7F516415333F854D2CE45C6F2D6420 ] EUBAKUP        C:\Windows\system32\drivers\eubakup.sys
22:22:55.0887 5844  EUBAKUP ( UnsignedFile.Multi.Generic ) - warning
22:22:55.0887 5844  EUBAKUP - detected UnsignedFile.Multi.Generic (1)
22:22:55.0949 5844  [ F986EE234B05769C7FBD8DEF8D20E32F ] EuDisk          C:\Windows\system32\DRIVERS\EuDisk.sys
22:22:55.0996 5844  EuDisk ( UnsignedFile.Multi.Generic ) - warning
22:22:55.0996 5844  EuDisk - detected UnsignedFile.Multi.Generic (1)
22:22:56.0012 5844  [ DB677F262DDB5DE277C8F655EBD114F5 ] EUDSKACS        C:\Windows\system32\drivers\eudskacs.sys
22:22:56.0043 5844  EUDSKACS ( UnsignedFile.Multi.Generic ) - warning
22:22:56.0043 5844  EUDSKACS - detected UnsignedFile.Multi.Generic (1)
22:22:56.0074 5844  [ 42F734E7EB6C05E97DF18C0EB16C350A ] EUFS            C:\Windows\system32\drivers\eufs.sys
22:22:56.0105 5844  EUFS ( UnsignedFile.Multi.Generic ) - warning
22:22:56.0105 5844  EUFS - detected UnsignedFile.Multi.Generic (1)
22:22:56.0152 5844  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
22:22:56.0199 5844  EventSystem - ok
22:22:56.0277 5844  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
22:22:56.0308 5844  exfat - ok
22:22:56.0370 5844  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
22:22:56.0417 5844  fastfat - ok
22:22:56.0448 5844  [ 63BDADA84951B9C03E641800E176898A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
22:22:56.0511 5844  fdc - ok
22:22:56.0542 5844  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
22:22:56.0589 5844  fdPHost - ok
22:22:56.0604 5844  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:22:56.0667 5844  FDResPub - ok
22:22:56.0729 5844  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:22:56.0745 5844  FileInfo - ok
22:22:56.0776 5844  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
22:22:56.0823 5844  Filetrace - ok
22:22:56.0870 5844  [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:22:56.0932 5844  flpydisk - ok
22:22:56.0994 5844  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:22:57.0026 5844  FltMgr - ok
22:22:57.0088 5844  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache      C:\Windows\system32\FntCache.dll
22:22:57.0182 5844  FontCache - ok
22:22:57.0244 5844  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:22:57.0260 5844  FontCache3.0.0.0 - ok
22:22:57.0306 5844  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:22:57.0353 5844  Fs_Rec - ok
22:22:57.0400 5844  [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:22:57.0400 5844  gagp30kx - ok
22:22:57.0462 5844  [ 4A381768FCAF9096EC96A29F9602A3ED ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
22:22:57.0509 5844  GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - warning
22:22:57.0509 5844  GoogleDesktopManager - detected UnsignedFile.Multi.Generic (1)
22:22:57.0556 5844  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
22:22:57.0634 5844  gpsvc - ok
22:22:57.0696 5844  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:57.0712 5844  gupdate - ok
22:22:57.0743 5844  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:22:57.0759 5844  gupdatem - ok
22:22:57.0806 5844  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
22:22:57.0821 5844  gusvc - ok
22:22:57.0852 5844  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:22:57.0899 5844  HdAudAddService - ok
22:22:57.0977 5844  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:22:57.0993 5844  HDAudBus - ok
22:22:58.0040 5844  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:22:58.0086 5844  HidBth - ok
22:22:58.0102 5844  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
22:22:58.0149 5844  HidIr - ok
22:22:58.0180 5844  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
22:22:58.0211 5844  hidserv - ok
22:22:58.0258 5844  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:22:58.0289 5844  HidUsb - ok
22:22:58.0320 5844  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:22:58.0352 5844  hkmsvc - ok
22:22:58.0383 5844  [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
22:22:58.0398 5844  HpCISSs - ok
22:22:58.0445 5844  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:22:58.0508 5844  HTTP - ok
22:22:58.0523 5844  [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
22:22:58.0539 5844  i2omp - ok
22:22:58.0617 5844  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:22:58.0664 5844  i8042prt - ok
22:22:58.0679 5844  [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
22:22:58.0695 5844  iaStorV - ok
22:22:58.0742 5844  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:22:58.0835 5844  idsvc - ok
22:22:58.0851 5844  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
22:22:58.0866 5844  iirsp - ok
22:22:58.0898 5844  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:22:58.0944 5844  IKEEXT - ok
22:22:59.0022 5844  [ 56661BEAE591E59067710B6CBCA78184 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:22:59.0303 5844  IntcAzAudAddService - ok
22:22:59.0334 5844  [ E5EA1C17DA5065032E346591FF64F3AF ] intelide        C:\Windows\system32\drivers\intelide.sys
22:22:59.0350 5844  intelide - ok
22:22:59.0412 5844  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:22:59.0490 5844  intelppm - ok
22:22:59.0553 5844  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
22:22:59.0600 5844  IPBusEnum - ok
22:22:59.0631 5844  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:22:59.0678 5844  IpFilterDriver - ok
22:22:59.0724 5844  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:22:59.0771 5844  iphlpsvc - ok
22:22:59.0818 5844  [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
22:22:59.0865 5844  IPMIDRV - ok
22:22:59.0896 5844  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
22:22:59.0943 5844  IPNAT - ok
22:23:00.0005 5844  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:23:00.0052 5844  IRENUM - ok
22:23:00.0083 5844  [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:23:00.0099 5844  isapnp - ok
22:23:00.0146 5844  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:23:00.0161 5844  iScsiPrt - ok
22:23:00.0177 5844  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:23:00.0192 5844  iteatapi - ok
22:23:00.0224 5844  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
22:23:00.0239 5844  iteraid - ok
22:23:00.0270 5844  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:23:00.0286 5844  kbdclass - ok
22:23:00.0317 5844  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:23:00.0364 5844  kbdhid - ok
22:23:00.0380 5844  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
22:23:00.0426 5844  KeyIso - ok
22:23:00.0473 5844  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:23:00.0504 5844  KSecDD - ok
22:23:00.0567 5844  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
22:23:00.0629 5844  KtmRm - ok
22:23:00.0692 5844  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:23:00.0754 5844  LanmanServer - ok
22:23:00.0816 5844  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:23:00.0848 5844  LanmanWorkstation - ok
22:23:00.0863 5844  [ 8CCF9ED46D52AF1375875F74A91FFACF ] lirsgt          C:\Windows\system32\DRIVERS\lirsgt.sys
22:23:00.0879 5844  lirsgt - ok
22:23:00.0926 5844  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:23:00.0972 5844  lltdio - ok
22:23:01.0035 5844  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
22:23:01.0066 5844  lltdsvc - ok
22:23:01.0082 5844  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
22:23:01.0144 5844  lmhosts - ok
22:23:01.0206 5844  [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:23:01.0222 5844  LSI_FC - ok
22:23:01.0253 5844  [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
22:23:01.0269 5844  LSI_SAS - ok
22:23:01.0300 5844  [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:23:01.0316 5844  LSI_SCSI - ok
22:23:01.0347 5844  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
22:23:01.0394 5844  luafv - ok
22:23:01.0472 5844  [ 7521C0C58EE91BE90B6CC33E792D10C7 ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
22:23:01.0487 5844  LVRS - ok
22:23:01.0659 5844  [ 37E57C48AF530DF01CDD4E8A2AD77B51 ] LVUVC          C:\Windows\system32\DRIVERS\lvuvc.sys
22:23:01.0877 5844  LVUVC - ok
22:23:01.0924 5844  [ D5BA9B816AFEF5292FE13C9A6267B6AB ] Macromedia Licensing Service C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
22:23:01.0955 5844  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:23:01.0955 5844  Macromedia Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:23:01.0986 5844  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
22:23:02.0018 5844  Mcx2Svc - ok
22:23:02.0064 5844  [ D153B14FC6598EAE8422A2037553ADCE ] megasas        C:\Windows\system32\drivers\megasas.sys
22:23:02.0064 5844  megasas - ok
22:23:02.0158 5844  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
22:23:02.0189 5844  MMCSS - ok
22:23:02.0220 5844  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
22:23:02.0252 5844  Modem - ok
22:23:02.0330 5844  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
22:23:02.0376 5844  monitor - ok
22:23:02.0423 5844  [ F4EA1193A52C8FE4B8A135E210ABE546 ] motccgp        C:\Windows\system32\DRIVERS\motccgp.sys
22:23:02.0486 5844  motccgp - ok
22:23:02.0501 5844  [ B812DA6605CAF02641312F1F65C75419 ] motccgpfl      C:\Windows\system32\DRIVERS\motccgpfl.sys
22:23:02.0564 5844  motccgpfl - ok
22:23:02.0595 5844  [ 69814ACD50A9D6D28296050EF6215D46 ] motmodem        C:\Windows\system32\DRIVERS\motmodem.sys
22:23:02.0642 5844  motmodem - ok
22:23:02.0720 5844  [ 3BBC6C2402242401F791548AAEBF3D39 ] MotoHelper      C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
22:23:02.0735 5844  MotoHelper - ok
22:23:02.0766 5844  [ FD8C2CEF7AD8B23C6714103D621FAC1F ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys
22:23:02.0813 5844  MotoSwitchService - ok
22:23:02.0844 5844  [ DDC489D40B49F443787E7FFA75373522 ] Motousbnet      C:\Windows\system32\DRIVERS\Motousbnet.sys
22:23:02.0860 5844  Motousbnet - ok
22:23:02.0907 5844  [ 2136CCA3D1BF7C0248E5366B1A6C24E3 ] motusbdevice    C:\Windows\system32\DRIVERS\motusbdevice.sys
22:23:02.0969 5844  motusbdevice - ok
22:23:02.0985 5844  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:23:03.0000 5844  mouclass - ok
22:23:03.0063 5844  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:23:03.0110 5844  mouhid - ok
22:23:03.0156 5844  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:23:03.0172 5844  MountMgr - ok
22:23:03.0219 5844  [ 583A41F26278D9E0EA548163D6139397 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:23:03.0234 5844  mpio - ok
22:23:03.0266 5844  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:23:03.0312 5844  mpsdrv - ok
22:23:03.0359 5844  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:23:03.0390 5844  MpsSvc - ok
22:23:03.0422 5844  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:23:03.0437 5844  Mraid35x - ok
22:23:03.0453 5844  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:23:03.0468 5844  MRxDAV - ok
22:23:03.0515 5844  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:23:03.0531 5844  mrxsmb - ok
22:23:03.0593 5844  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:23:03.0640 5844  mrxsmb10 - ok
22:23:03.0671 5844  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:23:03.0687 5844  mrxsmb20 - ok
22:23:03.0718 5844  [ 86068B8B54A5EB092F51657F00B2222A ] msahci          C:\Windows\system32\drivers\msahci.sys
22:23:03.0734 5844  msahci - ok
22:23:03.0765 5844  [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
22:23:03.0796 5844  msdsm - ok
22:23:03.0827 5844  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
22:23:03.0874 5844  MSDTC - ok
22:23:03.0936 5844  [ 343291A4DFD7C923C3F71F550830EC1C ] MSDV            C:\Windows\system32\DRIVERS\msdv.sys
22:23:03.0983 5844  MSDV - ok
22:23:04.0014 5844  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:23:04.0046 5844  Msfs - ok
22:23:04.0108 5844  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:23:04.0124 5844  msisadrv - ok
22:23:04.0170 5844  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
22:23:04.0217 5844  MSiSCSI - ok
22:23:04.0233 5844  msiserver - ok
22:23:04.0264 5844  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
22:23:04.0311 5844  MSKSSRV - ok
22:23:04.0358 5844  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:23:04.0389 5844  MSPCLOCK - ok
22:23:04.0420 5844  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
22:23:04.0467 5844  MSPQM - ok
22:23:04.0498 5844  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
22:23:04.0514 5844  MsRPC - ok
22:23:04.0560 5844  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:23:04.0576 5844  mssmbios - ok
22:23:04.0607 5844  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
22:23:04.0654 5844  MSTEE - ok
22:23:04.0685 5844  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
22:23:04.0701 5844  Mup - ok
22:23:04.0748 5844  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
22:23:04.0794 5844  napagent - ok
22:23:04.0841 5844  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
22:23:04.0888 5844  NativeWifiP - ok
22:23:04.0950 5844  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:23:04.0982 5844  NDIS - ok
22:23:05.0028 5844  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:23:05.0075 5844  NdisTapi - ok
22:23:05.0122 5844  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
22:23:05.0153 5844  Ndisuio - ok
22:23:05.0184 5844  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
22:23:05.0216 5844  NdisWan - ok
22:23:05.0262 5844  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
22:23:05.0294 5844  NDProxy - ok
22:23:05.0418 5844  [ C5052FB77AA42ED440F9F6B4E37145A9 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
22:23:05.0481 5844  Nero BackItUp Scheduler 3 - ok
22:23:05.0528 5844  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
22:23:05.0574 5844  NetBIOS - ok
22:23:05.0621 5844  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
22:23:05.0668 5844  netbt - ok
22:23:05.0715 5844  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
22:23:05.0730 5844  Netlogon - ok
22:23:05.0808 5844  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
22:23:05.0855 5844  Netman - ok
22:23:05.0918 5844  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
22:23:05.0980 5844  netprofm - ok
22:23:06.0042 5844  [ 9BA2F93E4F01EC58E722B36639E0CE5D ] netr28u        C:\Windows\system32\DRIVERS\netr28u.sys
22:23:06.0120 5844  netr28u - ok
22:23:06.0183 5844  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:23:06.0198 5844  NetTcpPortSharing - ok
22:23:06.0230 5844  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
22:23:06.0245 5844  nfrd960 - ok
22:23:06.0292 5844  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:23:06.0339 5844  NlaSvc - ok
22:23:06.0417 5844  [ 74149BCF0307BB76D68C0F8912DF731C ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
22:23:06.0432 5844  NMIndexingService - ok
22:23:06.0479 5844  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:23:06.0495 5844  Npfs - ok
22:23:06.0542 5844  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
22:23:06.0588 5844  nsi - ok
22:23:06.0620 5844  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:23:06.0666 5844  nsiproxy - ok
22:23:06.0729 5844  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:23:06.0822 5844  Ntfs - ok
22:23:06.0854 5844  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
22:23:06.0900 5844  ntrigdigi - ok
22:23:06.0932 5844  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
22:23:06.0978 5844  Null - ok
22:23:07.0041 5844  [ B896FB556B4DC1E1D2943559EA79C5C5 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
22:23:07.0150 5844  NVENETFD - ok
22:23:07.0415 5844  [ C5823E05F760FF5B4C698752B1B8030D ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:23:07.0852 5844  nvlddmkm - ok
22:23:07.0883 5844  [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:23:07.0899 5844  nvraid - ok
22:23:07.0961 5844  [ 7EC12A73067BACA25A8E3E2A58AE83D8 ] nvsmu          C:\Windows\system32\DRIVERS\nvsmu.sys
22:23:08.0008 5844  nvsmu - ok
22:23:08.0024 5844  [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:23:08.0039 5844  nvstor - ok
22:23:08.0102 5844  [ 4876E7C3184BDF50EDE043FEF616B867 ] nvstor32        C:\Windows\system32\DRIVERS\nvstor32.sys
22:23:08.0117 5844  nvstor32 - ok
22:23:08.0133 5844  [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:23:08.0148 5844  nv_agp - ok
22:23:08.0258 5844  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:23:08.0273 5844  odserv - ok
22:23:08.0320 5844  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:23:08.0351 5844  ohci1394 - ok
22:23:08.0414 5844  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:23:08.0429 5844  ose - ok
22:23:08.0476 5844  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:23:08.0538 5844  p2pimsvc - ok
22:23:08.0570 5844  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:23:08.0616 5844  p2psvc - ok
22:23:08.0648 5844  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
22:23:08.0710 5844  Parport - ok
22:23:08.0757 5844  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
22:23:08.0772 5844  partmgr - ok
22:23:08.0804 5844  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:23:08.0866 5844  Parvdm - ok
22:23:08.0897 5844  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:23:08.0928 5844  PcaSvc - ok
22:23:08.0960 5844  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
22:23:08.0975 5844  pci - ok
22:23:09.0006 5844  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys
22:23:09.0022 5844  pciide - ok
22:23:09.0053 5844  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:23:09.0069 5844  pcmcia - ok
22:23:09.0116 5844  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:23:09.0287 5844  PEAUTH - ok
22:23:09.0365 5844  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
22:23:09.0506 5844  pla - ok
22:23:09.0552 5844  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:23:09.0599 5844  PlugPlay - ok
22:23:09.0677 5844  [ A1DD33D16F277CE34124EE52AB2C0F14 ] PnkBstrA        C:\Windows\system32\PnkBstrA.exe
22:23:09.0677 5844  PnkBstrA - ok
22:23:09.0724 5844  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
22:23:09.0771 5844  PNRPAutoReg - ok
22:23:09.0802 5844  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
22:23:09.0833 5844  PNRPsvc - ok
22:23:09.0880 5844  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
22:23:09.0989 5844  PolicyAgent - ok
22:23:10.0036 5844  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:23:10.0067 5844  PptpMiniport - ok
22:23:10.0114 5844  [ 0E3CEF5D28B40CF273281D620C50700A ] Processor      C:\Windows\system32\drivers\processr.sys
22:23:10.0161 5844  Processor - ok
22:23:10.0192 5844  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
22:23:10.0239 5844  ProfSvc - ok
22:23:10.0270 5844  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
22:23:10.0270 5844  ProtectedStorage - ok
22:23:10.0317 5844  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:23:10.0364 5844  PSched - ok
22:23:10.0442 5844  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
22:23:10.0442 5844  PxHelp20 - ok
22:23:10.0520 5844  [ CCDAC889326317792480C0A67156A1EC ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:23:10.0566 5844  ql2300 - ok
22:23:10.0598 5844  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:23:10.0598 5844  ql40xx - ok
22:23:10.0660 5844  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
22:23:10.0691 5844  QWAVE - ok
22:23:10.0738 5844  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:23:10.0738 5844  QWAVEdrv - ok
22:23:10.0832 5844  [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr        C:\Windows\WindowsMobile\rapimgr.dll
22:23:10.0847 5844  RapiMgr - ok
22:23:10.0863 5844  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:23:10.0910 5844  RasAcd - ok
22:23:10.0941 5844  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
22:23:10.0988 5844  RasAuto - ok
22:23:11.0019 5844  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
22:23:11.0081 5844  Rasl2tp - ok
22:23:11.0112 5844  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
22:23:11.0144 5844  RasMan - ok
22:23:11.0206 5844  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:23:11.0222 5844  RasPppoe - ok
22:23:11.0253 5844  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
22:23:11.0268 5844  RasSstp - ok
22:23:11.0284 5844  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
22:23:11.0331 5844  rdbss - ok
22:23:11.0362 5844  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:23:11.0409 5844  RDPCDD - ok
22:23:11.0456 5844  [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
22:23:11.0518 5844  rdpdr - ok
22:23:11.0518 5844  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:23:11.0580 5844  RDPENCDD - ok
22:23:11.0627 5844  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
22:23:11.0690 5844  RDPWD - ok
22:23:11.0752 5844  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:23:11.0799 5844  RemoteAccess - ok
22:23:11.0830 5844  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:23:11.0877 5844  RemoteRegistry - ok
22:23:11.0924 5844  [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
22:23:11.0955 5844  RFCOMM - ok
22:23:12.0048 5844  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
22:23:12.0064 5844  RichVideo - ok
22:23:12.0111 5844  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
22:23:12.0173 5844  RpcLocator - ok
22:23:12.0392 5844  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
22:23:12.0438 5844  RpcSs - ok
22:23:12.0485 5844  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:23:12.0532 5844  rspndr - ok
22:23:12.0548 5844  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
22:23:12.0563 5844  SamSs - ok
22:23:12.0626 5844  [ 39763504067962108505BFF25F024345 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
22:23:12.0641 5844  SASDIFSV - ok
22:23:12.0688 5844  [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
22:23:12.0688 5844  SASKUTIL - ok
22:23:13.0265 5844  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:23:13.0718 5844  sbp2port - ok
22:23:13.0749 5844  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:23:13.0796 5844  SCardSvr - ok
22:23:13.0874 5844  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
22:23:13.0952 5844  Schedule - ok
22:23:13.0983 5844  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
22:23:13.0998 5844  SCPolicySvc - ok
22:23:14.0045 5844  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:23:14.0061 5844  SDRSVC - ok
22:23:14.0076 5844  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:23:14.0154 5844  secdrv - ok
22:23:14.0186 5844  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
22:23:14.0217 5844  seclogon - ok
22:23:14.0264 5844  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
22:23:14.0326 5844  SENS - ok
22:23:14.0357 5844  [ AC1F2A09B76B57356F906EEDA43CCC2A ] Ser2pl          C:\Windows\system32\DRIVERS\ser2pl.sys
22:23:14.0404 5844  Ser2pl - ok
22:23:14.0451 5844  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
22:23:14.0482 5844  Serenum - ok
22:23:14.0529 5844  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:23:14.0560 5844  Serial - ok
22:23:14.0591 5844  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:23:14.0622 5844  sermouse - ok
22:23:14.0654 5844  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:23:14.0685 5844  SessionEnv - ok
22:23:14.0716 5844  [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
22:23:14.0778 5844  sffdisk - ok
22:23:14.0810 5844  [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:23:14.0841 5844  sffp_mmc - ok
22:23:14.0872 5844  [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
22:23:14.0888 5844  sffp_sd - ok
22:23:14.0919 5844  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
22:23:14.0981 5844  sfloppy - ok
22:23:15.0012 5844  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:23:15.0075 5844  SharedAccess - ok
22:23:15.0122 5844  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:23:15.0184 5844  ShellHWDetection - ok
22:23:15.0246 5844  [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:23:15.0262 5844  sisagp - ok
22:23:15.0293 5844  [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:23:15.0293 5844  SiSRaid2 - ok
22:23:15.0309 5844  [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:23:15.0324 5844  SiSRaid4 - ok
22:23:15.0371 5844  [ DEC09E19220FE690CF9611D83C0E13D7 ] SKYNET          C:\Windows\system32\DRIVERS\SkyNET.SYS
22:23:15.0387 5844  SKYNET - ok
22:23:15.0434 5844  [ A37740568718F245E818D0C5575B9AA9 ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
22:23:15.0449 5844  SkypeUpdate - ok
22:23:15.0543 5844  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
22:23:15.0761 5844  slsvc - ok
22:23:15.0824 5844  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:23:15.0855 5844  SLUINotify - ok
22:23:15.0886 5844  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
22:23:15.0933 5844  Smb - ok
22:23:15.0980 5844  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:23:15.0995 5844  SNMPTRAP - ok
22:23:16.0026 5844  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
22:23:16.0042 5844  spldr - ok
22:23:16.0089 5844  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
22:23:16.0120 5844  Spooler - ok
22:23:16.0167 5844  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
22:23:16.0229 5844  srv - ok
22:23:16.0307 5844  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:23:16.0323 5844  srv2 - ok
22:23:16.0354 5844  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:23:16.0385 5844  srvnet - ok
22:23:16.0432 5844  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
22:23:16.0463 5844  SSDPSRV - ok
22:23:16.0510 5844  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
22:23:16.0510 5844  ssmdrv - ok
22:23:16.0588 5844  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
22:23:16.0635 5844  SstpSvc - ok
22:23:16.0682 5844  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
22:23:16.0697 5844  stisvc - ok
22:23:16.0728 5844  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:23:16.0744 5844  swenum - ok
22:23:16.0775 5844  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
22:23:16.0791 5844  swprv - ok
22:23:16.0822 5844  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
22:23:16.0838 5844  Symc8xx - ok
22:23:16.0853 5844  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:23:16.0869 5844  Sym_hi - ok
22:23:16.0884 5844  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:23:16.0900 5844  Sym_u3 - ok
22:23:16.0931 5844  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
22:23:16.0962 5844  SysMain - ok
22:23:16.0994 5844  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:23:17.0040 5844  TabletInputService - ok
22:23:17.0087 5844  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
22:23:17.0103 5844  TapiSrv - ok
22:23:17.0150 5844  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
22:23:17.0196 5844  TBS - ok
22:23:17.0274 5844  [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
22:23:17.0368 5844  Tcpip - ok
22:23:17.0399 5844  [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:23:17.0430 5844  Tcpip6 - ok
22:23:17.0462 5844  [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:23:17.0524 5844  tcpipreg - ok
22:23:17.0571 5844  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:23:17.0586 5844  TDPIPE - ok
22:23:17.0633 5844  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
22:23:17.0680 5844  TDTCP - ok
22:23:17.0711 5844  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
22:23:17.0742 5844  tdx - ok
22:23:17.0789 5844  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:23:17.0789 5844  TermDD - ok
22:23:17.0820 5844  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
22:23:17.0898 5844  TermService - ok
22:23:17.0930 5844  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
22:23:17.0945 5844  Themes - ok
22:23:17.0961 5844  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
22:23:17.0992 5844  THREADORDER - ok
22:23:18.0039 5844  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
22:23:18.0070 5844  TrkWks - ok
22:23:18.0101 5844  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:23:18.0117 5844  TrustedInstaller - ok
22:23:18.0164 5844  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:23:18.0210 5844  tssecsrv - ok
22:23:18.0304 5844  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
22:23:18.0320 5844  tunmp - ok
22:23:18.0366 5844  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:23:18.0398 5844  tunnel - ok
22:23:18.0429 5844  [ C3ADE15414120033A36C0F293D4A4121 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:23:18.0444 5844  uagp35 - ok
22:23:18.0491 5844  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:23:18.0554 5844  udfs - ok
22:23:18.0585 5844  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
22:23:18.0616 5844  UI0Detect - ok
22:23:18.0647 5844  [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:23:18.0647 5844  uliagpkx - ok
22:23:18.0694 5844  [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci        C:\Windows\system32\drivers\uliahci.sys
22:23:18.0710 5844  uliahci - ok
22:23:18.0725 5844  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:23:18.0741 5844  UlSata - ok
22:23:18.0772 5844  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
22:23:18.0788 5844  ulsata2 - ok
22:23:18.0850 5844  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
22:23:18.0866 5844  umbus - ok
22:23:18.0928 5844  [ 88BD96A1BAEED33EE8BDF9499C07A841 ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
22:23:18.0944 5844  UMPass - ok
22:23:19.0037 5844  [ 927754ABF077AEB5504BE4E0F2C60C1B ] UMVPFSrv        C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
22:23:19.0100 5844  UMVPFSrv - ok
22:23:19.0131 5844  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
22:23:19.0162 5844  upnphost - ok
22:23:19.0224 5844  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:23:19.0287 5844  usbaudio - ok
22:23:19.0302 5844  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
22:23:19.0334 5844  usbccgp - ok
22:23:19.0412 5844  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:23:19.0458 5844  usbcir - ok
22:23:19.0490 5844  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
22:23:19.0552 5844  usbehci - ok
22:23:19.0583 5844  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:23:19.0630 5844  usbhub - ok
22:23:19.0677 5844  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
22:23:19.0692 5844  usbohci - ok
22:23:19.0739 5844  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:23:19.0770 5844  usbprint - ok
22:23:19.0833 5844  [ A508C9BD8724980512136B039BBA65E9 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
22:23:19.0848 5844  usbscan - ok
22:23:19.0880 5844  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:23:19.0911 5844  USBSTOR - ok
22:23:19.0926 5844  [ 325DBBACB8A36AF9988CCF40EAC228CC ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
22:23:20.0004 5844  usbuhci - ok
22:23:20.0036 5844  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:23:20.0082 5844  usbvideo - ok
22:23:20.0129 5844  [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
22:23:20.0176 5844  usb_rndisx - ok
22:23:20.0207 5844  uxddrv - ok
22:23:20.0238 5844  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
22:23:20.0254 5844  UxSms - ok
22:23:20.0332 5844  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
22:23:20.0379 5844  vds - ok
22:23:20.0426 5844  [ 7D92BE0028ECDEDEC74617009084B5EF ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
22:23:20.0472 5844  vga - ok
22:23:20.0504 5844  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
22:23:20.0550 5844  VgaSave - ok
22:23:20.0582 5844  [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:23:20.0597 5844  viaagp - ok
22:23:20.0597 5844  [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7          C:\Windows\system32\drivers\viac7.sys
22:23:20.0644 5844  ViaC7 - ok
22:23:20.0675 5844  [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:23:20.0675 5844  viaide - ok
22:23:20.0722 5844  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:23:20.0738 5844  volmgr - ok
22:23:20.0784 5844  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
22:23:20.0816 5844  volmgrx - ok
22:23:20.0831 5844  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
22:23:20.0862 5844  volsnap - ok
22:23:20.0894 5844  [ D984439746D42B30FC65A4C3546C6829 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
22:23:20.0909 5844  vsmraid - ok
22:23:20.0956 5844  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
22:23:21.0081 5844  VSS - ok
22:23:21.0128 5844  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
22:23:21.0143 5844  W32Time - ok
22:23:21.0174 5844  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:23:21.0221 5844  WacomPen - ok
22:23:21.0252 5844  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:23:21.0346 5844  Wanarp - ok
22:23:21.0346 5844  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:23:21.0362 5844  Wanarpv6 - ok
22:23:21.0393 5844  [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll
22:23:21.0424 5844  WcesComm - ok
22:23:21.0455 5844  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
22:23:21.0486 5844  wcncsvc - ok
22:23:21.0518 5844  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:23:21.0549 5844  WcsPlugInService - ok
22:23:21.0596 5844  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
22:23:21.0611 5844  Wd - ok
22:23:21.0658 5844  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:23:21.0674 5844  Wdf01000 - ok
22:23:21.0720 5844  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:23:21.0752 5844  WdiServiceHost - ok
22:23:21.0752 5844  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
22:23:21.0767 5844  WdiSystemHost - ok
22:23:21.0798 5844  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
22:23:21.0814 5844  WebClient - ok
22:23:21.0876 5844  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:23:21.0954 5844  Wecsvc - ok
22:23:22.0001 5844  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
22:23:22.0017 5844  wercplsupport - ok
22:23:22.0048 5844  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:23:22.0095 5844  WerSvc - ok
22:23:22.0157 5844  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
22:23:22.0188 5844  WinDefend - ok
22:23:22.0188 5844  WinHttpAutoProxySvc - ok
22:23:22.0220 5844  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
22:23:22.0251 5844  Winmgmt - ok
22:23:22.0344 5844  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
22:23:22.0469 5844  WinRM - ok
22:23:22.0500 5844  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys
22:23:22.0532 5844  winusb - ok
22:23:22.0594 5844  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
22:23:22.0641 5844  Wlansvc - ok
22:23:22.0672 5844  [ 701A9F884A294327E9141D73746EE279 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
22:23:22.0703 5844  WmiAcpi - ok
22:23:22.0766 5844  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:23:22.0781 5844  wmiApSrv - ok
22:23:22.0859 5844  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
22:23:22.0984 5844  WMPNetworkSvc - ok
22:23:22.0984 5844  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:23:23.0015 5844  WPCSvc - ok
22:23:23.0093 5844  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:23:23.0124 5844  WPDBusEnum - ok
22:23:23.0187 5844  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:23:23.0218 5844  WpdUsb - ok
22:23:23.0312 5844  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:23:23.0358 5844  WPFFontCache_v0400 - ok
22:23:23.0405 5844  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
22:23:23.0452 5844  ws2ifsl - ok
22:23:23.0499 5844  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\System32\wscsvc.dll
22:23:23.0514 5844  wscsvc - ok
22:23:23.0514 5844  WSearch - ok
22:23:23.0624 5844  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
22:23:23.0748 5844  wuauserv - ok
22:23:23.0811 5844  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:23:23.0842 5844  WUDFRd - ok
22:23:23.0873 5844  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
22:23:23.0904 5844  wudfsvc - ok
22:23:23.0936 5844  [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid          C:\Windows\system32\Drivers\x10hid.sys
22:23:23.0936 5844  X10Hid - ok
22:23:23.0982 5844  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets        C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
22:23:23.0998 5844  x10nets ( UnsignedFile.Multi.Generic ) - warning
22:23:23.0998 5844  x10nets - detected UnsignedFile.Multi.Generic (1)
22:23:24.0060 5844  [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF            C:\Windows\system32\Drivers\x10ufx2.sys
22:23:24.0076 5844  XUIF - ok
22:23:24.0123 5844  ================ Scan global ===============================
22:23:24.0154 5844  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
22:23:24.0201 5844  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:23:24.0216 5844  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
22:23:24.0279 5844  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
22:23:24.0341 5844  [Global] - ok
22:23:24.0341 5844  ================ Scan MBR ==================================
22:23:24.0341 5844  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:23:25.0012 5844  \Device\Harddisk0\DR0 - ok
22:23:25.0012 5844  ================ Scan VBR ==================================
22:23:25.0028 5844  [ 86C4F7DEA41642C3CFD2D85928DA3D7C ] \Device\Harddisk0\DR0\Partition1
22:23:25.0028 5844  \Device\Harddisk0\DR0\Partition1 - ok
22:23:25.0043 5844  [ 953C0546D64A0D394CEE64F903D0C0F4 ] \Device\Harddisk0\DR0\Partition2
22:23:25.0043 5844  \Device\Harddisk0\DR0\Partition2 - ok
22:23:25.0043 5844  ============================================================
22:23:25.0043 5844  Scan finished
22:23:25.0043 5844  ============================================================
22:23:25.0043 4016  Detected object count: 9
22:23:25.0043 4016  Actual detected object count: 9
22:23:50.0939 4016  ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:50.0939 4016  EASEUS Agent ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  EASEUS Agent ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:50.0939 4016  EUBAKUP ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  EUBAKUP ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:50.0939 4016  EuDisk ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  EuDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:50.0939 4016  EUDSKACS ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  EUDSKACS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:50.0939 4016  EUFS ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  EUFS ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:50.0939 4016  GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  GoogleDesktopManager ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:50.0939 4016  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  Macromedia Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:23:50.0939 4016  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
22:23:50.0939 4016  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 07.10.2012 21:29
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

StefHei 08.10.2012 06:27
Code:
ComboFix 12-10-04.02 - Stefan 07.10.2012  23:02:26.1.2 - x86
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\ExcellentAdDisplay
c:\program files\ExcellentAdDisplay\uninstall.exe
c:\program files\Windows Live\Messenger\msacm32.dll
c:\users\Stefan\AppData\Roaming\AcroIEHelpe.txt
c:\users\Stefan\AppData\Roaming\srvblck2.tmp
c:\users\Stefan\Favorites\mxfilerelatedcache.mxc2
c:\windows\IsUn0407.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
c:\windows\system32\comres.dll . . . ist infiziert!!
.
Infizierte Kopie von c:\windows\system32\comres.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.0.6001.18000_none_2cb0dad7e631d923\comres.dll wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-08 bis 2012-10-08  ))))))))))))))))))))))))))))))
.
.
2012-10-07 21:12 . 2012-10-08 05:11        --------        d-----w-        c:\users\Stefan\AppData\Local\temp
2012-10-07 21:12 . 2012-10-07 21:12        --------        d-----w-        c:\users\Mika\AppData\Local\temp
2012-10-07 21:12 . 2012-10-07 21:12        --------        d-----w-        c:\users\Marek\AppData\Local\temp
2012-10-07 21:12 . 2012-10-07 21:12        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-07 21:12 . 2012-10-07 21:12        --------        d-----w-        c:\users\Alexandra\AppData\Local\temp
2012-10-07 21:11 . 2008-01-19 05:48        1291264        ----a-w-        c:\windows\system32\comres.dll
2012-10-07 20:11 . 2012-10-07 20:11        --------        d-----w-        C:\_OTL
2012-10-05 18:19 . 2012-10-05 18:19        --------        d-----w-        c:\program files\ESET
2012-09-10 17:49 . 2012-09-10 17:49        477168        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-09-10 17:49 . 2012-09-10 17:49        --------        d-----w-        c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-10 17:49 . 2010-09-29 17:02        473072        ----a-w-        c:\windows\system32\deployJava1.dll
2012-09-07 15:04 . 2011-01-17 18:44        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-09-03 17:32 . 2012-03-31 15:40        696520        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-09-03 17:32 . 2011-05-19 05:54        73416        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 21:08 . 2012-08-30 21:08        6656        ----a-r-        c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"EaseUs Watch"="c:\program files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-04-30 1086760]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54        551296        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
backup=c:\windows\pss\Server4PC.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 13:21        2213160        ----a-w-        c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57        153136        ----a-w-        c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2006-10-04 15:41        86016        ----a-w-        c:\magix\Video_deluxe_2007_PLUS\Trayserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
.
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 17:32]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 16:57]
.
2012-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 16:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-IMBooster - c:\program files\Iminent\IMBooster\imbooster.exe
AddRemove-Worms2 - c:\windows\IsUn0407.exe
AddRemove-UnityWebPlayer - c:\users\Stefan\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-08 07:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1524)
c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\EASEUS\Todo Backup 2.0\bin\Agent.exe
c:\program files\Motorola\MotoHelper\MotoHelperService.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-08  07:15:47 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-08 05:15
.
Vor Suchlauf: 16 Verzeichnis(se), 120.038.522.880 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 126.102.495.232 Bytes frei
.
- - End Of File - - AE193780CBFBCE4E1A38995DC0C99E97

cosinus 08.10.2012 11:36
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Dirlook::
c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}

Filelook::
c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

StefHei 08.10.2012 19:13
Hallo!

Nach dem Start erhalte ich folgende Meldung, dann bricht das Programm ab.

Zitat:
CFSript Namensfehler

Hast Du versucht, CFScript auszuführen?

Der Name, CFSript scheint nicht korrekt buchstabiert zu sein.

cosinus 09.10.2012 10:39
Zitat:
Der Name, CFSript scheint nicht korrekt buchstabiert zu sein.
Es heißt CFScript.txt und nicht CFSript :pfeiff:

StefHei 09.10.2012 18:36
Kein Problem, das tut meiner begeisterung über diesen Service hier keinen Abbruch!

Die Datei heißt log.txt, aber ich denke, die ist gemeint...

Code:
ComboFix 12-10-09.01 - Stefan 09.10.2012  19:20:36.1.2 - x86
ausgeführt von:: c:\users\Stefan\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Stefan\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-09 bis 2012-10-09  ))))))))))))))))))))))))))))))
.
.
2012-10-09 17:31 . 2012-10-09 17:31        --------        d-----w-        c:\users\Stefan\AppData\Local\temp
2012-10-09 17:31 . 2012-10-09 17:31        --------        d-----w-        c:\users\Mika\AppData\Local\temp
2012-10-09 17:31 . 2012-10-09 17:31        --------        d-----w-        c:\users\Marek\AppData\Local\temp
2012-10-09 17:31 . 2012-10-09 17:31        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-09 17:31 . 2012-10-09 17:31        --------        d-----w-        c:\users\Alexandra\AppData\Local\temp
2012-10-07 21:11 . 2008-01-19 05:48        1291264        ----a-w-        c:\windows\system32\comres.dll
2012-10-07 20:11 . 2012-10-07 20:11        --------        d-----w-        C:\_OTL
2012-10-05 18:19 . 2012-10-05 18:19        --------        d-----w-        c:\program files\ESET
2012-09-10 17:49 . 2012-09-10 17:49        477168        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-09-10 17:49 . 2012-09-10 17:49        --------        d-----w-        c:\program files\Java
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 19:06 . 2012-03-31 15:40        696760        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-10-08 19:06 . 2011-05-19 05:54        73656        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-10 17:49 . 2010-09-29 17:02        473072        ----a-w-        c:\windows\system32\deployJava1.dll
2012-09-07 15:04 . 2011-01-17 18:44        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-30 21:08 . 2012-08-30 21:08        6656        ----a-r-        c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 6656
Created time: 2012-08-30 21:08
Modified time: 2012-08-30 21:08
MD5: 7E5E80A7E78D6C6C181E1ED23E57FD06
SHA1: 54D55F37FD9ACC06E7474FFC72F2EB5A3E9E677E
.
---- Directory of c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98} ----
.
2012-08-30 21:08 . 2012-08-30 21:08        6656        ----a-r-        c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36        94208        ----a-w-        c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-26 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-11-14 4706304]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-14 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-14 81920]
"EaseUs Watch"="c:\program files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe" [2011-01-22 69000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-04-30 1086760]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54        551296        ----a-w-        c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Server4PC.lnk
backup=c:\windows\pss\Server4PC.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 13:21        2213160        ----a-w-        c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 13:57        153136        ----a-w-        c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2006-10-04 15:41        86016        ----a-w-        c:\magix\Video_deluxe_2007_PLUS\Trayserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
.
R3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:06]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 16:57]
.
2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-15 16:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mSearch Bar = hxxp://www.google.com/ie
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Stefan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.178.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-09 19:31
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5460)
c:\users\Stefan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2012-10-09  19:34:02
ComboFix-quarantined-files.txt  2012-10-09 17:34
ComboFix2.txt  2012-10-08 05:15
.
Vor Suchlauf: 19 Verzeichnis(se), 122.669.768.704 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 122.703.675.392 Bytes frei
.
- - End Of File - - 34958095763F88146474D56E6649323A

cosinus 09.10.2012 19:14
Code:
c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{9DBDBDAB-E729-451E-A7A7-858607C08E98}\zacman.exe
Bitte diese Datei bei Virustotal auswerten lassen und den Ergebnislink posten. Falls Du die Datei nicht siehst, musst Du sie evtl. vorher sichtbar machen.
Wenn die Datei schon ausgewertet sein sollte, bitte eine weitere Auswertung starten.

StefHei 09.10.2012 19:41
https://www.virustotal.com/file/6af6f4e69e9e509a41df3ab89f1abc1c139b199aa6631852590a7f6d6a296e9c/analysis/1349807951/

cosinus 09.10.2012 20:00
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

StefHei 09.10.2012 22:06
Zunächst Gmer:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-09 23:03:53
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005b ST350083 rev.3.AA
Running: j7r0yzdj.exe; Driver: C:\Users\Stefan\AppData\Local\Temp\ugdiqpob.sys


---- System - GMER 1.0.15 ----

SSDT            8DE9F546                                                                                                    ZwCreateSection
SSDT            8DE9F550                                                                                                    ZwRequestWaitReplyPort
SSDT            8DE9F54B                                                                                                    ZwSetContextThread
SSDT            8DE9F555                                                                                                    ZwSetSecurityObject
SSDT            8DE9F55A                                                                                                    ZwSystemDebugControl
SSDT            \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS                                                          ZwTerminateProcess [0x8E629640]

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetEvent + 215                                                                                82EAC8D8 4 Bytes  [46, F5, E9, 8D]
.text          ntkrnlpa.exe!KeSetEvent + 539                                                                                82EACBFC 4 Bytes  [50, F5, E9, 8D]
.text          ntkrnlpa.exe!KeSetEvent + 56D                                                                                82EACC30 4 Bytes  [4B, F5, E9, 8D]
.text          ntkrnlpa.exe!KeSetEvent + 5D1                                                                                82EACC94 4 Bytes  [55, F5, E9, 8D]
.text          ntkrnlpa.exe!KeSetEvent + 619                                                                                82EACCDC 4 Bytes  [5A, F5, E9, 8D]
.text          ...                                                                                                         
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                    section is writeable [0x8D005340, 0x39ED97, 0xE8000020]
.text          C:\Windows\system32\drivers\ACEDRV07.sys                                                                    section is writeable [0x9C604000, 0x328BA, 0xE8000020]
.pklstb        C:\Windows\system32\drivers\ACEDRV07.sys                                                                    entry point in ".pklstb" section [0x9C648000]
.relo2          C:\Windows\system32\drivers\ACEDRV07.sys                                                                    unknown last section [0x9C664000, 0x8E, 0x42000040]
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                      section is writeable [0x9F512300, 0x3AF78, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                      section is writeable [0x9F555300, 0x1BCE, 0xE8000020]
?              C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                  Das System kann die angegebene Datei nicht finden. !
?              C:\Users\Stefan\AppData\Local\Temp\catchme.sys                                                              Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusShutdown]                        [73F97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCloneImage]                        [73FDB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDrawImageRectI]                    [73F9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetInterpolationMode]              [73F8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdiplusStartup]                        [73F975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateFromHDC]                      [73F8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]          [73FC73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]            [73F9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageHeight]                    [73F8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipGetImageWidth]                      [73F8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDisposeImage]                      [73F871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]              [7401CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                  [73FBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipDeleteGraphics]                    [73F8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipFree]                              [73F86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipAlloc]                              [73F8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.exe[5460] @ C:\Windows\Explorer.exe [gdiplus.dll!GdipSetCompositingMode]                [73F92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device                                                                                                                      Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
Device                                                                                                                      fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy1                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy2                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy3                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy4                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy5                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy6                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy7                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy8                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy9                                                            eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                      eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                      eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                      eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                      eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                      eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy10                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy11                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy12                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy13                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy20                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy14                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy21                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy22                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy15                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy23                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy16                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy24                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy17                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy25                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy18                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy26                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy19                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy27                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy28                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy29                                                          eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice                                                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158307cde2                                 
Reg            HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00158307cde2 (not active ControlSet)             
Reg            HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@\24!s!\24!y!c!`!s!i!\22!t!t!\22!i!c!s!j!  19583823

---- EOF - GMER 1.0.15 ----

StefHei 09.10.2012 22:12
Und hier die Osam.log

StefHei 10.10.2012 05:35
Und noch die die aswmbr.txt

cosinus 10.10.2012 12:36
Warum denn in den Anhang?!

Die Logs bitte nur in den Anhang (gezippt) legen, wenn sie zu groß sind um direkt gepostet zu werden!
Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher übersichtlicher und man spart sich ne Menge Rumklickerei

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

StefHei 10.10.2012 19:45
`Tschuldigung, da habe ich nicht drüber nachgedacht :stirn:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:10:14 on 09.10.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Unable to get information

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"CplMCDec.cpl" - "MainConcept AG" - C:\Windows\system32\CplMCDec.cpl
"Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CplMCDec" - "MainConcept AG" - C:\Windows\System32\CplMCDec.cpl
"CplMCDec_x86" - ? - C:\Windows\SysWOW64\CplMCDec.cpl  (File not found)
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"Nero BackItUp and BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero BackItUp & Burn\Nero BurnRights\NeroBurnRights_bb.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV07.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Stefan\AppData\Local\Temp\catchme.sys  (File not found)
"Dynamically loaded UxdDrv" (uxddrv) - ? - E:\DIAGNOSE\WSTGER\uxddrv.sys  (File not found)
"EUBAKUP" (EUBAKUP) - "CHENGDU YIWO Tech Development Co., Ltd" - C:\Windows\System32\drivers\eubakup.sys
"EUDSKACS" (EUDSKACS) - "CHENGDU YIWO Tech Development Co., Ltd" - C:\Windows\system32\drivers\eudskacs.sys
"EUFS" (EUFS) - "CHENGDU YIWO Tech Development Co., Ltd" - C:\Windows\System32\drivers\eufs.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"Logitech HD Webcam C270(UVC)" (LVUVC) - "Logitech Inc." - C:\Windows\System32\DRIVERS\lvuvc.sys
"Logitech RightSound Filter Driver" (LVRS) - "Logitech Inc." - C:\Windows\System32\DRIVERS\lvrs.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ugdiqpob" (ugdiqpob) - ? - C:\Users\Stefan\AppData\Local\Temp\ugdiqpob.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} "CorelDRAW Shell Extension Component" - "Corel Corporation" - C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{097102B5-B85D-947E-1FAC-91A86E47930F} "{097102B5-B85D-947E-1FAC-91A86E47930F}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} "A9Helper.A9" - ? - C:\Windows\Downloaded Program Files\A9.ocx / file:///E:/components/A9.ocx
{6678BE91-1E04-4A4A-9C32-63145EA79C2A} "EAFO3AXLauncher Control" - "Electronic Arts Inc." - C:\Windows\DOWNLO~1\EAFO3A~1.OCX / hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
{22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} "HidInputMonitorX Control" - "TODO: <Company name>" - C:\Windows\DOWNLO~1\HIDINP~1.OCX / file:///E:/components/hidinputmonitorx.ocx
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
{34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} "JordanUploader Class" - "IPLabs GmbH" - C:\Windows\Downloaded Program Files\JordanApplet.dll / hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
{F27237D7-93C8-44C2-AC6E-D6057B9A918F} "JuniperSetupClientControl Class" - "Juniper Networks" - C:\Windows\Downloaded Program Files\JuniperSetupClient.ocx / https://seva.f-i.de/dana-cached/sc/JuniperSetupClient.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} "MUWebControl Class" - "Microsoft Corporation" - C:\Windows\system32\muweb.dll / hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231834711663
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{7030CC6C-1A88-4591-BB5A-651B9F7F0C30} "WMVHDRatingCtrl Class" - ? - C:\Windows\Downloaded Program Files\wmvhdrating.ocx / file:///E:/components/wmvhdrating.ocx
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204  (File not found)
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
"EvernoteClipper.lnk" - "Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041" - C:\Program Files\Evernote\Evernote\EvernoteClipper.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"SUPERAntiSpyware" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"EaseUs Watch" - "CHENGDU YIWO Tech Development Co., Ltd" - "C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"
"LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
"NBAgent" - "Nero AG" - "C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"toolbar_eula_launcher" - " " - C:\Program Files\GoogleEULA\EULALauncher.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"AAV UpdateService" (AAV UpdateService) - ? - C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"EASEUS Agent" (EASEUS Agent) - "CHENGDU YIWO Tech Development Co., Ltd" - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleDesktopManager" (GoogleDesktopManager) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
"Macromedia Licensing Service" (Macromedia Licensing Service) - ? - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MotoHelper Service" (MotoHelper) - ? - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"SAS Core Service" (!SASCORE) - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"UMVPFSrv" (UMVPFSrv) - "Logitech Inc." - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 23:13:18
-----------------------------
23:13:18.881    OS Version: Windows 6.0.6002 Service Pack 2
23:13:18.881    Number of processors: 2 586 0xF0B
23:13:18.881    ComputerName: STEFAN-PC  UserName: Stefan
23:13:20.862    Initialize success
23:14:27.201    AVAST engine defs: 12100901
23:14:45.953    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
23:14:45.953    Disk 0 Vendor: ST350083 3.AA Size: 476940MB BusType: 6
23:14:46.155    Disk 0 MBR read successfully
23:14:46.171    Disk 0 MBR scan
23:14:46.171    Disk 0 Windows VISTA default MBR code
23:14:46.171    Disk 0 Partition - 00    0F Extended LBA            20646 MB offset 934484985
23:14:46.233    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      456291 MB offset 63
23:14:46.405    Disk 0 Partition 2 00    0B        FAT32 MSDOS5.0    20646 MB offset 934485048
23:14:46.530    Disk 0 scanning sectors +976768065
23:14:47.123    Disk 0 scanning C:\Windows\system32\drivers
23:16:21.471    Service scanning
23:16:41.174    Service uxddrv E:\DIAGNOSE\WSTGER\uxddrv.sys **LOCKED** 21
23:16:44.622    Modules scanning
23:18:54.507    Disk 0 trace - called modules:
23:18:54.601    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
23:18:54.617    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b55878]
23:18:54.617    3 CLASSPNP.SYS[88db68b3] -> nt!IofCallDriver -> [0x85484db8]
23:18:54.632    5 acpi.sys[8069c6bc] -> nt!IofCallDriver -> \Device\0000005b[0x85e13950]
23:18:55.818    AVAST engine scan C:\Windows
23:25:19.219    AVAST engine scan C:\Windows\system32
23:50:08.660    AVAST engine scan C:\Windows\system32\drivers
00:00:23.940    AVAST engine scan C:\Users\Stefan
00:56:28.080    AVAST engine scan C:\ProgramData
01:20:51.001    Scan finished successfully
06:35:06.394    Disk 0 MBR has been saved successfully to "C:\Users\Stefan\Desktop\MBR.dat"
06:35:06.394    The log file has been saved successfully to "C:\Users\Stefan\Desktop\aswMBR.txt"

cosinus 11.10.2012 12:46
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

StefHei 11.10.2012 21:49
Malewarebytes:

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.11.11

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Stefan :: STEFAN-PC [Administrator]

11.10.2012 18:17:24
mbam-log-2012-10-11 (18-17-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 538301
Laufzeit: 2 Stunde(n), 45 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
SUPERAntiSpyware:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/11/2012 at 11:09 PM

Application Version : 5.5.1022

Core Rules Database Version : 9388
Trace Rules Database Version: 7200

Scan type      : Complete Scan
Total Scan Time : 00:17:03

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 699
Memory threats detected  : 0
Registry items scanned    : 40512
Registry threats detected : 0
File items scanned        : 10512
File threats detected    : 23

Adware.Tracking Cookie
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\6OJA1Q9V.txt [ Cookie:alexandra@imrworldwide.com/cgi-bin ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\WO5118QR.txt [ Cookie:alexandra@track.adform.net/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\DX40TTFW.txt [ Cookie:alexandra@fastclick.net/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\8CDYRANG.txt [ Cookie:alexandra@adfarm1.adition.com/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\3W3K908S.txt [ Cookie:alexandra@apmebf.com/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\TKL0QLBV.txt [ Cookie:alexandra@adform.net/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\6LDZDWVE.txt [ Cookie:alexandra@www.zanox-affiliate.de/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\0GKJ1MX5.txt [ Cookie:alexandra@zanox-affiliate.de/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\NJJZ92JX.txt [ Cookie:alexandra@www.etracker.de/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\ESWCMICV.txt [ Cookie:alexandra@doubleclick.net/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\KQJMZTUM.txt [ Cookie:alexandra@atdmt.com/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\V2FDKMQ8.txt [ Cookie:alexandra@de.sitestat.com/haba/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8OUS380X.txt [ Cookie:alexandra@accounts.google.com/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\U7I3KDG2.txt [ Cookie:alexandra@www.googleadservices.com/pagead/conversion/1046473493/ ]
        C:\USERS\ALEXANDRA\AppData\Roaming\Microsoft\Windows\Cookies\Low\8X4ICPVB.txt [ Cookie:alexandra@de.sitestat.com/haba/jako-o-de/ ]
        C:\USERS\ALEXANDRA\Cookies\6OJA1Q9V.txt [ Cookie:alexandra@imrworldwide.com/cgi-bin ]
        C:\USERS\ALEXANDRA\Cookies\WO5118QR.txt [ Cookie:alexandra@track.adform.net/ ]
        C:\USERS\ALEXANDRA\Cookies\DX40TTFW.txt [ Cookie:alexandra@fastclick.net/ ]
        C:\USERS\ALEXANDRA\Cookies\8CDYRANG.txt [ Cookie:alexandra@adfarm1.adition.com/ ]
        C:\USERS\ALEXANDRA\Cookies\3W3K908S.txt [ Cookie:alexandra@apmebf.com/ ]
        C:\USERS\ALEXANDRA\Cookies\TKL0QLBV.txt [ Cookie:alexandra@adform.net/ ]
        C:\USERS\ALEXANDRA\Cookies\6LDZDWVE.txt [ Cookie:alexandra@www.zanox-affiliate.de/ ]
        C:\USERS\ALEXANDRA\Cookies\0GKJ1MX5.txt [ Cookie:alexandra@zanox-affiliate.de/ ]

cosinus 12.10.2012 11:59
Code:
UAC On - Limited User
Wie hast du sasw gestartet? Einfach per Doppelklick? Oder so wie es in der Anleitung steht?

Zitat:
Zitat von cosinus (Beitrag 324870)
Teil 2: Programm ausführen
Das Programm wurde nun installiert, eine Verknüpfung auf dem Desktop sollte erstellt worden sein. Nachdem du es gestartet hast, wird es sich erstmalig beim Updateserver nach neuen Schädlingssignaturen umsehen und Updates installieren. Diesen Vorgang NICHT abbrechen!

Benutzer mit Windows Vista und Windows 7 starten das Tool bitte wieder per Rechtsklick => als Administrator ausführen!

StefHei 12.10.2012 12:12
Per Doppelklick! Das Prog hatte ich schon länger auf dem Rechner. Vorher habe ich es aktualisiert. War das falsch? Soll ich nochmal gem. Anleitung starten?

cosinus 12.10.2012 14:37
Zitat:
War das falsch? Soll ich nochmal gem. Anleitung starten?
Diese Fragen sind nicht dein Ernst oder :balla:
Meinst du es steht nur zur Dekoration so in der Anleitung? Natürlich sollst du so handeln wie es in der Anleitung steht - sry für diesen direkt Ton, aber ich reagier ein wenig allergisch darauf, wenn man sich die größte Mühe macht beim Erstellen der Anleitungen und diese werden dann nur halbherzig gelesen und/oder falsch umgesetzt :(

StefHei 12.10.2012 15:08
Ok, Deine Kritik ist angekommen.

Was soll ich jetzt tun?

cosinus 12.10.2012 17:27
Worüber reden wir denn die ganze Zeit :confused: wie sollst du sasw gleich nochmal ausführen?

StefHei 13.10.2012 03:00
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/13/2012 at 03:25 AM

Application Version : 5.6.1010

Core Rules Database Version : 9397
Trace Rules Database Version: 7209

Scan type      : Complete Scan
Total Scan Time : 03:38:49

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 712
Memory threats detected  : 0
Registry items scanned    : 40513
Registry threats detected : 0
File items scanned        : 251601
File threats detected    : 49

Adware.Tracking Cookie
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ALEXANDRA@ADS5.WWE[2].TXT [ /ADS5.WWE ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@TRACK.WEBGAINS[1].TXT [ /TRACK.WEBGAINS ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@XITI[1].TXT [ /XITI ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@EYEWONDER[1].TXT [ /EYEWONDER ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@MICROSOFTMACHINETRANSLATION.112.2O7[1].TXT [ /MICROSOFTMACHINETRANSLATION.112.2O7 ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@ZBOX.ZANOX[1].TXT [ /ZBOX.ZANOX ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@TRACKING.MINDSHARE[2].TXT [ /TRACKING.MINDSHARE ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@HIMEDIA.INDIVIDUAD[1].TXT [ /HIMEDIA.INDIVIDUAD ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@AD.ZEDMOBIL[2].TXT [ /AD.ZEDMOBIL ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@AD.PORTA.EOL[2].TXT [ /AD.PORTA.EOL ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@AD.ADITION[1].TXT [ /AD.ADITION ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@COLLECTIVE-MEDIA[2].TXT [ /COLLECTIVE-MEDIA ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@TRAFFICMP[1].TXT [ /TRAFFICMP ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@MEDIA.ADREVOLVER[2].TXT [ /MEDIA.ADREVOLVER ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@ADS20.WWE-MEDIA[2].TXT [ /ADS20.WWE-MEDIA ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@ADS.NET2DAY[2].TXT [ /ADS.NET2DAY ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@GUJ.122.2O7[1].TXT [ /GUJ.122.2O7 ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@AD.71I[1].TXT [ /AD.71I ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@ADVIVA[1].TXT [ /ADVIVA ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@ADS.CLUBPORTAL[1].TXT [ /ADS.CLUBPORTAL ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@WWW.ACTIVE-TRACKING[1].TXT [ /WWW.ACTIVE-TRACKING ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@OVERTURE[1].TXT [ /OVERTURE ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@AD.BEEPWORLD[2].TXT [ /AD.BEEPWORLD ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@TRACK.EFFILIATION[1].TXT [ /TRACK.EFFILIATION ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@DMTRACKER[1].TXT [ /DMTRACKER ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@ADS.UNDERTONE[2].TXT [ /ADS.UNDERTONE ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@TRAFFICTRACK[2].TXT [ /TRAFFICTRACK ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@AD.CHIP[1].TXT [ /AD.CHIP ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@AD1.CHEFKOCH[2].TXT [ /AD1.CHEFKOCH ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@YADRO[1].TXT [ /YADRO ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@AD.LANDWIRT[2].TXT [ /AD.LANDWIRT ]
        C:\USERS\ALEXANDRA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ALEXANDRA@ROTATOR.ADJUGGLER[1].TXT [ /ROTATOR.ADJUGGLER ]
        C:\USERS\MAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAREK@SEVENONEINTERMEDIA.112.2O7[1].TXT [ /SEVENONEINTERMEDIA.112.2O7 ]
        C:\USERS\MAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAREK@AD.SALEBROKER[2].TXT [ /AD.SALEBROKER ]
        C:\USERS\MAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAREK@WWW.ZANOX-AFFILIATE[2].TXT [ /WWW.ZANOX-AFFILIATE ]
        C:\USERS\MAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAREK@INDEXTOOLS[2].TXT [ /INDEXTOOLS ]
        C:\USERS\MAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAREK@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
        C:\USERS\MAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAREK@AD.ZEDMOBIL[2].TXT [ /AD.ZEDMOBIL ]
        C:\USERS\MAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAREK@AD1.KING[2].TXT [ /AD1.KING ]
        C:\USERS\MAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAREK@ADS.AD4GAME[2].TXT [ /ADS.AD4GAME ]
        C:\USERS\MAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAREK@ADS.BRANDWIRE[1].TXT [ /ADS.BRANDWIRE ]
        C:\USERS\MAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAREK@ADS.HEIAS[1].TXT [ /ADS.HEIAS ]
        C:\USERS\MAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAREK@ADVERTISING[1].TXT [ /ADVERTISING ]
        C:\USERS\MAREK\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MAREK@ADOPT.EUROCLICK[2].TXT [ /ADOPT.EUROCLICK ]
        C:\USERS\MIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MIKA@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
        C:\USERS\MIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MIKA@SERVING-SYS[2].TXT [ /SERVING-SYS ]
        C:\USERS\MIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MIKA@TRACK.ADFORM[2].TXT [ /TRACK.ADFORM ]
        C:\USERS\MIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MIKA@DOUBLECLICK[3].TXT [ /DOUBLECLICK ]

cosinus 13.10.2012 16:10
Sieht ok aus, da wurden nur Cookies gefunden, die können alle weg.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

StefHei 15.10.2012 09:02
Mein PC läuft stabil, weitere Funde kann ich nicht bestätigen. Allerdings bleibt mein Problem aus meinem Eröffnungsposting bestehen:

Zitat:
Auf einigen von mir ins Netz gestellten Webseiten wird der Aufruf mit der Meldung über den trojaner "Troj/JSRedir-HZ" abgewiesen. Dies ist nur an meinem PC beim Arbeitgeber der Fall. Zu Hause kommen keine solchen Meldungen. Ein Online-Scan der Webseiten über "labs.sucuri.net" ergibt folgenden Fund: "MW:JS:JJ677". Um sicher zu sein, dass die Ursache nicht bei meinem Heimrechner liegt, poste ich das Problem hier.
...und damit auch #9:

Zitat:
Mein Problem ist vielmehr der "Befall" meiner Internetseiten. Da wäre mir auch wichtig, wie ich mich am Ende verhalten soll. Löschen der Dateien auf dem Host und Hochladen der lokalen Dateien oder wie?
Hast Du Da eine Empfehlung bzw. einen Tipp?

Die Fehlermeldung meines Rechners bei der Arbeit stelle ich als Dateianhang ein.

Vielen Dank aber schonmal für den Rest, ich habe jetzt bzgl. meines PC wieder ein gutes Gefühl und irgendwie ist er auch wieder schneller geworden (zumindest "gefühlt").

StefHei 15.10.2012 09:05
Liste der Anhänge anzeigen (Anzahl: 1)
Hier noch die oben erwähnte Meldung!

cosinus 15.10.2012 15:03
Nunja, dein womöglich kompromittierter Webserver ist eigentlich ne ganz andere Baustelle. Mach dazu mal ein neues Thema auf, dein Rechner hier wurde ja bereinigt

Ansonsten ist der PC jetzt sowie wieder in Ordnung?

StefHei 15.10.2012 18:58
Wie gesagt:

Zitat:
Mein PC läuft stabil, weitere Funde kann ich nicht bestätigen.
Zitat:
...ich habe jetzt bzgl. meines PC wieder ein gutes Gefühl und irgendwie ist er auch wieder schneller geworden (zumindest "gefühlt").
Vielen Dank ;-)))

cosinus 15.10.2012 20:50
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:19 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131