Der Facebook- Virus scheint entfernt zu sein- ist dieser jedoch wirklich weg?

horst2011 · 13.10.2011, 15:26

Hallo zusammen,
leider war ich so naiv und klickte auf ein Link, den mir jemand auf Facebook zugeschickt hatte. Es waren nicht die Partybilder des letzten Wochenendes, sondern der Facebook- Virus. Richtig ist jedoch, dass es ein Wurm war/ist. Mein Microsoft Security Essential (werde dies hier mit MSE abkürzen) zeigte keine infizierten Objekte an.
Mein MSN- Messanger öffnete sich daraufhin ständig. Des weiteren war zu dem Zeitpunkt mein USB- Stick angeschlossen. Alle Dateien wurden nun als Verknüpfung angezeigt- konnte sie jedoch nicht öffnen. Nachdem ich den Rechner rebootet hatte, kam eine Warnung vom MSE: Worm: Win32/Phorpiex.b
und der Ordner mit einer exe- Datei: C:\Users\Martin\M-1-52-5782-8752-5245\winsvc.exe.
Ich konnte zwar auf den Ordner manuell zugreifen durch einen Eintrag in der oberen Leiste des Explorer. Jedoch erschien dieser nicht als Ordner in meinem User- Ordner. Auch die Datei lag nicht in diesem Ordner (Habe alle versteckten Objekte anzeigen lassen). Über MSE klickte ich auf entfernen um den Wurm zu beseitigen. Beim Rebooten erschien die Meldung jedoch noch einmal. Nach einem weiteren "Entfernen"- Klick und einem weiteren Rebooten schien alles wieder zu funktionieren. Meinen USB- Stick hatte ich ja auch infiziert. MSE hat dies erkannt, sodass ich diesen daraufhin formatiert habe. Seitdem funktioniert dieser wieder einwandfrei. MSN- Messanger öffnet sich nicht mehr und sonst scheint alles stabil zu laufen. Jedoch bin ich mir sehr unsicher, ob dieser Wurm trotzallem noch in meinem System vorhanden ist. Ich habe Malwarebyte durchlaufen lassen:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7929

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.10.2011 20:36:54
mbam-log-2011-10-12 (20-36-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|)
Durchsuchte Objekte: 425599
Laufzeit: 3 Stunde(n), 12 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Somit hat dieser nichts gefunden.

Weiter ließ ich OTL laufen:

Code:

ATTFilter

OTL logfile created on: 12.10.2011 16:39:55 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Martin\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,18 Gb Available Physical Memory | 39,28% Memory free
5,99 Gb Paging File | 4,59 Gb Available in Paging File | 76,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 79,92 Gb Free Space | 34,33% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.12 16:38:47 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
PRC - [2011.10.12 16:15:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.08.31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 13:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.08.03 13:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.01 00:29:20 | 000,232,104 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2010.11.30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2010.11.11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2009.10.18 13:18:42 | 003,438,592 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009.10.18 13:18:32 | 003,521,024 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.03.25 15:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.12 16:15:49 | 001,833,944 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.09.05 19:59:31 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (Tomcat6)
SRV - File not found [Disabled | Stopped] --  -- (ICQ Service)
SRV - File not found [Disabled | Stopped] --  -- (gupdatem) Google Update-Dienst (gupdatem)
SRV - File not found [Disabled | Stopped] --  -- (gupdate) Google Update Service (gupdate)
SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.10 02:07:10 | 000,083,456 | ---- | M] () [Auto | Stopped] -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\extensions\startup.service@mozilla.com\svc.exe -- (Firefox Service)
SRV - [2011.02.11 17:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.11.11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.18 13:18:32 | 003,521,024 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.30 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009.04.07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009.03.26 23:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009.03.26 23:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009.03.26 23:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008.12.01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.10.12 16:36:13 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.10.12 16:14:53 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA2553AC-144C-47A5-96A1-79D28329F12A}\MpKsle39e1365.sys -- (MpKsle39e1365)
DRV - [2011.10.12 07:32:40 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA2553AC-144C-47A5-96A1-79D28329F12A}\MpKsl2786db03.sys -- (MpKsl2786db03)
DRV - [2011.08.03 13:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.05.10 11:41:28 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.05.02 10:03:15 | 000,073,176 | ---- | M] (Safend Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\Spfd.sys -- (Spfd)
DRV - [2011.05.02 10:03:15 | 000,032,088 | ---- | M] (Safend Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\SpfdBus.sys -- (SpfdBus)
DRV - [2011.02.11 17:27:37 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.01.19 12:28:11 | 007,087,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2010.10.29 23:11:08 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.10.24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.10.24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.10.01 22:35:19 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.10.01 22:34:47 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.10.01 22:34:47 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.04.09 09:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.29 11:15:36 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2010.03.25 04:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.01.18 12:48:42 | 000,027,136 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2009.10.18 13:18:22 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2009.10.18 12:25:56 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.09.15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.08.31 12:41:50 | 000,044,544 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.05.21 18:24:44 | 000,021,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009.04.30 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009.04.07 15:33:08 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009.04.07 15:33:08 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009.03.26 23:05:36 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009.03.26 23:05:36 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009.03.26 23:05:34 | 000,857,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009.03.26 23:05:34 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009.03.26 23:05:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009.03.26 17:31:12 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009.03.26 17:31:12 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009.03.26 17:31:12 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008.12.01 11:47:08 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (Int15)
DRV - [2004.03.24 04:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nsndis5.sys -- (NSNDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gbt.toolbarhome.com/?hp=df
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 05 1D E6 6F 69 CB 01  [binary data]
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "hxxp://gbt.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.backup.ftp: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.backup.ftp_port: 8051
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.backup.socks_port: 8051
FF - prefs.js..network.proxy.backup.ssl: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.backup.ssl_port: 8051
FF - prefs.js..network.proxy.ftp: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.ftp_port: 8051
FF - prefs.js..network.proxy.gopher: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.gopher_port: 8051
FF - prefs.js..network.proxy.http: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.http_port: 8051
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.socks_port: 8051
FF - prefs.js..network.proxy.ssl: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.ssl_port: 8051
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.15 15:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.15 15:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.06.15 14:12:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.12 16:15:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.29 18:43:10 | 000,000,000 | ---D | M]
 
[2010.05.02 21:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2010.05.02 21:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.10.05 19:20:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\xva6311x.default\extensions
[2011.10.05 19:20:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\xva6311x.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.04.15 10:29:43 | 000,000,000 | ---D | M] (startup.service) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\xva6311x.default\extensions\startup.service@mozilla.com
[2011.10.06 20:36:15 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-1.xml
[2011.05.02 13:10:04 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-2.xml
[2011.05.17 13:49:51 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-3.xml
[2011.06.29 16:59:54 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-4.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin.xml
[2011.06.14 15:37:45 | 000,001,578 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\web-search.xml
[2011.06.14 13:36:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.15 23:59:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.14 21:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.07 19:41:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 22:48:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.28 19:48:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 13:40:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVA6311X.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVA6311X.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVA6311X.DEFAULT\EXTENSIONS\EXTERNALIP@ERIK.MORLIN.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVA6311X.DEFAULT\EXTENSIONS\NEWTABURL@SOGAME.CAT.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVA6311X.DEFAULT\EXTENSIONS\SPEEDTEST@GOTOMYHELP.COM.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVA6311X.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2011.10.12 16:15:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.26 13:40:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.02.01 00:28:22 | 000,001,110 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adaradar.xml
[2011.10.12 16:15:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.12 16:15:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.12 16:15:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.12 16:15:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.12 16:15:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.12 16:15:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.15 14:35:29 | 000,002,084 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 hh-software.com
O1 - Hosts: 18 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1105171349\ICQToolBar.dll File not found
O3 - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\..\Toolbar\WebBrowser: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll File not found
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-741742400-3053364637-1879691283-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4931F96-242E-470B-88F1-49A416556CE8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\gameboxchrome {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files\GameBox\gamebox_toolbar.dll File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programme\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0989911e-8d08-11e0-acba-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0989911e-8d08-11e0-acba-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{09eea040-ceb7-11de-8517-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{09eea040-ceb7-11de-8517-001e68ee3907}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{09eea045-ceb7-11de-8517-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{09eea045-ceb7-11de-8517-001e68ee3907}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{09eea076-ceb7-11de-8517-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{09eea076-ceb7-11de-8517-001e68ee3907}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{09eea07a-ceb7-11de-8517-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{09eea07a-ceb7-11de-8517-001e68ee3907}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0b587ff4-9417-11df-80ab-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0b587ff4-9417-11df-80ab-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0b587ff6-9417-11df-80ab-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0b587ff6-9417-11df-80ab-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{18652498-b695-11df-95e8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{18652498-b695-11df-95e8-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2001cec6-b9e9-11df-95d4-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2001cec6-b9e9-11df-95d4-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{27973ddf-9844-11e0-9803-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{27973ddf-9844-11e0-9803-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f73-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f73-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f74-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f74-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f81-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f81-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f83-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f83-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f85-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f85-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3e826a67-8781-11e0-9594-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{3e826a67-8781-11e0-9594-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3e826a77-8781-11e0-9594-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{3e826a77-8781-11e0-9594-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f46-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f46-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f49-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f49-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f4b-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f4b-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f4d-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f4d-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f9e-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f9e-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{47e043b7-5b6b-11df-bcc8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{47e043b7-5b6b-11df-bcc8-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{47e043ba-5b6b-11df-bcc8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{47e043ba-5b6b-11df-bcc8-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a0f6685-6128-11e0-9628-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{4a0f6685-6128-11e0-9628-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a0f6687-6128-11e0-9628-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{4a0f6687-6128-11e0-9628-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a0f6689-6128-11e0-9628-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{4a0f6689-6128-11e0-9628-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4d01886a-13e6-11df-809d-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{4d01886a-13e6-11df-809d-001e68ee3907}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{84cfc920-613d-11e0-96ef-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{84cfc920-613d-11e0-96ef-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8690d100-e693-11de-bc73-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{8690d100-e693-11de-bc73-001e68ee3907}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{c418366d-98d1-11df-bc37-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{c418366d-98d1-11df-bc37-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6a7de2f-5f77-11df-ba1a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a7de2f-5f77-11df-ba1a-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6a7de3b-5f77-11df-ba1a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a7de3b-5f77-11df-ba1a-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6a7de53-5f77-11df-ba1a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a7de53-5f77-11df-ba1a-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6a7de63-5f77-11df-ba1a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a7de63-5f77-11df-ba1a-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{eba65976-98cd-11e0-ad1b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{eba65976-98cd-11e0-ad1b-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.12 16:38:33 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2011.10.12 16:36:06 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.10.12 16:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.12 16:35:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.12 16:32:32 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Martin\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.11 22:53:13 | 000,000,000 | RHSD | C] -- C:\Users\Martin\M-1-52-5782-8752-5245
[2011.10.11 21:31:35 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2011.10.11 21:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.11 21:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.10 20:50:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\NVIDIA
[2011.10.10 20:32:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Facebook
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.12 16:38:47 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2011.10.12 16:36:13 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.10.12 16:35:45 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.12 16:32:53 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Martin\Desktop\mbam-setup-1.51.2.1300.exe
[2011.10.12 16:19:59 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.12 16:19:59 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.12 16:16:10 | 000,002,566 | ---- | M] () -- C:\Users\Martin\Desktop\Faster Firefox.lnk
[2011.10.12 16:15:02 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.12 16:14:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.12 16:14:35 | 2411,884,544 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.12 06:57:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.04 20:03:36 | 000,112,215 | ---- | M] () -- C:\Users\Martin\Documents\ausweise.jpg
[2011.10.04 20:02:53 | 000,084,196 | ---- | M] () -- C:\Users\Martin\Documents\Studiennachweis_ws_2011.jpg
[2011.10.04 18:18:25 | 000,699,826 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.04 18:18:25 | 000,655,194 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.04 18:18:25 | 000,148,318 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.04 18:18:25 | 000,121,690 | ---- | M] () -- C:\Windows\System32\perfc009.dat
 
========== Files Created - No Company Name ==========
 
[2011.10.12 16:35:45 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.12 16:16:10 | 000,002,566 | ---- | C] () -- C:\Users\Martin\Desktop\Faster Firefox.lnk
[2011.10.04 20:03:36 | 000,112,215 | ---- | C] () -- C:\Users\Martin\Documents\ausweise.jpg
[2011.10.04 20:02:52 | 000,084,196 | ---- | C] () -- C:\Users\Martin\Documents\Studiennachweis_ws_2011.jpg
[2011.08.18 20:03:21 | 000,000,032 | ---- | C] () -- C:\Windows\USB_Start.INI
[2011.05.04 21:00:44 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.05.04 21:00:33 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.04 21:00:30 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.09.27 01:48:28 | 000,146,688 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010.09.27 01:48:28 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2010.09.24 21:54:22 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.07.22 22:14:32 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.04.30 19:36:11 | 000,000,331 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.04.24 14:27:02 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2010.02.07 22:22:21 | 000,001,824 | ---- | C] () -- C:\Windows\disney.ini
[2009.10.24 13:27:17 | 000,017,920 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.18 13:18:49 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2009.10.18 13:08:53 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.10.18 13:08:53 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.10.18 13:08:53 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.10.18 12:49:21 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.10.18 12:49:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.10.18 12:49:20 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.10.18 12:49:20 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.10.18 12:49:18 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.10.18 12:47:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 10:47:43 | 000,699,826 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,148,318 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 003,766,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,655,194 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,121,690 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
 
========== LOP Check ==========
 
[2010.07.08 18:24:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AllDup
[2009.10.18 13:02:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ashampoo
[2009.10.18 12:51:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2010.09.26 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\gtk-2.0
[2010.07.30 08:56:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Helios
[2011.05.17 18:40:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ
[2010.12.08 18:12:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\JavaEditor
[2011.04.15 13:02:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Juniper Networks
[2011.05.04 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech
[2010.10.13 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mazaika
[2010.05.02 21:27:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Philips-Songbird
[2011.05.24 14:32:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\RadarSync
[2010.05.14 19:37:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Telefónica
[2011.05.20 18:11:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Leider weiß ich nicht, ob dieser Wurm sich nun auf meinem Laptop aufhält oder nicht. Kann ich das Nachkontrollieren? Kann es anzeichen dafür geben, auf die ich achten sollte? Ich wäre euch sehr dankbar, wenn ihr mir eine Antwort geben könntet.

Viele Grüße und großen Dank schon im Vorraus!!!

cosinus · 16.10.2011, 13:54

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
Poste bitte auch die Funde von MSE

horst2011 · 17.10.2011, 16:07

Zuerst danke für die Antwort.

Von Malwarebytes habe ich keine weiteren Logs, da ich diesen erst nach dem Entfernen durch MSE installiert habe. MSE hat folgenden Verlauf gehabt:
Elemente:
process:pid:3304

process:pid:3620

process:pid:3576

file:C:\Users\Martin\M-1-52-5782-8752-5245\winsvc.exe
firewallokfile:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST\\C:\Users\Mar tin\M-1-52-5782-8752-5245\winsvc.exe
regkey:HKCU@S-1-5-21-741742400-3053364637-1879691283-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Microsoft® Windows Update
regkey:HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\STANDARDPROFILE\AUTHORIZEDAPPLICATIONS\LIST\\C:\Users\Martin\M-1-52-5782-8752-5245\winsvc.exe
runkey:HKCU@S-1-5-21-741742400-3053364637-1879691283-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\Microsoft® Windows Update

Diese Funde bezogen sich alle auf den Wurm Phorpiex.b.

cosinus · 17.10.2011, 17:29

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

horst2011 · 18.10.2011, 15:51

Gestern Abend habe ich den ESET Scanner durchlaufen lassen. Folgende Log- Datei kam dabei heraus:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7926825fa6b25d4985a0a4c0e7cdcc76
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-17 10:30:27
# local_time=2011-10-18 12:30:27 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=5893 16776574 100 94 63012615 71314204 0 0
# compatibility_mode=8192 67108863 100 0 231 231 0 0
# scanned=255951
# found=2
# cleaned=0
# scan_time=15167
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJ4VEJDT\g[1].exe	a variant of Win32/Kryptik.TWC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Martin\AppData\Local\Temp\2870874.exe	a variant of Win32/Kryptik.TWC trojan (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok

cosinus · 18.10.2011, 19:57

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

horst2011 · 19.10.2011, 17:39

Hier ist der Inhalt der mir OTL zurück gab:

Code:

ATTFilter

OTL logfile created on: 19.10.2011 17:15:34 - Run 2
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Martin\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 69,85% Memory free
5,99 Gb Paging File | 4,98 Gb Available in Paging File | 83,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 97,15 Gb Free Space | 41,73% Space Free | Partition Type: NTFS
 
Computer Name: MARTIN-PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.12 16:38:47 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 13:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.08.03 13:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.01 00:29:20 | 000,232,104 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2010.11.30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2010.11.11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.03.06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009.10.18 13:18:42 | 003,438,592 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009.10.18 13:18:32 | 003,521,024 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.03.25 15:25:06 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Programme\Common Files\SPBA\upeksvr.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (Tomcat6)
SRV - File not found [Disabled | Stopped] --  -- (ICQ Service)
SRV - File not found [Disabled | Stopped] --  -- (gupdatem) Google Update-Dienst (gupdatem)
SRV - File not found [Disabled | Stopped] --  -- (gupdate) Google Update Service (gupdate)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.03 13:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.10 02:07:10 | 000,083,456 | ---- | M] () [Disabled | Stopped] -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\extensions\startup.service@mozilla.com\svc.exe -- (Firefox Service)
SRV - [2011.02.11 17:41:29 | 000,603,896 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.11.11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010.11.11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.09.29 15:08:58 | 000,200,624 | ---- | M] (Telefónica I+D) [Disabled | Stopped] -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.10.18 13:18:32 | 003,521,024 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.04.30 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2009.04.07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009.03.26 23:04:42 | 000,326,192 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009.03.26 23:04:22 | 000,399,920 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009.03.26 23:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2008.12.01 11:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Running] --  -- (MpKsl11817796)
DRV - [2011.10.19 17:00:47 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2308C2C0-36A5-4BB1-A0FE-321C3D4EFC0F}\MpKsl34a96eb6.sys -- (MpKsl34a96eb6)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.03 13:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.05.10 11:41:28 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.05.02 10:03:15 | 000,073,176 | ---- | M] (Safend Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\Spfd.sys -- (Spfd)
DRV - [2011.05.02 10:03:15 | 000,032,088 | ---- | M] (Safend Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\SpfdBus.sys -- (SpfdBus)
DRV - [2011.02.11 17:27:37 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2011.01.19 12:28:11 | 007,087,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2010.10.29 23:11:08 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010.10.24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.10.24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.10.01 22:35:19 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2010.10.01 22:34:47 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010.10.01 22:34:47 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2010.04.09 09:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.29 11:15:36 | 000,055,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2010.03.25 04:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.01.18 12:48:42 | 000,027,136 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei)
DRV - [2009.10.18 13:18:22 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2009.10.18 12:25:56 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.09.15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.08.31 12:41:50 | 000,044,544 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotoncir.sys -- (nuvotoncir)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.05.21 18:24:44 | 000,021,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
DRV - [2009.04.30 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009.04.07 15:33:08 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009.04.07 15:33:08 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009.03.26 23:05:36 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009.03.26 23:05:36 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009.03.26 23:05:34 | 000,857,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009.03.26 23:05:34 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009.03.26 23:05:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009.03.26 17:31:12 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009.03.26 17:31:12 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009.03.26 17:31:12 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2008.12.01 11:47:08 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (Int15)
DRV - [2004.03.24 04:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\nsndis5.sys -- (NSNDIS5)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://gbt.toolbarhome.com/?hp=df
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 05 1D E6 6F 69 CB 01  [binary data]
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "hxxp://gbt.toolbarhome.com/search.aspx?srch=ku&q="
FF - prefs.js..network.proxy.backup.ftp: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.backup.ftp_port: 8051
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.backup.socks_port: 8051
FF - prefs.js..network.proxy.backup.ssl: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.backup.ssl_port: 8051
FF - prefs.js..network.proxy.ftp: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.ftp_port: 8051
FF - prefs.js..network.proxy.gopher: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.gopher_port: 8051
FF - prefs.js..network.proxy.http: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.http_port: 8051
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.socks_port: 8051
FF - prefs.js..network.proxy.ssl: "proxy.dhbw-heidenheim.de"
FF - prefs.js..network.proxy.ssl_port: 8051
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.04.15 15:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.04.15 15:45:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.06.15 14:12:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.17 17:24:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.29 18:43:10 | 000,000,000 | ---D | M]
 
[2010.05.02 21:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2010.05.02 21:27:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.10.17 19:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\xva6311x.default\extensions
[2011.10.05 19:20:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\xva6311x.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.04.15 10:29:43 | 000,000,000 | ---D | M] (startup.service) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\xva6311x.default\extensions\startup.service@mozilla.com
[2011.10.13 21:16:36 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-1.xml
[2011.05.02 13:10:04 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-2.xml
[2011.05.17 13:49:51 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-3.xml
[2011.06.29 16:59:54 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-4.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin.xml
[2011.06.14 15:37:45 | 000,001,578 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\web-search.xml
[2011.10.17 17:24:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.15 23:59:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.14 21:43:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.07 19:41:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 22:48:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.28 19:48:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 13:40:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVA6311X.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVA6311X.DEFAULT\EXTENSIONS\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVA6311X.DEFAULT\EXTENSIONS\EXTERNALIP@ERIK.MORLIN.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVA6311X.DEFAULT\EXTENSIONS\NEWTABURL@SOGAME.CAT.XPI
() (No name found) -- C:\USERS\MARTIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XVA6311X.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2011.09.29 09:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.04.26 13:40:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.02.01 00:28:22 | 000,001,110 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\adaradar.xml
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.15 14:35:29 | 000,002,084 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 hh-software.com
O1 - Hosts: 18 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1105171349\ICQToolBar.dll File not found
O3 - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\..\Toolbar\WebBrowser: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll File not found
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-741742400-3053364637-1879691283-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4931F96-242E-470B-88F1-49A416556CE8}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\gameboxchrome {494D4E3B-FA53-4487-8AF6-3F50FE1167A9} - C:\Program Files\GameBox\gamebox_toolbar.dll File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Programme\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O20 - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Programme\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0989911e-8d08-11e0-acba-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0989911e-8d08-11e0-acba-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{09eea040-ceb7-11de-8517-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{09eea040-ceb7-11de-8517-001e68ee3907}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{09eea045-ceb7-11de-8517-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{09eea045-ceb7-11de-8517-001e68ee3907}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{09eea076-ceb7-11de-8517-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{09eea076-ceb7-11de-8517-001e68ee3907}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{09eea07a-ceb7-11de-8517-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{09eea07a-ceb7-11de-8517-001e68ee3907}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0b587ff4-9417-11df-80ab-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0b587ff4-9417-11df-80ab-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0b587ff6-9417-11df-80ab-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0b587ff6-9417-11df-80ab-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{18652498-b695-11df-95e8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{18652498-b695-11df-95e8-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2001cec6-b9e9-11df-95d4-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2001cec6-b9e9-11df-95d4-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{27973ddf-9844-11e0-9803-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{27973ddf-9844-11e0-9803-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f73-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f73-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f74-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f74-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f81-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f81-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f83-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f83-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f85-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f85-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3e826a67-8781-11e0-9594-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{3e826a67-8781-11e0-9594-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3e826a77-8781-11e0-9594-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{3e826a77-8781-11e0-9594-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f46-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f46-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f49-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f49-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f4b-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f4b-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f4d-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f4d-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f9e-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f9e-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{47e043b7-5b6b-11df-bcc8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{47e043b7-5b6b-11df-bcc8-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{47e043ba-5b6b-11df-bcc8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{47e043ba-5b6b-11df-bcc8-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a0f6685-6128-11e0-9628-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{4a0f6685-6128-11e0-9628-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a0f6687-6128-11e0-9628-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{4a0f6687-6128-11e0-9628-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a0f6689-6128-11e0-9628-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{4a0f6689-6128-11e0-9628-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4d01886a-13e6-11df-809d-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{4d01886a-13e6-11df-809d-001e68ee3907}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{84cfc920-613d-11e0-96ef-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{84cfc920-613d-11e0-96ef-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8690d100-e693-11de-bc73-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{8690d100-e693-11de-bc73-001e68ee3907}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c418366d-98d1-11df-bc37-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{c418366d-98d1-11df-bc37-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6a7de2f-5f77-11df-ba1a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a7de2f-5f77-11df-ba1a-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6a7de3b-5f77-11df-ba1a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a7de3b-5f77-11df-ba1a-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6a7de53-5f77-11df-ba1a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a7de53-5f77-11df-ba1a-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6a7de63-5f77-11df-ba1a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a7de63-5f77-11df-ba1a-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{eba65976-98cd-11e0-ad1b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{eba65976-98cd-11e0-ad1b-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: EA Core - hkey= - key= - C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: MSSE - hkey= - key= -  File not found
MsConfig - StartUpReg: nmctxth - hkey= - key= - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= -  File not found
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: RtHDVCpl - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SwitchBoard - hkey= - key= - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: vmware-tray - hkey= - key= - C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
MsConfig - StartUpReg: vProt - hkey= - key= -  File not found
MsConfig - StartUpReg: ZPdtWzdVitaKey MC3000 - hkey= - key= - C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.18 19:04:52 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\OTL_Co
[2011.10.17 20:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.10.17 19:59:17 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Martin\Desktop\esetsmartinstaller_enu.exe
[2011.10.17 17:21:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.10.12 16:38:33 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2011.10.12 16:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.12 16:35:38 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.11 21:31:35 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2011.10.11 21:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.11 21:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.10 20:50:56 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\NVIDIA
[2011.10.10 20:32:18 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Facebook
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.19 16:57:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.19 16:53:39 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.19 16:53:39 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.19 16:48:49 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.19 16:48:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.19 16:48:16 | 2411,884,544 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.18 19:06:13 | 000,699,826 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.18 19:06:13 | 000,655,194 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.18 19:06:13 | 000,148,318 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.18 19:06:13 | 000,121,690 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.17 19:59:41 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Martin\Desktop\esetsmartinstaller_enu.exe
[2011.10.17 17:25:06 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.12 16:38:47 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2011.10.12 16:35:45 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.04 20:03:36 | 000,112,215 | ---- | M] () -- C:\Users\Martin\Documents\ausweise.jpg
[2011.10.04 20:02:53 | 000,084,196 | ---- | M] () -- C:\Users\Martin\Documents\Studiennachweis_ws_2011.jpg
 
========== Files Created - No Company Name ==========
 
[2011.10.17 17:25:06 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.10.17 17:25:06 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.12 16:35:45 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.04 20:03:36 | 000,112,215 | ---- | C] () -- C:\Users\Martin\Documents\ausweise.jpg
[2011.10.04 20:02:52 | 000,084,196 | ---- | C] () -- C:\Users\Martin\Documents\Studiennachweis_ws_2011.jpg
[2011.08.18 20:03:21 | 000,000,032 | ---- | C] () -- C:\Windows\USB_Start.INI
[2011.05.04 21:00:44 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.05.04 21:00:33 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.04 21:00:30 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.09.27 01:48:28 | 000,146,688 | ---- | C] () -- C:\Windows\hpoins44.dat
[2010.09.27 01:48:28 | 000,000,512 | ---- | C] () -- C:\Windows\hpomdl44.dat
[2010.09.24 21:54:22 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.07.22 22:14:32 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.04.30 19:36:11 | 000,000,331 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.04.24 14:27:02 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll
[2010.02.07 22:22:21 | 000,001,824 | ---- | C] () -- C:\Windows\disney.ini
[2009.10.24 13:27:17 | 000,017,920 | ---- | C] () -- C:\Users\Martin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.18 13:18:49 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll
[2009.10.18 13:08:53 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.10.18 13:08:53 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.10.18 13:08:53 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.10.18 12:49:21 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.10.18 12:49:21 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.10.18 12:49:20 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.10.18 12:49:20 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.10.18 12:49:18 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.10.18 12:47:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.07.14 10:47:43 | 000,699,826 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,148,318 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 003,766,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,655,194 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,121,690 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.01.26 08:32:18 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
 
========== LOP Check ==========
 
[2010.07.08 18:24:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AllDup
[2009.10.18 13:02:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ashampoo
[2009.10.18 12:51:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2010.09.26 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\gtk-2.0
[2010.07.30 08:56:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Helios
[2011.05.17 18:40:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ
[2010.12.08 18:12:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\JavaEditor
[2011.04.15 13:02:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Juniper Networks
[2011.05.04 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech
[2010.10.13 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mazaika
[2010.05.02 21:27:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Philips-Songbird
[2011.05.24 14:32:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\RadarSync
[2010.05.14 19:37:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Telefónica
[2011.05.20 18:11:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.15 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Adobe
[2010.07.08 18:24:27 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AllDup
[2009.10.18 13:02:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Ashampoo
[2009.10.18 12:51:09 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2010.04.09 12:03:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DivX
[2010.03.24 18:59:01 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\dvdcss
[2010.09.26 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\gtk-2.0
[2010.07.30 08:56:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Helios
[2011.05.17 18:40:45 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ
[2011.01.13 19:32:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Identities
[2010.05.02 21:49:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\InstallShield
[2010.12.08 18:12:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\JavaEditor
[2011.04.15 13:02:07 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Juniper Networks
[2011.05.04 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech
[2009.10.18 13:04:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Macromedia
[2011.10.11 21:31:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2010.10.13 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mazaika
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Media Center Programs
[2009.10.28 14:46:08 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Media Player Classic
[2011.06.08 14:49:22 | 000,000,000 | --SD | M] -- C:\Users\Martin\AppData\Roaming\Microsoft
[2009.10.18 12:47:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mozilla
[2011.10.10 20:50:56 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\NVIDIA
[2010.05.02 21:27:54 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Philips-Songbird
[2011.05.24 14:32:13 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\RadarSync
[2010.03.20 12:13:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Real
[2011.05.04 21:00:07 | 000,000,000 | RH-D | M] -- C:\Users\Martin\AppData\Roaming\SecuROM
[2011.04.14 17:56:38 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Skype
[2011.04.14 17:28:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\skypePM
[2010.05.14 19:37:04 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Telefónica
[2009.12.11 23:29:53 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\U3
[2011.09.06 00:57:35 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\vlc
[2011.07.03 16:31:19 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\VMware
[2009.10.18 13:08:00 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2009.06.19 08:18:42 | 000,238,976 | ---- | M] (Juniper Networks) -- C:\Users\Martin\AppData\Roaming\Juniper Networks\Cache Cleaner 6.3.0\dsCacheCleaner.exe
[2009.06.19 08:18:44 | 000,043,976 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Juniper Networks\Cache Cleaner 6.3.0\uninstall.exe
[2009.04.09 00:14:52 | 000,066,928 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Juniper Networks\Setup Client\dsmmf.exe
[2009.04.09 00:14:50 | 000,165,248 | ---- | M] (Juniper Networks) -- C:\Users\Martin\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
[2009.04.09 00:14:48 | 000,224,112 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClientOCX.exe
[2009.04.09 00:14:54 | 000,043,600 | ---- | M] (Juniper Networks) -- C:\Users\Martin\AppData\Roaming\Juniper Networks\Setup Client\uninstall.exe
[2011.06.15 14:08:07 | 000,010,134 | R--- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
[2009.12.28 20:52:11 | 000,010,134 | R--- | M] () -- C:\Users\Martin\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.03.08 00:55:02 | 000,052,736 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\extensions\startup.service@mozilla.com\firefox_wrapper.exe
[2011.03.10 02:07:10 | 000,083,456 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\extensions\startup.service@mozilla.com\svc.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2009.12.20 01:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.10.24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
[2009.10.18 12:25:56 | 000,721,904 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 
<           >

< End of report >

cosinus · 19.10.2011, 18:47

Zitat:

O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 hh-software.com
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

Sry aber hier stinkt es förmlich nach gecrackter Adobe-Software!

Edit: Neuinstallations-Verordnung wegeditiert

horst2011 · 20.10.2011, 17:30

Jetzt muss ich mich aber rechtfertig. Aufgrund meines Auslandaufenthalts lieh ich meinem Bruder meinen Laptop. Da er "Hobbyfotograf" ist, hat er sich diese Software runtergeladen ohne meiner Zustimmung. Bei meiner Rückkehr deinstallierte ich das komplette Packet, da ich es nicht benötige und da mir das zu viel Speicherplatz raubte. Das Deinstallieren machte ich über die Systemsteuerung vor. Ich habe bisher nicht geahnt, dass dieses Programm noch Spuren hinterlassen hat. Das Ärgert mich auch selber, da dies alles schon über ein halbes Jahr her ist und ich immernoch schädliche Teile auf meinem Rechner habe. Daher ist meine Frage und Bitte: Wie bekomme ich auch diese Reste wieder weg, denn als Programm wird mir dieses nicht mehr angezeigt? Lediglich den Adobe Reader und der Adobe Flash wird mir noch angezeigt.
Viele Grüße mit Hofnung auf eine Antwort

cosinus · 20.10.2011, 17:53

Ok, ich hab auch keinen direkten Crack oder Keygen gefunden

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - File not found [On_Demand | Stopped] --  -- (Tomcat6)
SRV - File not found [Disabled | Stopped] --  -- (ICQ Service)
[2011.10.13 21:16:36 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-1.xml
[2011.05.02 13:10:04 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-2.xml
[2011.05.17 13:49:51 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-3.xml
[2011.06.29 16:59:54 | 000,000,950 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-4.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin.xml
[2011.06.14 15:37:45 | 000,001,578 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\web-search.xml
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.06.15 14:12:02 | 000,000,000 | ---D | M]
O3 - HKLM\..\Toolbar: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1105171349\ICQToolBar.dll File not found
O3 - HKU\S-1-5-21-741742400-3053364637-1879691283-1000\..\Toolbar\WebBrowser: (GameBox Toolbar) - {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - C:\Program Files\GameBox\gamebox_toolbar.dll File not found
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0989911e-8d08-11e0-acba-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0989911e-8d08-11e0-acba-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{09eea040-ceb7-11de-8517-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{09eea040-ceb7-11de-8517-001e68ee3907}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{09eea045-ceb7-11de-8517-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{09eea045-ceb7-11de-8517-001e68ee3907}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{09eea076-ceb7-11de-8517-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{09eea076-ceb7-11de-8517-001e68ee3907}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{09eea07a-ceb7-11de-8517-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{09eea07a-ceb7-11de-8517-001e68ee3907}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{0b587ff4-9417-11df-80ab-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0b587ff4-9417-11df-80ab-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{0b587ff6-9417-11df-80ab-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0b587ff6-9417-11df-80ab-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{18652498-b695-11df-95e8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{18652498-b695-11df-95e8-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2001cec6-b9e9-11df-95d4-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2001cec6-b9e9-11df-95d4-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{27973ddf-9844-11e0-9803-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{27973ddf-9844-11e0-9803-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f73-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f73-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f74-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f74-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f81-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f81-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f83-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f83-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2a3a6f85-8779-11e0-af35-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{2a3a6f85-8779-11e0-af35-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3e826a67-8781-11e0-9594-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{3e826a67-8781-11e0-9594-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3e826a77-8781-11e0-9594-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{3e826a77-8781-11e0-9594-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f46-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f46-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f49-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f49-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f4b-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f4b-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f4d-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f4d-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{429b5f9e-94f1-11df-bd57-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{429b5f9e-94f1-11df-bd57-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{47e043b7-5b6b-11df-bcc8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{47e043b7-5b6b-11df-bcc8-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{47e043ba-5b6b-11df-bcc8-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{47e043ba-5b6b-11df-bcc8-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a0f6685-6128-11e0-9628-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{4a0f6685-6128-11e0-9628-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a0f6687-6128-11e0-9628-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{4a0f6687-6128-11e0-9628-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4a0f6689-6128-11e0-9628-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{4a0f6689-6128-11e0-9628-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4d01886a-13e6-11df-809d-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{4d01886a-13e6-11df-809d-001e68ee3907}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{84cfc920-613d-11e0-96ef-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{84cfc920-613d-11e0-96ef-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8690d100-e693-11de-bc73-001e68ee3907}\Shell - "" = AutoRun
O33 - MountPoints2\{8690d100-e693-11de-bc73-001e68ee3907}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c418366d-98d1-11df-bc37-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{c418366d-98d1-11df-bc37-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6a7de2f-5f77-11df-ba1a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a7de2f-5f77-11df-ba1a-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6a7de3b-5f77-11df-ba1a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a7de3b-5f77-11df-ba1a-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6a7de53-5f77-11df-ba1a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a7de53-5f77-11df-ba1a-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e6a7de63-5f77-11df-ba1a-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{e6a7de63-5f77-11df-ba1a-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{eba65976-98cd-11e0-ad1b-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{eba65976-98cd-11e0-ad1b-005056c00008}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

horst2011 · 20.10.2011, 21:23

Vielen Dank für deine Hilfe. Ich finde es krass, dass obwohl ich die Software deinstalliert habe immernoch bestand auf meinem Rechner hat.

Hier ist die Logfile von OTL:

Zitat:

All processes killed
========== OTL ==========
Service Tomcat6 stopped successfully!
Service Tomcat6 deleted successfully!
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\searchplugins\web-search.xml moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}\ not found.
File C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-741742400-3053364637-1879691283-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TaskTray deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0989911e-8d08-11e0-acba-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0989911e-8d08-11e0-acba-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0989911e-8d08-11e0-acba-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0989911e-8d08-11e0-acba-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09eea040-ceb7-11de-8517-001e68ee3907}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09eea040-ceb7-11de-8517-001e68ee3907}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09eea040-ceb7-11de-8517-001e68ee3907}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09eea040-ceb7-11de-8517-001e68ee3907}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09eea045-ceb7-11de-8517-001e68ee3907}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09eea045-ceb7-11de-8517-001e68ee3907}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09eea045-ceb7-11de-8517-001e68ee3907}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09eea045-ceb7-11de-8517-001e68ee3907}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09eea076-ceb7-11de-8517-001e68ee3907}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09eea076-ceb7-11de-8517-001e68ee3907}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09eea076-ceb7-11de-8517-001e68ee3907}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09eea076-ceb7-11de-8517-001e68ee3907}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09eea07a-ceb7-11de-8517-001e68ee3907}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09eea07a-ceb7-11de-8517-001e68ee3907}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{09eea07a-ceb7-11de-8517-001e68ee3907}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09eea07a-ceb7-11de-8517-001e68ee3907}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b587ff4-9417-11df-80ab-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b587ff4-9417-11df-80ab-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b587ff4-9417-11df-80ab-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b587ff4-9417-11df-80ab-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b587ff6-9417-11df-80ab-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b587ff6-9417-11df-80ab-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b587ff6-9417-11df-80ab-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b587ff6-9417-11df-80ab-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18652498-b695-11df-95e8-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18652498-b695-11df-95e8-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18652498-b695-11df-95e8-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18652498-b695-11df-95e8-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2001cec6-b9e9-11df-95d4-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2001cec6-b9e9-11df-95d4-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2001cec6-b9e9-11df-95d4-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2001cec6-b9e9-11df-95d4-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27973ddf-9844-11e0-9803-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27973ddf-9844-11e0-9803-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27973ddf-9844-11e0-9803-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27973ddf-9844-11e0-9803-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a3a6f73-8779-11e0-af35-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a3a6f73-8779-11e0-af35-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a3a6f73-8779-11e0-af35-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a3a6f73-8779-11e0-af35-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a3a6f74-8779-11e0-af35-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a3a6f74-8779-11e0-af35-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a3a6f74-8779-11e0-af35-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a3a6f74-8779-11e0-af35-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a3a6f81-8779-11e0-af35-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a3a6f81-8779-11e0-af35-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a3a6f81-8779-11e0-af35-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a3a6f81-8779-11e0-af35-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a3a6f83-8779-11e0-af35-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a3a6f83-8779-11e0-af35-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a3a6f83-8779-11e0-af35-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a3a6f83-8779-11e0-af35-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a3a6f85-8779-11e0-af35-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a3a6f85-8779-11e0-af35-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a3a6f85-8779-11e0-af35-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a3a6f85-8779-11e0-af35-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e826a67-8781-11e0-9594-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e826a67-8781-11e0-9594-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e826a67-8781-11e0-9594-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e826a67-8781-11e0-9594-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e826a77-8781-11e0-9594-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e826a77-8781-11e0-9594-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e826a77-8781-11e0-9594-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e826a77-8781-11e0-9594-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{429b5f46-94f1-11df-bd57-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{429b5f46-94f1-11df-bd57-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{429b5f46-94f1-11df-bd57-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{429b5f46-94f1-11df-bd57-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{429b5f49-94f1-11df-bd57-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{429b5f49-94f1-11df-bd57-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{429b5f49-94f1-11df-bd57-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{429b5f49-94f1-11df-bd57-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{429b5f4b-94f1-11df-bd57-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{429b5f4b-94f1-11df-bd57-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{429b5f4b-94f1-11df-bd57-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{429b5f4b-94f1-11df-bd57-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{429b5f4d-94f1-11df-bd57-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{429b5f4d-94f1-11df-bd57-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{429b5f4d-94f1-11df-bd57-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{429b5f4d-94f1-11df-bd57-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{429b5f9e-94f1-11df-bd57-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{429b5f9e-94f1-11df-bd57-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{429b5f9e-94f1-11df-bd57-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{429b5f9e-94f1-11df-bd57-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47e043b7-5b6b-11df-bcc8-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47e043b7-5b6b-11df-bcc8-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47e043b7-5b6b-11df-bcc8-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47e043b7-5b6b-11df-bcc8-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47e043ba-5b6b-11df-bcc8-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47e043ba-5b6b-11df-bcc8-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47e043ba-5b6b-11df-bcc8-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47e043ba-5b6b-11df-bcc8-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a0f6685-6128-11e0-9628-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a0f6685-6128-11e0-9628-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a0f6685-6128-11e0-9628-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a0f6685-6128-11e0-9628-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a0f6687-6128-11e0-9628-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a0f6687-6128-11e0-9628-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a0f6687-6128-11e0-9628-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a0f6687-6128-11e0-9628-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a0f6689-6128-11e0-9628-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a0f6689-6128-11e0-9628-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a0f6689-6128-11e0-9628-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a0f6689-6128-11e0-9628-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d01886a-13e6-11df-809d-001e68ee3907}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d01886a-13e6-11df-809d-001e68ee3907}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d01886a-13e6-11df-809d-001e68ee3907}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d01886a-13e6-11df-809d-001e68ee3907}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84cfc920-613d-11e0-96ef-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84cfc920-613d-11e0-96ef-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84cfc920-613d-11e0-96ef-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84cfc920-613d-11e0-96ef-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8690d100-e693-11de-bc73-001e68ee3907}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8690d100-e693-11de-bc73-001e68ee3907}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8690d100-e693-11de-bc73-001e68ee3907}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8690d100-e693-11de-bc73-001e68ee3907}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c418366d-98d1-11df-bc37-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c418366d-98d1-11df-bc37-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c418366d-98d1-11df-bc37-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c418366d-98d1-11df-bc37-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6a7de2f-5f77-11df-ba1a-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6a7de2f-5f77-11df-ba1a-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6a7de2f-5f77-11df-ba1a-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6a7de2f-5f77-11df-ba1a-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6a7de3b-5f77-11df-ba1a-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6a7de3b-5f77-11df-ba1a-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6a7de3b-5f77-11df-ba1a-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6a7de3b-5f77-11df-ba1a-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6a7de53-5f77-11df-ba1a-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6a7de53-5f77-11df-ba1a-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6a7de53-5f77-11df-ba1a-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6a7de53-5f77-11df-ba1a-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6a7de63-5f77-11df-ba1a-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6a7de63-5f77-11df-ba1a-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6a7de63-5f77-11df-ba1a-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6a7de63-5f77-11df-ba1a-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eba65976-98cd-11e0-ad1b-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eba65976-98cd-11e0-ad1b-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eba65976-98cd-11e0-ad1b-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eba65976-98cd-11e0-ad1b-005056c00008}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe -a not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Martin
->Temp folder emptied: 38650948 bytes
->Temporary Internet Files folder emptied: 23473796 bytes
->Java cache emptied: 388595 bytes
->FireFox cache emptied: 102613038 bytes
->Flash cache emptied: 96098 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 143772329 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 295,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10202011_221544

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 21.10.2011, 13:03

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

horst2011 · 24.10.2011, 18:34

Das Tool von Kaspersky zeigte mir diesen Report indem er 3 Threads gefunden hat. Habe nach diesen Gegoogelt- scheinen wohl treiberspezifische Einträge zu sein. Können aber auch missbraucht werden.

Code:

ATTFilter

19:29:17.0463 4444	TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
19:29:17.0635 4444	============================================================
19:29:17.0635 4444	Current date / time: 2011/10/24 19:29:17.0635
19:29:17.0635 4444	SystemInfo:
19:29:17.0635 4444	
19:29:17.0635 4444	OS Version: 6.1.7600 ServicePack: 0.0
19:29:17.0635 4444	Product type: Workstation
19:29:17.0635 4444	ComputerName: MARTIN-PC
19:29:17.0635 4444	UserName: Martin
19:29:17.0635 4444	Windows directory: C:\Windows
19:29:17.0635 4444	System windows directory: C:\Windows
19:29:17.0635 4444	Processor architecture: Intel x86
19:29:17.0635 4444	Number of processors: 2
19:29:17.0635 4444	Page size: 0x1000
19:29:17.0635 4444	Boot type: Normal boot
19:29:17.0635 4444	============================================================
19:29:18.0887 4444	Initialize success
19:29:24.0105 3136	============================================================
19:29:24.0105 3136	Scan started
19:29:24.0105 3136	Mode: Manual; SigCheck; TDLFS; 
19:29:24.0105 3136	============================================================
19:29:24.0728 3136	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
19:29:24.0860 3136	1394ohci - ok
19:29:24.0964 3136	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
19:29:24.0994 3136	ACPI - ok
19:29:25.0022 3136	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
19:29:25.0107 3136	AcpiPmi - ok
19:29:25.0277 3136	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:29:25.0304 3136	adp94xx - ok
19:29:25.0351 3136	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:29:25.0376 3136	adpahci - ok
19:29:25.0472 3136	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:29:25.0498 3136	adpu320 - ok
19:29:25.0543 3136	AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
19:29:25.0711 3136	AFD - ok
19:29:25.0798 3136	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
19:29:25.0822 3136	agp440 - ok
19:29:25.0854 3136	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:29:25.0878 3136	aic78xx - ok
19:29:25.0929 3136	AlfaFF          (8d59617a9c3dbf4650aa44f4e9215744) C:\Windows\system32\Drivers\AlfaFF.sys
19:29:26.0022 3136	AlfaFF - ok
19:29:26.0126 3136	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
19:29:26.0144 3136	aliide - ok
19:29:26.0185 3136	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
19:29:26.0228 3136	amdagp - ok
19:29:26.0238 3136	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
19:29:26.0257 3136	amdide - ok
19:29:26.0342 3136	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:29:26.0393 3136	AmdK8 - ok
19:29:26.0442 3136	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:29:26.0498 3136	AmdPPM - ok
19:29:26.0576 3136	amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
19:29:26.0598 3136	amdsata - ok
19:29:26.0697 3136	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:29:26.0725 3136	amdsbs - ok
19:29:26.0789 3136	amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
19:29:26.0809 3136	amdxata - ok
19:29:26.0851 3136	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
19:29:26.0939 3136	AppID - ok
19:29:27.0067 3136	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:29:27.0088 3136	arc - ok
19:29:27.0105 3136	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:29:27.0129 3136	arcsas - ok
19:29:27.0243 3136	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:29:27.0299 3136	AsyncMac - ok
19:29:27.0334 3136	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
19:29:27.0352 3136	atapi - ok
19:29:27.0508 3136	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:29:27.0582 3136	b06bdrv - ok
19:29:27.0699 3136	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:29:27.0725 3136	b57nd60x - ok
19:29:27.0757 3136	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:29:27.0809 3136	Beep - ok
19:29:27.0948 3136	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:29:28.0005 3136	blbdrive - ok
19:29:28.0129 3136	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
19:29:28.0197 3136	bowser - ok
19:29:28.0236 3136	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:29:28.0298 3136	BrFiltLo - ok
19:29:28.0402 3136	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:29:28.0456 3136	BrFiltUp - ok
19:29:28.0571 3136	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:29:28.0665 3136	Brserid - ok
19:29:28.0684 3136	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:29:28.0752 3136	BrSerWdm - ok
19:29:28.0850 3136	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:29:28.0902 3136	BrUsbMdm - ok
19:29:28.0927 3136	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:29:28.0970 3136	BrUsbSer - ok
19:29:29.0072 3136	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:29:29.0127 3136	BTHMODEM - ok
19:29:29.0200 3136	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:29:29.0284 3136	cdfs - ok
19:29:29.0375 3136	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
19:29:29.0439 3136	cdrom - ok
19:29:29.0555 3136	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:29:29.0607 3136	circlass - ok
19:29:29.0655 3136	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:29:29.0688 3136	CLFS - ok
19:29:29.0831 3136	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:29:29.0873 3136	CmBatt - ok
19:29:29.0898 3136	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
19:29:29.0917 3136	cmdide - ok
19:29:29.0949 3136	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
19:29:29.0985 3136	CNG - ok
19:29:30.0079 3136	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:29:30.0099 3136	Compbatt - ok
19:29:30.0126 3136	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:29:30.0176 3136	CompositeBus - ok
19:29:30.0289 3136	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:29:30.0309 3136	crcdisk - ok
19:29:30.0349 3136	CSC             (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
19:29:30.0433 3136	CSC - ok
19:29:30.0558 3136	dc3d            (62f9a797cd6b65dcecf71fcddf5f607c) C:\Windows\system32\DRIVERS\dc3d.sys
19:29:30.0578 3136	dc3d - ok
19:29:30.0629 3136	DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
19:29:30.0691 3136	DfsC - ok
19:29:30.0791 3136	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:29:30.0855 3136	discache - ok
19:29:30.0981 3136	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:29:31.0004 3136	Disk - ok
19:29:31.0092 3136	Dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
19:29:31.0138 3136	Dot4 - ok
19:29:31.0238 3136	Dot4Print       (c25fea07a8e7767e8b89ab96a3b96519) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:29:31.0278 3136	Dot4Print - ok
19:29:31.0306 3136	dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
19:29:31.0357 3136	dot4usb - ok
19:29:31.0437 3136	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:29:31.0481 3136	drmkaud - ok
19:29:31.0576 3136	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
19:29:31.0620 3136	DXGKrnl - ok
19:29:31.0787 3136	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:29:31.0876 3136	ebdrv - ok
19:29:32.0009 3136	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:29:32.0041 3136	elxstor - ok
19:29:32.0058 3136	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
19:29:32.0106 3136	ErrDev - ok
19:29:32.0248 3136	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:29:32.0293 3136	exfat - ok
19:29:32.0314 3136	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:29:32.0373 3136	fastfat - ok
19:29:32.0491 3136	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:29:32.0540 3136	fdc - ok
19:29:32.0573 3136	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:29:32.0599 3136	FileInfo - ok
19:29:32.0693 3136	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:29:32.0732 3136	Filetrace - ok
19:29:32.0856 3136	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:29:32.0900 3136	flpydisk - ok
19:29:33.0020 3136	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:29:33.0053 3136	FltMgr - ok
19:29:33.0109 3136	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:29:33.0132 3136	FsDepends - ok
19:29:33.0243 3136	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:29:33.0264 3136	Fs_Rec - ok
19:29:33.0367 3136	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
19:29:33.0407 3136	fvevol - ok
19:29:33.0517 3136	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:29:33.0542 3136	gagp30kx - ok
19:29:33.0652 3136	ggflt           (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
19:29:33.0693 3136	ggflt - ok
19:29:33.0744 3136	ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
19:29:33.0766 3136	ggsemc - ok
19:29:33.0913 3136	hcmon           (2084888f800fb1c1e514fd6da168b5b3) C:\Windows\system32\drivers\hcmon.sys
19:29:33.0938 3136	hcmon - ok
19:29:33.0967 3136	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:29:34.0033 3136	hcw85cir - ok
19:29:34.0138 3136	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
19:29:34.0198 3136	HdAudAddService - ok
19:29:34.0317 3136	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:29:34.0371 3136	HDAudBus - ok
19:29:34.0395 3136	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:29:34.0468 3136	HidBatt - ok
19:29:34.0567 3136	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:29:34.0624 3136	HidBth - ok
19:29:34.0664 3136	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:29:34.0734 3136	HidIr - ok
19:29:34.0860 3136	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
19:29:34.0909 3136	HidUsb - ok
19:29:34.0982 3136	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:29:35.0003 3136	HpSAMD - ok
19:29:35.0112 3136	HSF_DPV         (227c3ba25012752bb7450235392c719f) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:29:35.0222 3136	HSF_DPV - ok
19:29:35.0346 3136	HSXHWAZL        (4df5c76302dc2f8f3465966c8426a292) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:29:35.0417 3136	HSXHWAZL - ok
19:29:35.0475 3136	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
19:29:35.0555 3136	HTTP - ok
19:29:35.0650 3136	Huawei          (90cda5326abb5945330a9293568fd88c) C:\Windows\system32\DRIVERS\ewdcsc.sys
19:29:35.0722 3136	Huawei - ok
19:29:35.0828 3136	huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:29:35.0931 3136	huawei_enumerator - ok
19:29:36.0060 3136	hwdatacard      (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:29:36.0154 3136	hwdatacard - ok
19:29:36.0187 3136	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
19:29:36.0206 3136	hwpolicy - ok
19:29:36.0331 3136	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:29:36.0385 3136	i8042prt - ok
19:29:36.0434 3136	iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
19:29:36.0473 3136	iaStorV - ok
19:29:36.0578 3136	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:29:36.0599 3136	iirsp - ok
19:29:36.0648 3136	Int15           (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\System32\drivers\int15.sys
19:29:36.0663 3136	Int15 ( UnsignedFile.Multi.Generic ) - warning
19:29:36.0663 3136	Int15 - detected UnsignedFile.Multi.Generic (1)
19:29:36.0868 3136	IntcAzAudAddService (6cac927c002dd79d666aa71332eaf03a) C:\Windows\system32\drivers\RTKVHDA.sys
19:29:37.0019 3136	IntcAzAudAddService - ok
19:29:37.0211 3136	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
19:29:37.0229 3136	intelide - ok
19:29:37.0405 3136	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:29:37.0431 3136	intelppm - ok
19:29:37.0480 3136	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:29:37.0547 3136	IpFilterDriver - ok
19:29:37.0661 3136	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:29:37.0692 3136	IPMIDRV - ok
19:29:37.0708 3136	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:29:37.0774 3136	IPNAT - ok
19:29:37.0874 3136	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:29:37.0926 3136	IRENUM - ok
19:29:38.0013 3136	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
19:29:38.0036 3136	isapnp - ok
19:29:38.0062 3136	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
19:29:38.0088 3136	iScsiPrt - ok
19:29:38.0196 3136	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:29:38.0221 3136	kbdclass - ok
19:29:38.0248 3136	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
19:29:38.0292 3136	kbdhid - ok
19:29:38.0390 3136	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
19:29:38.0415 3136	KSecDD - ok
19:29:38.0447 3136	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
19:29:38.0474 3136	KSecPkg - ok
19:29:38.0587 3136	L1E             (14f63a275c1bff4d35e02de1127e8a85) C:\Windows\system32\DRIVERS\L1E62x86.sys
19:29:38.0606 3136	L1E - ok
19:29:38.0674 3136	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:29:38.0735 3136	lltdio - ok
19:29:38.0844 3136	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:29:38.0866 3136	LSI_FC - ok
19:29:38.0897 3136	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:29:38.0920 3136	LSI_SAS - ok
19:29:38.0939 3136	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:29:38.0960 3136	LSI_SAS2 - ok
19:29:39.0048 3136	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:29:39.0070 3136	LSI_SCSI - ok
19:29:39.0136 3136	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:29:39.0207 3136	luafv - ok
19:29:39.0349 3136	MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
19:29:39.0374 3136	MBAMProtector - ok
19:29:39.0487 3136	MBAMSwissArmy - ok
19:29:39.0552 3136	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:29:39.0586 3136	mdmxsdk - ok
19:29:39.0612 3136	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:29:39.0633 3136	megasas - ok
19:29:39.0722 3136	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:29:39.0748 3136	MegaSR - ok
19:29:39.0789 3136	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:29:39.0857 3136	Modem - ok
19:29:39.0957 3136	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:29:40.0007 3136	monitor - ok
19:29:40.0045 3136	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:29:40.0071 3136	mouclass - ok
19:29:40.0180 3136	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:29:40.0226 3136	mouhid - ok
19:29:40.0265 3136	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
19:29:40.0288 3136	mountmgr - ok
19:29:40.0367 3136	MpFilter        (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
19:29:40.0404 3136	MpFilter - ok
19:29:40.0443 3136	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
19:29:40.0468 3136	mpio - ok
19:29:40.0531 3136	MpKsl52af8ab0 - ok
19:29:40.0579 3136	MpKsl668cdd3f - ok
19:29:40.0660 3136	MpKsl90c8899a   (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\MpKsl90c8899a.sys
19:29:40.0686 3136	MpKsl90c8899a - ok
19:29:40.0796 3136	MpNWMon         (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:29:40.0822 3136	MpNWMon - ok
19:29:40.0848 3136	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:29:40.0910 3136	mpsdrv - ok
19:29:41.0007 3136	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
19:29:41.0062 3136	MRxDAV - ok
19:29:41.0132 3136	mrxsmb          (b4c76ef46322a9711c7b0f4e21ef6ea5) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:29:41.0189 3136	mrxsmb - ok
19:29:41.0307 3136	mrxsmb10        (e593d45024a3fdd11e93cc4a6ca91101) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:29:41.0357 3136	mrxsmb10 - ok
19:29:41.0407 3136	mrxsmb20        (a9f86c82c9cc3b679cc3957e1183a30f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:29:41.0435 3136	mrxsmb20 - ok
19:29:41.0517 3136	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
19:29:41.0538 3136	msahci - ok
19:29:41.0563 3136	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
19:29:41.0588 3136	msdsm - ok
19:29:41.0626 3136	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:29:41.0666 3136	Msfs - ok
19:29:41.0743 3136	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:29:41.0800 3136	mshidkmdf - ok
19:29:41.0829 3136	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
19:29:41.0849 3136	msisadrv - ok
19:29:41.0947 3136	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:29:42.0007 3136	MSKSSRV - ok
19:29:42.0086 3136	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:29:42.0144 3136	MSPCLOCK - ok
19:29:42.0214 3136	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:29:42.0271 3136	MSPQM - ok
19:29:42.0320 3136	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:29:42.0344 3136	MsRPC - ok
19:29:42.0361 3136	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
19:29:42.0386 3136	mssmbios - ok
19:29:42.0498 3136	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:29:42.0560 3136	MSTEE - ok
19:29:42.0605 3136	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:29:42.0629 3136	MTConfig - ok
19:29:42.0653 3136	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:29:42.0677 3136	Mup - ok
19:29:42.0833 3136	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:29:42.0895 3136	NativeWifiP - ok
19:29:43.0010 3136	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
19:29:43.0097 3136	NDIS - ok
19:29:43.0193 3136	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:29:43.0233 3136	NdisCap - ok
19:29:43.0315 3136	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:29:43.0381 3136	NdisTapi - ok
19:29:43.0480 3136	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
19:29:43.0523 3136	Ndisuio - ok
19:29:43.0545 3136	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
19:29:43.0613 3136	NdisWan - ok
19:29:43.0646 3136	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
19:29:43.0688 3136	NDProxy - ok
19:29:43.0807 3136	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:29:43.0848 3136	NetBIOS - ok
19:29:43.0867 3136	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
19:29:43.0940 3136	NetBT - ok
19:29:44.0241 3136	NETw5s32        (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys
19:29:44.0397 3136	NETw5s32 - ok
19:29:44.0585 3136	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
19:29:44.0691 3136	netw5v32 - ok
19:29:45.0126 3136	NETwNs32        (71a154ae95a5c17a51cb414135e92c6b) C:\Windows\system32\DRIVERS\NETwNs32.sys
19:29:45.0495 3136	NETwNs32 - ok
19:29:45.0602 3136	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:29:45.0624 3136	nfrd960 - ok
19:29:45.0672 3136	NisDrv          (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:29:45.0704 3136	NisDrv - ok
19:29:45.0843 3136	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:29:45.0900 3136	Npfs - ok
19:29:45.0936 3136	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:29:45.0995 3136	nsiproxy - ok
19:29:46.0120 3136	NSNDIS5         (53f7546e8daefb3a0813f5e19c4613c9) C:\Windows\system32\NSNDIS5.SYS
19:29:46.0140 3136	NSNDIS5 ( UnsignedFile.Multi.Generic ) - warning
19:29:46.0140 3136	NSNDIS5 - detected UnsignedFile.Multi.Generic (1)
19:29:46.0245 3136	Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
19:29:46.0355 3136	Ntfs - ok
19:29:46.0468 3136	NuidFltr        (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
19:29:46.0485 3136	NuidFltr - ok
19:29:46.0515 3136	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:29:46.0579 3136	Null - ok
19:29:46.0718 3136	nuvotoncir      (97564839dc47131bb5e1eafd1f884415) C:\Windows\system32\DRIVERS\nuvotoncir.sys
19:29:46.0792 3136	nuvotoncir - ok
19:29:46.0859 3136	NVHDA           (0e616537f3e12d4c9fb71181c2f21bd5) C:\Windows\system32\drivers\nvhda32v.sys
19:29:46.0882 3136	NVHDA - ok
19:29:47.0220 3136	nvlddmkm        (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:29:48.0527 3136	nvlddmkm - ok
19:29:48.0626 3136	nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
19:29:48.0650 3136	nvraid - ok
19:29:48.0671 3136	nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
19:29:48.0694 3136	nvstor - ok
19:29:48.0842 3136	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
19:29:48.0870 3136	nv_agp - ok
19:29:48.0895 3136	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
19:29:48.0948 3136	ohci1394 - ok
19:29:49.0066 3136	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:29:49.0114 3136	Parport - ok
19:29:49.0140 3136	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
19:29:49.0163 3136	partmgr - ok
19:29:49.0189 3136	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:29:49.0231 3136	Parvdm - ok
19:29:49.0330 3136	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
19:29:49.0356 3136	pci - ok
19:29:49.0378 3136	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
19:29:49.0397 3136	pciide - ok
19:29:49.0416 3136	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:29:49.0444 3136	pcmcia - ok
19:29:49.0467 3136	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:29:49.0489 3136	pcw - ok
19:29:49.0585 3136	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:29:49.0660 3136	PEAUTH - ok
19:29:49.0829 3136	pnarp           (63200893c9d5934a7504d20f68276cc7) C:\Windows\system32\DRIVERS\pnarp.sys
19:29:49.0868 3136	pnarp - ok
19:29:50.0015 3136	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:29:50.0081 3136	PptpMiniport - ok
19:29:50.0108 3136	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:29:50.0157 3136	Processor - ok
19:29:50.0271 3136	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:29:50.0337 3136	Psched - ok
19:29:50.0479 3136	purendis        (748bcab4eff5959ed347c05a1c1a0af8) C:\Windows\system32\DRIVERS\purendis.sys
19:29:50.0498 3136	purendis - ok
19:29:50.0592 3136	PxHelp20        (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
19:29:50.0620 3136	PxHelp20 - ok
19:29:50.0713 3136	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:29:50.0759 3136	ql2300 - ok
19:29:50.0918 3136	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:29:50.0945 3136	ql40xx - ok
19:29:50.0972 3136	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:29:51.0001 3136	QWAVEdrv - ok
19:29:51.0085 3136	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:29:51.0153 3136	RasAcd - ok
19:29:51.0200 3136	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:29:51.0257 3136	RasAgileVpn - ok
19:29:51.0352 3136	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:29:51.0411 3136	Rasl2tp - ok
19:29:51.0523 3136	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:29:51.0583 3136	RasPppoe - ok
19:29:51.0622 3136	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:29:51.0686 3136	RasSstp - ok
19:29:51.0788 3136	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
19:29:51.0838 3136	rdbss - ok
19:29:51.0855 3136	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:29:51.0906 3136	rdpbus - ok
19:29:51.0932 3136	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:29:51.0992 3136	RDPCDD - ok
19:29:52.0086 3136	RDPDR           (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
19:29:52.0156 3136	RDPDR - ok
19:29:52.0247 3136	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:29:52.0304 3136	RDPENCDD - ok
19:29:52.0332 3136	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:29:52.0370 3136	RDPREFMP - ok
19:29:52.0396 3136	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
19:29:52.0439 3136	RDPWD - ok
19:29:52.0527 3136	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
19:29:52.0558 3136	rdyboost - ok
19:29:52.0707 3136	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:29:52.0792 3136	rspndr - ok
19:29:53.0049 3136	RSUSBSTOR       (247b0a8164069cd4fe6f3094c581b13b) C:\Windows\system32\Drivers\RtsUStor.sys
19:29:53.0079 3136	RSUSBSTOR - ok
19:29:53.0115 3136	RTSTOR          (7a4f79df3793160b280cde152b61fe33) C:\Windows\system32\drivers\RTSTOR.SYS
19:29:53.0151 3136	RTSTOR - ok
19:29:53.0240 3136	s3cap           (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
19:29:53.0276 3136	s3cap - ok
19:29:53.0317 3136	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
19:29:53.0341 3136	sbp2port - ok
19:29:53.0430 3136	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
19:29:53.0495 3136	scfilter - ok
19:29:53.0545 3136	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:29:53.0586 3136	secdrv - ok
19:29:53.0705 3136	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
19:29:53.0778 3136	seehcri - ok
19:29:53.0882 3136	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:29:53.0905 3136	Serenum - ok
19:29:53.0927 3136	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:29:53.0993 3136	Serial - ok
19:29:54.0024 3136	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:29:54.0050 3136	sermouse - ok
19:29:54.0144 3136	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
19:29:54.0195 3136	sffdisk - ok
19:29:54.0206 3136	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:29:54.0247 3136	sffp_mmc - ok
19:29:54.0279 3136	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:29:54.0330 3136	sffp_sd - ok
19:29:54.0422 3136	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:29:54.0471 3136	sfloppy - ok
19:29:54.0509 3136	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
19:29:54.0532 3136	sisagp - ok
19:29:54.0573 3136	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:29:54.0593 3136	SiSRaid2 - ok
19:29:54.0675 3136	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:29:54.0697 3136	SiSRaid4 - ok
19:29:54.0741 3136	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:29:54.0804 3136	Smb - ok
19:29:54.0928 3136	Spfd            (127955296d39896758c1d81c84e570a0) C:\Windows\system32\DRIVERS\Spfd.sys
19:29:54.0972 3136	Spfd - ok
19:29:55.0007 3136	SpfdBus         (8501861a2482fd4b76ab525c6238effd) C:\Windows\system32\DRIVERS\SpfdBus.sys
19:29:55.0028 3136	SpfdBus - ok
19:29:55.0061 3136	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:29:55.0082 3136	spldr - ok
19:29:55.0232 3136	sptd            (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
19:29:55.0232 3136	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
19:29:55.0245 3136	sptd ( LockedFile.Multi.Generic ) - warning
19:29:55.0245 3136	sptd - detected LockedFile.Multi.Generic (1)
19:29:55.0352 3136	srv             (4a9b0f215de2519e2363f91df25c1e97) C:\Windows\system32\DRIVERS\srv.sys
19:29:55.0425 3136	srv - ok
19:29:55.0463 3136	srv2            (14c44875518ae1c982e54ea8c5f7fe28) C:\Windows\system32\DRIVERS\srv2.sys
19:29:55.0499 3136	srv2 - ok
19:29:55.0610 3136	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:29:55.0662 3136	SrvHsfHDA - ok
19:29:55.0796 3136	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:29:55.0876 3136	SrvHsfV92 - ok
19:29:55.0989 3136	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:29:56.0032 3136	SrvHsfWinac - ok
19:29:56.0149 3136	srvnet          (07a14223b0a50e76ade003fdf95d4fec) C:\Windows\system32\DRIVERS\srvnet.sys
19:29:56.0184 3136	srvnet - ok
19:29:56.0241 3136	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:29:56.0264 3136	stexstor - ok
19:29:56.0348 3136	storflt         (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
19:29:56.0382 3136	storflt - ok
19:29:56.0418 3136	storvsc         (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
19:29:56.0439 3136	storvsc - ok
19:29:56.0462 3136	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
19:29:56.0484 3136	swenum - ok
19:29:56.0622 3136	Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
19:29:56.0676 3136	Tcpip - ok
19:29:56.0811 3136	TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
19:29:56.0868 3136	TCPIP6 - ok
19:29:56.0966 3136	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
19:29:57.0034 3136	tcpipreg - ok
19:29:57.0087 3136	TcUsb           (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
19:29:57.0123 3136	TcUsb - ok
19:29:57.0209 3136	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
19:29:57.0266 3136	TDPIPE - ok
19:29:57.0282 3136	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
19:29:57.0342 3136	TDTCP - ok
19:29:57.0435 3136	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
19:29:57.0500 3136	tdx - ok
19:29:57.0532 3136	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
19:29:57.0560 3136	TermDD - ok
19:29:57.0700 3136	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:29:57.0739 3136	tssecsrv - ok
19:29:57.0777 3136	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
19:29:57.0843 3136	tunnel - ok
19:29:57.0942 3136	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:29:57.0966 3136	uagp35 - ok
19:29:58.0000 3136	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
19:29:58.0063 3136	udfs - ok
19:29:58.0208 3136	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:29:58.0232 3136	uliagpkx - ok
19:29:58.0270 3136	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
19:29:58.0296 3136	umbus - ok
19:29:58.0392 3136	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:29:58.0437 3136	UmPass - ok
19:29:58.0492 3136	usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
19:29:58.0551 3136	usbccgp - ok
19:29:58.0668 3136	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
19:29:58.0720 3136	usbcir - ok
19:29:58.0750 3136	usbehci         (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
19:29:58.0796 3136	usbehci - ok
19:29:58.0976 3136	usbhub          (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
19:29:59.0033 3136	usbhub - ok
19:29:59.0134 3136	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
19:29:59.0174 3136	usbohci - ok
19:29:59.0215 3136	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:29:59.0267 3136	usbprint - ok
19:29:59.0372 3136	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:29:59.0419 3136	usbscan - ok
19:29:59.0462 3136	USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:29:59.0524 3136	USBSTOR - ok
19:29:59.0619 3136	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
19:29:59.0668 3136	usbuhci - ok
19:29:59.0721 3136	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
19:29:59.0789 3136	usbvideo - ok
19:29:59.0903 3136	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:29:59.0924 3136	vdrvroot - ok
19:29:59.0969 3136	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:30:00.0024 3136	vga - ok
19:30:00.0213 3136	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:30:00.0258 3136	VgaSave - ok
19:30:00.0303 3136	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
19:30:00.0350 3136	vhdmp - ok
19:30:00.0440 3136	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
19:30:00.0465 3136	viaagp - ok
19:30:00.0508 3136	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:30:00.0550 3136	ViaC7 - ok
19:30:00.0641 3136	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
19:30:00.0661 3136	viaide - ok
19:30:00.0719 3136	vmbus           (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
19:30:00.0746 3136	vmbus - ok
19:30:00.0815 3136	VMBusHID        (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
19:30:00.0841 3136	VMBusHID - ok
19:30:00.0922 3136	vmci            (bf327b6ae50c0d5d1cc7aa49cf56c9f3) C:\Windows\system32\Drivers\vmci.sys
19:30:00.0956 3136	vmci - ok
19:30:01.0062 3136	vmkbd           (47755d44592212c8e609b0bb36227a4b) C:\Windows\system32\drivers\VMkbd.sys
19:30:01.0086 3136	vmkbd - ok
19:30:01.0209 3136	VMnetAdapter    (898706a05d20b706848a440961c52436) C:\Windows\system32\DRIVERS\vmnetadapter.sys
19:30:01.0228 3136	VMnetAdapter - ok
19:30:01.0357 3136	VMnetBridge     (5692cbd2a25e04c62707bfc311884b65) C:\Windows\system32\DRIVERS\vmnetbridge.sys
19:30:01.0381 3136	VMnetBridge - ok
19:30:01.0526 3136	VMnetuserif     (6a1b3f7d9e25929fd42712ab80aebf62) C:\Windows\system32\drivers\vmnetuserif.sys
19:30:01.0549 3136	VMnetuserif - ok
19:30:01.0657 3136	vmusb           (25017db6451b002158db425961a82b7b) C:\Windows\system32\Drivers\vmusb.sys
19:30:01.0680 3136	vmusb - ok
19:30:01.0784 3136	vmx86           (925faad003f782057f1e0eea0797900e) C:\Windows\system32\Drivers\vmx86.sys
19:30:01.0839 3136	vmx86 - ok
19:30:01.0928 3136	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
19:30:01.0951 3136	volmgr - ok
19:30:01.0983 3136	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:30:02.0010 3136	volmgrx - ok
19:30:02.0035 3136	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
19:30:02.0063 3136	volsnap - ok
19:30:02.0213 3136	vpnva           (1b7c80c66742dafaa31f98af4c3a5bc2) C:\Windows\system32\DRIVERS\vpnva.sys
19:30:02.0231 3136	vpnva - ok
19:30:02.0273 3136	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:30:02.0299 3136	vsmraid - ok
19:30:02.0405 3136	vstor2-ws60     (e4fa7aff5046fc49de22e903b7e35add) C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
19:30:02.0427 3136	vstor2-ws60 - ok
19:30:02.0518 3136	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:30:02.0567 3136	vwifibus - ok
19:30:02.0690 3136	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:30:02.0744 3136	vwififlt - ok
19:30:02.0778 3136	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:30:02.0806 3136	WacomPen - ok
19:30:02.0910 3136	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:30:02.0972 3136	WANARP - ok
19:30:02.0976 3136	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:30:03.0022 3136	Wanarpv6 - ok
19:30:03.0067 3136	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:30:03.0087 3136	Wd - ok
19:30:03.0184 3136	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:30:03.0217 3136	Wdf01000 - ok
19:30:03.0291 3136	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:30:03.0330 3136	WfpLwf - ok
19:30:03.0392 3136	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:30:03.0415 3136	WIMMount - ok
19:30:03.0495 3136	winachsf        (8b976d4ca270110111df4f313da0e6e8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:30:03.0584 3136	winachsf - ok
19:30:03.0691 3136	winbondcir      (3fa87d56769838aac82fafc3e78fc732) C:\Windows\system32\DRIVERS\winbondcir.sys
19:30:03.0750 3136	winbondcir - ok
19:30:03.0905 3136	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUSB.sys
19:30:03.0941 3136	WinUsb - ok
19:30:03.0974 3136	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:30:04.0021 3136	WmiAcpi - ok
19:30:04.0142 3136	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:30:04.0206 3136	ws2ifsl - ok
19:30:04.0246 3136	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
19:30:04.0314 3136	WudfPf - ok
19:30:04.0422 3136	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:30:04.0465 3136	WUDFRd - ok
19:30:04.0524 3136	XAudio          (894f963be999ba9db5aac3aed55b115d) C:\Windows\system32\DRIVERS\XAudio32.sys
19:30:04.0553 3136	XAudio - ok
19:30:04.0613 3136	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:30:04.0687 3136	\Device\Harddisk0\DR0 - ok
19:30:04.0691 3136	Boot (0x1200)   (e1d81eb07653c48240890c67f1a5e423) \Device\Harddisk0\DR0\Partition0
19:30:04.0692 3136	\Device\Harddisk0\DR0\Partition0 - ok
19:30:04.0718 3136	Boot (0x1200)   (6400d519c78d58fbf2dca458d1c5db1f) \Device\Harddisk0\DR0\Partition1
19:30:04.0719 3136	\Device\Harddisk0\DR0\Partition1 - ok
19:30:04.0719 3136	============================================================
19:30:04.0719 3136	Scan finished
19:30:04.0719 3136	============================================================
19:30:04.0770 2052	Detected object count: 3
19:30:04.0770 2052	Actual detected object count: 3
19:30:22.0421 2052	Int15 ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:22.0421 2052	Int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:30:22.0424 2052	NSNDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:30:22.0424 2052	NSNDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:30:22.0426 2052	sptd ( LockedFile.Multi.Generic ) - skipped by user
19:30:22.0427 2052	sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Sollen diese 3 Threads weiterhin bestehen- oder sind diese zu Risikobehaftet?

cosinus · 24.10.2011, 18:38

Nein die sind ok, bitte so belassen. Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

horst2011 · 24.10.2011, 21:46

Hier die Logdatei von ComboFix:

Code:

ATTFilter

ComboFix 11-10-24.04 - Martin 24.10.2011  21:33:19.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.3067.2174 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
C:\test.txt
c:\windows\IsUn0407.exe
c:\windows\unin0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-24 bis 2011-10-24  ))))))))))))))))))))))))))))))
.
.
2011-10-24 19:42 . 2011-10-24 19:42	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2011-10-24 19:42 . 2011-10-24 19:42	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-24 19:22 . 2011-10-24 19:22	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\MpKslfde282c5.sys
2011-10-24 18:41 . 2011-10-24 18:41	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\MpKsl06fb73f5.sys
2011-10-24 18:40 . 2011-10-24 19:42	--------	d-----w-	c:\users\Martin\AppData\Local\temp
2011-10-24 18:25 . 2011-10-24 18:25	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\MpKsl71a10ba8.sys
2011-10-24 18:24 . 2011-10-24 18:24	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\MpKsl768a4617.sys
2011-10-24 17:22 . 2011-10-24 17:22	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\MpKsl90c8899a.sys
2011-10-24 17:22 . 2011-10-24 19:22	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\offreg.dll
2011-10-24 17:22 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\mpengine.dll
2011-10-20 20:15 . 2011-10-20 20:15	--------	d-----w-	C:\_OTL
2011-10-17 18:13 . 2011-10-17 18:13	--------	d-----w-	c:\program files\ESET
2011-10-12 14:35 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-10-11 20:12 . 2011-10-11 20:12	703824	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E7E436A0-1C88-47FB-B2CA-46476A382BC9}\gapaengine.dll
2011-10-11 19:31 . 2011-10-11 19:31	--------	d-----w-	c:\users\Martin\AppData\Roaming\Malwarebytes
2011-10-11 19:31 . 2011-10-11 19:31	--------	d-----w-	c:\programdata\Malwarebytes
2011-10-11 19:31 . 2011-10-12 14:35	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-10-10 18:50 . 2011-10-10 18:50	--------	d-----w-	c:\users\Martin\AppData\Roaming\NVIDIA
2011-10-10 18:32 . 2011-10-10 18:33	--------	d-----w-	c:\users\Martin\AppData\Local\Facebook
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 14:48 . 2011-05-31 10:53	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-07 03:48 . 2009-10-24 09:22	6668624	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-08-16 16:46 . 2011-08-30 15:19	3648424	----a-w-	c:\windows\system32\drivers\RTKVHDA.sys
2011-08-16 14:57 . 2011-08-30 15:19	1501696	----a-w-	c:\windows\system32\RCoRes.dat
2011-08-16 12:43 . 2011-08-30 15:19	2269288	----a-w-	c:\windows\system32\RtkPgExt.dll
2011-08-16 12:43 . 2011-08-30 15:19	4228712	----a-w-	c:\windows\system32\RtkAPO.dll
2011-08-15 14:47 . 2011-08-30 15:19	77416	----a-w-	c:\windows\system32\RtkCoInst.dll
2011-08-05 23:39 . 2011-08-30 15:18	327168	----a-w-	c:\windows\system32\DTSU2PREC32.dll
2011-08-05 23:39 . 2011-08-30 15:18	413696	----a-w-	c:\windows\system32\DTSU2PLFX32.dll
2011-08-05 23:39 . 2011-08-30 15:18	390656	----a-w-	c:\windows\system32\DTSU2PGFX32.dll
2011-08-03 11:50 . 2011-08-30 15:20	66664	----a-w-	c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2011-08-30 15:20	599144	----a-w-	c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-08-30 15:20	309352	----a-w-	c:\windows\system32\nvhotkey.dll
2011-08-03 11:50 . 2011-08-30 15:20	2560616	----a-w-	c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2011-08-30 15:20	2558568	----a-w-	c:\windows\system32\nvsvc.dll
2011-08-03 11:50 . 2011-08-30 15:20	3730024	----a-w-	c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-08-30 15:20	111208	----a-w-	c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-08-30 15:20	600680	----a-w-	c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:50 . 2011-08-30 15:12	914024	----a-w-	c:\windows\system32\nvdispco32.dll
2011-08-03 11:50 . 2011-08-30 15:12	875112	----a-w-	c:\windows\system32\nvgenco32.dll
2011-08-03 11:50 . 2011-08-30 15:12	6613096	----a-w-	c:\windows\system32\nvwgf2um.dll
2011-08-03 11:50 . 2011-08-30 15:12	57960	----a-w-	c:\windows\system32\OpenCL.dll
2011-08-03 11:50 . 2011-08-30 15:12	5404776	----a-w-	c:\windows\system32\nvcuda.dll
2011-08-03 11:50 . 2011-08-30 15:12	2412136	----a-w-	c:\windows\system32\nvapi.dll
2011-08-03 11:50 . 2011-08-30 15:12	2391656	----a-w-	c:\windows\system32\nvcuvid.dll
2011-08-03 11:50 . 2011-08-30 15:12	2090088	----a-w-	c:\windows\system32\nvcuvenc.dll
2011-08-03 11:50 . 2011-08-30 15:12	17193576	----a-w-	c:\windows\system32\nvcompiler.dll
2011-08-03 11:50 . 2011-08-30 15:12	16595560	----a-w-	c:\windows\system32\nvoglv32.dll
2011-08-03 11:50 . 2011-08-30 15:12	12636776	----a-w-	c:\windows\system32\nvd3dum.dll
2011-08-03 11:50 . 2011-08-30 15:12	10304104	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2011-07-29 12:46 . 2011-08-30 15:19	1272424	----a-w-	c:\windows\system32\RtkApoApi.dll
2011-07-27 22:54 . 2011-08-30 15:19	1725784	----a-w-	c:\windows\system32\WavesGUILib.dll
2011-07-27 22:54 . 2011-08-30 15:19	1836376	----a-w-	c:\windows\system32\MaxxAudioEQ.dll
2011-09-29 07:09 . 2011-10-17 15:24	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-01-31 232104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-08-16 10820200]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-10-18 11:18	3116032	----a-w-	c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spba]
2008-03-25 13:24	567560	----a-w-	c:\program files\Common Files\SPBA\homefus2.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk]
path=c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
backup=c:\windows\pss\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04	35736	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44	500208	------w-	c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51	691656	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11	3325952	----a-w-	c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 15:00	449608	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 15:00	1047208	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12	3872080	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nmctxth]
2009-04-07 13:34	642856	----a-w-	c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-08-03 11:50	3730024	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-04-08 14:28	220552	----a-w-	c:\program files\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12	253672	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-03-26 21:05	96816	----a-w-	c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
2009-10-18 11:18	3673600	----a-w-	c:\program files\Acer\Acer Bio Protection\PdtWzd.exe
.
R0 Spfd;Safend Spfd Device;c:\windows\system32\DRIVERS\Spfd.sys [2011-05-02 73176]
R0 SpfdBus;Safend Spfd Virtual Bus;c:\windows\system32\DRIVERS\SpfdBus.sys [2011-05-02 32088]
R1 MpKsl52af8ab0;MpKsl52af8ab0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA2553AC-144C-47A5-96A1-79D28329F12A}\MpKsl52af8ab0.sys [x]
R1 MpKsl668cdd3f;MpKsl668cdd3f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{CA2553AC-144C-47A5-96A1-79D28329F12A}\MpKsl668cdd3f.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 IGBASVC;iGroupTec Service;c:\program files\Acer\Acer Bio Protection\BASVC.exe [2009-10-18 3521024]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-05-21 21392]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-10-01 13224]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys [2010-01-18 27136]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 Firefox Service;Firefox Service;c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\extensions\startup.service@mozilla.com\svc.exe [2011-03-10 83456]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R4 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-09-29 200624]
R4 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-02-11 603896]
S0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\Drivers\AlfaFF.sys [2009-10-18 43184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-18 721904]
S1 MpKsl06fb73f5;MpKsl06fb73f5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\MpKsl06fb73f5.sys [2011-10-24 28752]
S1 MpKsl71a10ba8;MpKsl71a10ba8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\MpKsl71a10ba8.sys [2011-10-24 28752]
S1 MpKsl768a4617;MpKsl768a4617;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\MpKsl768a4617.sys [2011-10-24 28752]
S1 MpKsl90c8899a;MpKsl90c8899a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\MpKsl90c8899a.sys [2011-10-24 28752]
S1 MpKslfde282c5;MpKslfde282c5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6AD8DBA-2AAC-4CB0-AE8E-5B1639BBAFAD}\MpKslfde282c5.sys [2011-10-24 28752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-03-26 54960]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]
S3 NETwNs32;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2011-01-19 7087616]
S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [2009-08-31 44544]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-05-10 139368]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 197224]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2010-10-01 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://gbt.toolbarhome.com/?hp=df
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\xva6311x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://gbt.toolbarhome.com/search.aspx?srch=ku&q=
FF - prefs.js: network.proxy.ftp - proxy.dhbw-heidenheim.de
FF - prefs.js: network.proxy.ftp_port - 8051
FF - prefs.js: network.proxy.gopher - proxy.dhbw-heidenheim.de
FF - prefs.js: network.proxy.gopher_port - 8051
FF - prefs.js: network.proxy.http - proxy.dhbw-heidenheim.de
FF - prefs.js: network.proxy.http_port - 8051
FF - prefs.js: network.proxy.socks - proxy.dhbw-heidenheim.de
FF - prefs.js: network.proxy.socks_port - 8051
FF - prefs.js: network.proxy.ssl - proxy.dhbw-heidenheim.de
FF - prefs.js: network.proxy.ssl_port - 8051
FF - prefs.js: network.proxy.type - 4
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-AdobeCS5ServiceManager - c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-RtHDVCpl - RtHDVCpl.exe
MSConfigStartUp-SwitchBoard - c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSConfigStartUp-vProt - c:\program files\GameBox\vprot.exe
AddRemove-Apache Tomcat 6.0 - c:\program files\Apache Software Foundation\Tomcat 6.0\Uninstall.exe
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-GameBox - c:\program files\GameBox\UNINSTALL.exe
AddRemove-Hercules - c:\windows\unin0407.exe
AddRemove-Herrscher des Olymp - Zeus - c:\windows\IsUn0407.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-741742400-3053364637-1879691283-1000\Software\SecuROM\License information*]
"datasecu"=hex:37,67,0c,8a,84,d3,74,c2,ab,8d,4a,2a,d7,8e,87,63,92,53,15,56,df,
   f4,11,be,26,f1,33,4f,34,ef,52,29,e8,c5,dd,bd,d0,0c,b0,aa,c8,ba,2e,32,52,9f,\
"rkeysecu"=hex:0a,62,84,4d,53,50,99,af,91,ae,79,61,bf,9a,97,a1
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-10-24  21:44:47
ComboFix-quarantined-files.txt  2011-10-24 19:44
.
Vor Suchlauf: 19 Verzeichnis(se), 113.885.462.528 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 113.566.633.984 Bytes frei
.
- - End Of File - - 16D3FC0801F316FA4F916F18E03C0B4F

16.10.2011, 13:54	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Der Facebook- Virus scheint entfernt zu sein- ist dieser jedoch wirklich weg? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. Poste bitte auch die Funde von MSE __________________ __________________

Der Facebook- Virus scheint entfernt zu sein- ist dieser jedoch wirklich weg?

Log-Analyse und Auswertung: Der Facebook- Virus scheint entfernt zu sein- ist dieser jedoch wirklich weg?