Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?

Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?


Log-Analyse und Auswertung: Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.10.2011, 12:43   #1
Anneschdo
 
Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? - Standard

Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?


Liebe Experten,

hier meine Frage von gestern Nacht jetzt aber inklusive aller Logfiles und etwas sortierter als im Ursprungspost (ich habe schon um Löschung des alten Posts gebeten, der war übrigens im Forum "Plagegeister" und eigentlich sollte dieser Post auch in das Forum "Plagegeister", sollte also kein CrossPosting werden! Aber irgendwie bin ich verrutscht und vielleicht ist es ja auch hier richtig, da ich ja Logs poste? Sonst bitte verschieben, vielen Dank!!!):

Situation:
Habe Malware vermutet nach einem Firefox-Problem, daraufhin Malwarebytes Anti-Malware (MBAM) installiert (3 Logfiles MBAM und 2 Logfiles Antivir als Dateianhang in zip-Archiv anbei):
  • MBA-Quickscan findet Trojaner,
  • zeitgleich findet Antivir den auch (hatte vergessen, Antivir zu schließen). MalwareBytes findet weiter in 3 Dateien u.a. in der Registry die Datei "Backdoor.Papras" -> in Quarantäne gestellt.
  • Weiterer Quickscan bringt keine Ergebnisse.
  • Antivir findet aber kurz darauf wieder einen anderen Trojaner.
  • Vollständiger Scan-Durchlauf von MBAM findet nochmals einen neuen Trojaner (Dro
pper).

Habe die Schritte aus der "Anleitung für Hilfesuchende" befolgt:
- Defogger
- OTL (OTL und Extras)
- GMER

Am Ende poste ich alle Log-Dateien von OTL (2 Logs) und GMER, sofern es reinpasst. Jetzt noch meine Fragen:

- Kann ich erkennen, wie lange der Backdoor und die Trojaner schon auf dem Notebook sind? (ich denke, noch nicht lange)
- Wichtige Passwörter habe ich via Netbook schon geändert. MBAM findet nichts mehr. Ich würde gern ein Neuaufsetzen vermeiden. Ich WEISS, dass es schlauer wäre - aber ist es, nach meinen geposteten Logs, unumgänglich?
- Ich verwende Antivir, die normale Windows-Firewall von WIN7 Professional und oft den CCleaner.
- Wie kann ich prüfen, ob meine gespeicherten Daten infiziert sind? Kann ich das? Muss ich ALLE Passwörter ändern, auch wenn es gar keine Auffälligkeiten im Arbeiten am Notebook gab bis eben gestern Abend das Firefox-Problem?
- Hijackthis hatte ich auch durchlaufen lassen - keine Auffälligkeiten, aber offensichtlich nicht mehr relevant.
- Buttons wie "Add Evernote" und Nokia-Prozesse tauchen auf, obwohl die Programme längst schon deinstalliert sind, auch aus den Program Files.

Vielen Dank für Eure Hilfe und Mühe und

viele Grüße, Ann

Jetzt die Logs (zusätzlich: die 3 MBAM- und 2 Antivir-Logs als Anhang im zip-Archiv anbei.)

OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.10.2011 12:17:14 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\ds\Desktop
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 72,71% Memory free
5,81 Gb Paging File | 4,97 Gb Available in Paging File | 85,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 189,91 Gb Free Space | 66,38% Space Free | Partition Type: NTFS
 
Computer Name: DS-PC | User Name: ds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.10.05 12:06:44 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\ds\Desktop\OTL.exe
PRC - [2011.08.05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011.07.01 07:46:39 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.28 10:23:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.05 12:05:42 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.05 10:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\BASVC.exe
PRC - [2009.09.05 10:17:52 | 003,567,616 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\PdtWzd.exe
PRC - [2009.09.05 10:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009.08.19 16:15:48 | 000,692,224 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009.08.19 16:15:32 | 000,688,128 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009.08.19 16:15:06 | 000,462,848 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009.07.17 17:30:50 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.07.17 17:30:48 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009.04.11 19:31:14 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009.04.08 13:28:22 | 001,067,528 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009.03.23 13:51:32 | 000,117,256 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009.03.16 16:14:00 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2007.11.19 11:19:00 | 000,128,352 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009.09.04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.07.17 17:31:00 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
MOD - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.07.01 07:46:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.28 10:23:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.07.02 21:27:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.09.05 10:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009.08.19 16:15:32 | 000,688,128 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.07.17 17:30:48 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.03.23 13:51:32 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.01 07:46:42 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.01 07:46:42 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.01.11 15:22:36 | 000,029,744 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys)
DRV - [2009.09.15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.09.02 03:59:42 | 000,174,592 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.05.25 22:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86)
DRV - [2009.04.24 08:29:28 | 000,163,840 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.10.01 05:50:50 | 000,010,504 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\GridVista\DPMemGridVista.sys -- (DPMemGridVista)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.03.12 13:52:34 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.05.02 12:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007.05.02 12:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007.05.02 12:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=0609&m=travelmate_8371
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=0609&m=travelmate_8371
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=0609&m=travelmate_8371
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.05 11:40:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.10.05 11:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ds\AppData\Roaming\mozilla\Extensions
[2011.10.05 11:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ds\AppData\Roaming\mozilla\Firefox\Profiles\u4g6exj8.default\extensions
[2011.10.05 11:47:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\ds\AppData\Roaming\mozilla\Firefox\Profiles\u4g6exj8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.10.05 11:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\DS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4G6EXJ8.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\DS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4G6EXJ8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4G6EXJ8.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
[2010.01.11 14:17:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.09.29 09:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D0F387-5F47-487A-B214-41E7772584A4}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16f769b4-1ded-11df-b693-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{16f769b4-1ded-11df-b693-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{261ff78b-1c98-11df-b990-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{261ff78b-1c98-11df-b990-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{261ff78e-1c98-11df-b990-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{261ff78e-1c98-11df-b990-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{261ff794-1c98-11df-b990-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{261ff794-1c98-11df-b990-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{4af6d7b2-0ce4-11df-b683-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{4af6d7b2-0ce4-11df-b683-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{84f8c322-5d48-11df-89ea-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{84f8c322-5d48-11df-89ea-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a9e2d4f4-5b5f-11df-b9c2-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a9e2d4f4-5b5f-11df-b9c2-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{dce0bc62-1deb-11df-b997-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{dce0bc62-1deb-11df-b997-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{dce0bc6f-1deb-11df-b997-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{dce0bc6f-1deb-11df-b997-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e4dbe598-5b5b-11df-b6db-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{e4dbe598-5b5b-11df-b6db-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e4dbe5a9-5b5b-11df-b6db-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{e4dbe5a9-5b5b-11df-b6db-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f7a7ed38-10ea-11e0-9d4a-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{f7a7ed38-10ea-11e0-9d4a-001e331ed9e2}\Shell\AutoRun\command - "" = D:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.10.05 12:06:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\ds\Desktop\OTL.exe
[2011.10.05 11:40:17 | 000,000,000 | ---D | C] -- C:\Users\ds\AppData\Roaming\Mozilla
[2011.10.05 11:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.10.05 00:44:50 | 000,000,000 | ---D | C] -- C:\Users\ds\AppData\Roaming\Malwarebytes
[2011.10.05 00:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.10.05 00:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.10.05 00:44:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.10.05 00:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.05 00:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011.10.05 00:21:48 | 000,000,000 | ---D | C] -- C:\Users\ds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.10.04 20:34:55 | 000,000,000 | ---D | C] -- C:\Users\ds\mozilla-sicherung
[2011.10.04 14:19:28 | 000,000,000 | -HSD | C] -- C:\Users\ds\AppData\Local\3b902557
[2011.09.27 20:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune
[2009.06.04 23:00:58 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.10.05 12:18:08 | 000,011,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.05 12:18:08 | 000,011,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.05 12:15:06 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.10.05 12:15:06 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.10.05 12:15:06 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.10.05 12:15:06 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.10.05 12:10:55 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.05 12:10:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.10.05 12:10:20 | 2339,512,320 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.05 12:08:23 | 000,000,000 | ---- | M] () -- C:\Users\ds\defogger_reenable
[2011.10.05 12:06:44 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\ds\Desktop\OTL.exe
[2011.10.05 11:49:02 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.05 11:40:08 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.05 01:16:48 | 000,050,477 | ---- | M] () -- C:\Users\ds\Desktop\Defogger.exe
[2011.10.05 00:44:25 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.05 00:33:59 | 000,008,754 | ---- | M] () -- C:\Users\ds\Documents\hijackthis.xt
[2011.10.05 00:32:35 | 000,008,730 | ---- | M] () -- C:\Users\ds\Documents\test201110
[2011.10.05 00:21:48 | 000,002,949 | ---- | M] () -- C:\Users\ds\Desktop\HiJackThis.lnk
[2011.10.04 09:16:10 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2011.09.27 20:09:23 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
[2011.09.21 16:11:00 | 000,002,306 | ---- | M] () -- C:\Users\ds\Documents\Fragenkatalog-Regio Köln-Bonn e.V..rtf
 
========== Files Created - No Company Name ==========
 
[2011.10.05 12:08:23 | 000,000,000 | ---- | C] () -- C:\Users\ds\defogger_reenable
[2011.10.05 11:40:08 | 000,001,076 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.10.05 11:40:08 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.10.05 01:16:48 | 000,050,477 | ---- | C] () -- C:\Users\ds\Desktop\Defogger.exe
[2011.10.05 00:44:25 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.10.05 00:33:58 | 000,008,754 | ---- | C] () -- C:\Users\ds\Documents\hijackthis.xt
[2011.10.05 00:32:34 | 000,008,730 | ---- | C] () -- C:\Users\ds\Documents\test201110
[2011.10.05 00:21:48 | 000,002,949 | ---- | C] () -- C:\Users\ds\Desktop\HiJackThis.lnk
[2011.10.04 19:41:41 | 000,001,377 | ---- | C] () -- C:\Users\ds\Desktop\Internet Explorer.lnk
[2011.09.27 20:09:23 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
[2011.09.21 16:11:00 | 000,002,306 | ---- | C] () -- C:\Users\ds\Documents\Fragenkatalog-Regio Köln-Bonn e.V..rtf
[2011.06.10 08:01:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.01.27 17:25:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.01.27 17:25:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2010.12.26 17:46:06 | 000,038,427 | ---- | C] () -- C:\Users\ds\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.12.26 17:05:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2010.12.26 16:58:11 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010.10.24 15:28:50 | 000,007,608 | ---- | C] () -- C:\Users\ds\AppData\Local\Resmon.ResmonCfg
[2010.07.21 18:55:05 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.07.21 18:55:05 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.07.01 15:17:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.20 11:12:17 | 000,011,264 | ---- | C] () -- C:\Users\ds\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.11 15:19:19 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.01.11 15:17:19 | 000,001,496 | R--- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat
[2010.01.11 15:16:42 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010.01.11 15:15:43 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.01.11 15:15:42 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.01.11 15:15:28 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010.01.11 14:37:09 | 000,021,916 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2009.10.02 17:03:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.09.02 18:46:40 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009.07.14 10:47:43 | 000,657,676 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,131,016 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,427,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,618,912 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,232 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.29 21:49:42 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.06.29 21:31:40 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.06.29 21:31:40 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009.06.29 21:31:40 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.04 22:59:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.06.04 15:05:21 | 000,123,780 | R--- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009.06.04 15:05:21 | 000,000,728 | R--- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009.06.04 15:05:21 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2009.06.04 15:05:21 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2009.06.04 15:05:21 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.06.04 15:05:21 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.06.04 15:05:21 | 000,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.09.11 14:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.09.09 11:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll
[2008.09.09 11:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008.03.12 13:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.11.07 06:37:10 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLfNL.DLL
[2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll
 
========== LOP Check ==========
 
[2011.06.17 12:20:22 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\Acer
[2011.03.18 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\Amazon
[2011.05.18 10:45:35 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\Canon
[2011.10.04 09:22:22 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\elsterformular
[2010.01.11 12:42:56 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\eSobi
[2011.09.20 11:44:17 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\FileZilla
[2011.02.28 11:22:58 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\FRITZ!
[2011.04.22 21:44:34 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\GARMIN
[2011.03.30 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\gtk-2.0
[2011.07.22 21:21:37 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\InterVideo
[2011.01.17 22:56:35 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\IrfanView
[2011.01.11 10:42:38 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\Lexware
[2010.01.11 14:25:26 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\OpenOffice.org
[2011.03.16 19:10:44 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\PC Suite
[2010.12.26 17:07:49 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\Samsung
[2011.06.29 13:00:25 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\Tracker Software
[2011.09.07 11:40:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.01.11 13:49:10 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR
[2009.07.14 06:54:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.01.11 14:38:20 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q
[2009.12.10 16:30:57 | 000,000,000 | -H-D | M] -- C:\ACER
[2009.08.15 16:38:09 | 000,000,000 | ---D | M] -- C:\ACERNB
[2009.08.15 16:38:06 | 000,000,000 | ---D | M] -- C:\ACERSW
[2010.07.21 18:52:04 | 000,000,000 | ---D | M] -- C:\BlueByte
[2009.06.04 15:52:49 | 000,000,000 | ---D | M] -- C:\book
[2011.06.10 08:43:35 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.05.22 18:25:36 | 000,000,000 | ---D | M] -- C:\Daten
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.08.15 16:35:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2009.06.04 14:56:44 | 000,000,000 | ---D | M] -- C:\Intel
[2010.05.09 13:47:13 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.12.10 12:54:52 | 000,000,000 | ---D | M] -- C:\OEM
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.10.05 11:40:05 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.10.05 00:44:24 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.08.15 16:35:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.01.11 15:00:13 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.10.05 12:19:59 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.01.11 14:31:51 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.05 01:02:22 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-04 14:08:25
 
<           >

< End of report >
--- --- ---


___________________________________________________________________


OTL - Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.10.2011 12:17:14 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\ds\Desktop
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,91 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 72,71% Memory free
5,81 Gb Paging File | 4,97 Gb Available in Paging File | 85,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 189,91 Gb Free Space | 66,38% Space Free | Partition Type: NTFS
 
Computer Name: DS-PC | User Name: ds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2931F734-260D-4E83-87B3-A9FE8E873192}_is1" = PDF-XChange Shell Extensions
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}" = TAXMAN 2011
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{61356085-6C51-4DC9-99E6-33ED72304690}" = OmmWriter
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67C331C0-B345-4617-85B8-AF3D803915D8}_is1" = Xpert-Timer LIGHT Version 1.7.0.526 (ENGLISH)
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Acer Screensaver" = Acer ScreenSaver
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular 11.5.0.4546" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.0
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GridVista" = GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"WinGimp-2.0_is1" = GIMP 2.6.7
"Zune" = Zune
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.03.2011 13:00:40 | Computer Name = ds-PC | Source = Nokia Software Installer | ID = 1
Description = Nokia Software Installer 3.1.452 (NLib 0.7.487)  Das System kann die
 angegebene Datei nicht finden.  errorcode: -2147024894  File: C:\Users\ds\AppData\Local\Temp\WPDNSE\{72017055-8E6B-5DF0-2D23-5CDB763B54CC}\Resources\icon_exclamation.png

Stack
 trace:  .\NSInstaller2.cpp(497) : wWinMain  .\InstallerDlgDefAppearance.cpp(205) : 
CInstallerDlgDefAppearance::LoadConfigFromXml  .\NImage.cpp(51) : CNImage::Load  .\NFileUtilities.cpp(132)
 : CNFileUtilities::CheckFileExists  .\NFileUtilities.cpp(128) : CNFileUtilities::CheckFileExists

 
Error - 16.03.2011 13:11:12 | Computer Name = ds-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NokiaOviSuite.exe, Version: 3.0.0.290,
 Zeitstempel: 0x4d46886f  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624,
 Zeitstempel: 0x4c297c56  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f36a  ID des fehlerhaften
 Prozesses: 0x14e8  Startzeit der fehlerhaften Anwendung: 0x01cbe3fc766f8686  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\ole32.dll  Berichtskennung: 64932327-4ff0-11e0-bd2f-001e331ed9e2
 
Error - 17.03.2011 07:12:41 | Computer Name = ds-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 17.03.2011 07:12:41 | Computer Name = ds-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 17.03.2011 07:13:29 | Computer Name = ds-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.03.2011 02:28:25 | Computer Name = ds-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.03.2011 02:28:25 | Computer Name = ds-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.03.2011 08:37:28 | Computer Name = ds-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.03.2011 08:37:28 | Computer Name = ds-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 18.03.2011 08:38:20 | Computer Name = ds-PC | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 31.10.2010 09:36:23 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.11.2010 04:29:20 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2499
 seconds with 1680 seconds of active time.  This session ended with a crash.
 
Error - 18.11.2010 11:16:39 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12526
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 09.12.2010 17:28:14 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.04.2011 10:03:16 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 15.06.2011 07:59:55 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 568
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 01.07.2011 02:23:00 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 73
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.07.2011 01:18:54 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 113
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 22.09.2011 01:12:25 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 91
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.10.2011 14:41:14 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 124
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 04.10.2011 19:03:00 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 04.10.2011 19:45:18 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Dritek WMI Service" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%0.
 
Error - 05.10.2011 02:35:13 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 05.10.2011 02:35:15 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 05.10.2011 05:32:17 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Dritek WMI Service" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%0.
 
Error - 05.10.2011 05:33:35 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 05.10.2011 05:33:36 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 05.10.2011 06:09:32 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Dritek WMI Service" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%0.
 
Error - 05.10.2011 06:10:55 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 05.10.2011 06:10:58 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
 
< End of report >
--- --- ---


______________________________________________________________

GMER:

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-10-05 12:58:04
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST932032 rev.0303
Running: 8bczpnb0.exe; Driver: C:\Users\ds\AppData\Local\Temp\pgtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT            94253556                                                                                         ZwCreateSection
SSDT            9425355B                                                                                         ZwSetContextThread
SSDT            942534F7                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKey + 13D1                                                                    83087349 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           830C0D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              830C7EAC 4 Bytes  [56, 35, 25, 94]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              830C824C 4 Bytes  [5B, 35, 25, 94]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 166F                                                              830C8324 4 Bytes  [F7, 34, 25, 94]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556ef9a0f                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556ef9a0f@c8df7c89236b         0x39 0x22 0x1B 0x12 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556ef9a0f@78471da65bb7         0x14 0xF3 0x65 0x52 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556ef9a0f (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556ef9a0f@c8df7c89236b             0x39 0x22 0x1B 0x12 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556ef9a0f@78471da65bb7             0x14 0xF3 0x65 0x52 ...

---- EOF - GMER 1.0.15 ----
--- --- ---
Geändert von Anneschdo (05.10.2011 um 12:46 Uhr) Grund: Forum verrutscht, soll kein CrossPosting sein, ggf. bitte verschieben, falls nicht richtig

 

Themen zu Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?
7-zip, adobe, antivir, application/pdf, application/pdf:, autorun, avira, backdoor.papras, bho, c:\windows\system32\rundll32.exe, canon, dateianhang, defender, error, excel, explorer, format, frage, ftp, hijack, hijackthis, install.exe, locker, malware, microsoft office 2003, microsoft office word, neuaufsetzung, office 2007, plug-in, popup, prüfen, realtek, registry, rundll, security, software, studio, tracker, trojaner, usb 2.0, version=1.0, webcheck, windows-firewall, winlogon.exe, ändern


« Facebook Virus - PC Bluesceen bei Systemstart - Absturz - fährt immer wieder neu hoch | Firefox friert ohne erkennbare Regelmäßigkeit ein »


Ähnliche Themen: Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?


  1. Windows 8: Mc Afee entdeckt verschiedene Viren und Trojaner, unter anderem PUP.FNK und PUP.FKS
    Log-Analyse und Auswertung - 12.01.2015 (13)
  2. Trojaner entfernt, trotzdem kein Zugriff auf verschiedene Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 04.11.2014 (3)
  3. Windows 7: Rechner sehr langsam, MBAM findet immer wieder verschiedene Trojaner wie PUP.Optional.SystemSpeedup, Mindspark, PriceGong etc.
    Log-Analyse und Auswertung - 07.09.2014 (10)
  4. BKA-Trojaner nach System Neuaufsetzung wirklich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 25.07.2013 (8)
  5. 25 verschiedene Trojaner bzw. Malware,Exploit und backdoor server!
    Log-Analyse und Auswertung - 15.01.2013 (21)
  6. Ist das zeroaccess rootkit auch ohne Neuaufsetzung zu beseitigen?
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (1)
  7. TR/ATRAPS.GEN entdeckt und erfolgreich entfernt – geht das?
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (33)
  8. Win32.Backdoor.Papras/A - Rechner infiziert; werde Trojaner nicht los
    Plagegeister aller Art und deren Bekämpfung - 08.02.2011 (13)
  9. Verschiedene Trojaner machen ne Party bei mir: Dropper.gen trojan.agent und backdoor.gen
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (33)
  10. AntiVir meldete verschiedene Trojaner - habe ich sie erfolgreich entfernt?
    Plagegeister aller Art und deren Bekämpfung - 13.12.2010 (19)
  11. Trojaner win32.backdoor.papras/a
    Plagegeister aller Art und deren Bekämpfung - 15.07.2010 (31)
  12. Möglicher Trojaner/Backdoor-Befall nach Neuaufsetzung!
    Log-Analyse und Auswertung - 02.01.2010 (2)
  13. Verschiedene Generic Trojaner entdeckt. Wie kann man sie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 18.07.2008 (0)
  14. Verschiedene Generic Trojaner entdeckt. Wie kann man sie entfernen?
    Mülltonne - 18.07.2008 (0)
  15. Verschiedene Generic Trojaner entdeckt. Wie kann man sie entfernen?
    Mülltonne - 17.07.2008 (0)
  16. PC stürzt ab! Verschiedene Trojaner entdeckt!
    Log-Analyse und Auswertung - 21.06.2007 (10)
  17. Neuaufsetzung nach Backdoor-Virus
    Log-Analyse und Auswertung - 19.04.2006 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? - Liebe Experten, hier meine Frage von gestern Nacht jetzt aber inklusive aller Logfiles und etwas sortierter als im Ursprungspost (ich habe schon um Löschung des alten Posts gebeten, der war - Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?...
Archiv
Du betrachtest: Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131