Trojaner TR/Drop.Croff.A, TR/Offend.KD.448731, TR/crypt.epack.gen und Java-Scriptvirus JS/Toieung.A

Spekulatius · 10.12.2011, 13:56

Hallo zusammen,
ich hoffe Ihr könnt mir weiterhelfen! Ich habe mir auf meinem Rechner leider so einiges eingefangen:
Avira AntiVir zeigt mir folgende Warnungen an:
TR/Drop.Croff.A
TR/Offend.KD.448731
TR/crypt.epack.gen
Java-Scriptvirus JS/Toieung.A

Habe entsprechend Eurer Anleitung zur Eröffnung eines Themas Folgendes gemacht:

defogger:
Keine Fehlermeldung (hat nicht zum Neustart aufgefordert, ist das ein Problem?)

OTL:
Logfile OTL.txt:
OTL logfile created on: 10.12.2011 11:54:08 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1013,82 Mb Total Physical Memory | 353,67 Mb Available Physical Memory | 34,88% Memory free
2,22 Gb Paging File | 1,16 Gb Available in Paging File | 51,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,70 Gb Total Space | 10,14 Gb Free Space | 10,17% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,40 Gb Free Space | 64,05% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.12.10 11:50:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.08 22:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Programme\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.07.20 17:21:40 | 000,323,280 | ---- | M] (Napster) -- C:\Programme\Napster\napster.exe
PRC - [2009.08.08 12:17:06 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.06.26 19:27:46 | 000,312,320 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2007.04.03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.03.15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Programme\DellSupport\DSAgnt.exe
PRC - [2007.02.20 13:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2007.02.08 06:11:04 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007.02.08 06:11:00 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2006.11.05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006.11.05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006.11.02 10:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006.10.13 11:31:34 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe

========== Modules (No Company Name) ==========

MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.01.11 00:25:48 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.07.31 17:10:45 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2007.02.20 13:01:18 | 000,105,184 | ---- | M] () -- C:\Programme\Dell\QuickSet\dadkeyb.dll
MOD - [2006.11.15 19:08:02 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006.11.15 19:07:56 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll
MOD - [2006.11.05 10:58:44 | 000,516,096 | ---- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006.11.05 10:28:18 | 004,587,520 | R--- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.02.21 00:52:02 | 000,322,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.02.21 00:52:02 | 000,322,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.08.08 12:17:06 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007.06.13 14:33:49 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.04.03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.03.07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007.02.08 06:11:00 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - [2011.12.09 21:51:34 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.11.16 12:18:27 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.12.07 23:53:43 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.04.03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.03.12 05:49:54 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007.02.25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007.02.08 06:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.01.31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.20 20:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.20 20:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.20 20:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.12 00:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.10.30 18:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0070609
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0070609
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0070609
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.23 09:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.23 09:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 17:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.27 13:36:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5054 [2011.12.09 21:52:52 | 000,000,000 | ---D | M]

[2008.09.08 21:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.10.22 21:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fwuw6id.default\extensions
[2010.07.23 18:55:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fwuw6id.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.07 06:33:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fwuw6id.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.10.22 21:47:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fwuw6id.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.04.12 15:43:52 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fwuw6id.default\extensions\moveplayer@movenetworks.com
[2011.11.11 17:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.06.26 12:12:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.12.09 21:52:52 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\***\APPDATA\ROAMING\5054
[2011.11.11 17:05:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2011.10.09 22:37:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.09 22:37:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.09 22:37:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.09 22:37:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.09 22:37:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.09 22:37:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot File not found
O4 - HKLM..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (Steuerung des DownloadManager )
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55759925-22C0-4037-A870-C0D677EB88F3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programme\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\Pictures\2010\New York\New\RIMG1434.JPG
O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\2010\New York\New\RIMG1434.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{488cb7bb-3e2c-11df-950a-f16578a91cd4}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe
O33 - MountPoints2\{f56b4739-ac1c-11df-8bdc-da4a1febea92}\Shell - "" = AutoRun
O33 - MountPoints2\{f56b4739-ac1c-11df-8bdc-da4a1febea92}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 0
MsConfig - State: "services" - 0

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.12.10 11:50:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.12.09 22:48:23 | 000,203,728 | ---- | C] (Adobe Systems, Incorporated) -- C:\Users\***\AppData\Roaming\AcroIEHelpe060.dll
[2011.12.09 21:52:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5054
[2011.12.09 21:51:34 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.09 21:34:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.12.09 21:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.09 21:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.09 21:34:32 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 21:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.09 21:32:02 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.07 20:32:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\UAs
[2011.12.06 21:01:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5053
[2011.12.06 21:01:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xmldm
[2011.12.06 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\kock
[2011.12.02 12:43:59 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ebay-Konto
[2011.11.29 21:56:16 | 000,000,000 | ---D | C] -- C:\b4d29411b4abeb3a2e8d8e97d5
[2011.11.28 23:04:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Julia
[2011.11.27 18:53:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.11.23 09:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.23 09:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.23 09:21:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.22 21:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.12.10 12:03:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.10 11:50:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.12.10 11:47:21 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.12.10 11:46:01 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.12.10 11:31:49 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.10 11:24:46 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.10 11:24:46 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.10 11:24:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.09 21:51:34 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.12.09 21:34:38 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.09 21:32:28 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.09 21:27:45 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2011.12.07 21:22:43 | 000,040,330 | ---- | M] () -- C:\Users\***\Desktop\391166_281130305261958_100000949735962_798838_937651639_n.jpg
[2011.12.01 08:30:26 | 000,704,422 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.01 08:30:26 | 000,662,002 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.01 08:30:26 | 000,138,514 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.01 08:30:26 | 000,121,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.27 18:53:18 | 164,240,400 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.11.23 10:18:48 | 000,056,996 | ---- | M] () -- C:\Users\***\Desktop\391052_10150941745505078_545460077_22055348_2037490511_n.jpg
[2011.11.23 09:27:43 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.12.10 11:47:21 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.12.10 11:45:57 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.12.09 21:34:38 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.07 21:22:31 | 000,040,330 | ---- | C] () -- C:\Users\***\Desktop\391166_281130305261958_100000949735962_798838_937651639_n.jpg
[2011.12.06 21:01:37 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2011.11.27 18:52:53 | 164,240,400 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.11.23 10:18:23 | 000,056,996 | ---- | C] () -- C:\Users\***\Desktop\391052_10150941745505078_545460077_22055348_2037490511_n.jpg
[2011.11.23 09:27:43 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.03.06 23:45:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007.09.18 17:10:20 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2007.09.18 17:10:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2007.08.16 17:16:56 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2007.08.16 17:16:56 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2007.08.16 17:16:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2007.08.16 17:16:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2007.08.16 17:16:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2007.08.16 17:16:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2007.08.16 17:11:30 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2007.08.16 17:11:30 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2007.07.16 09:39:31 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2007.07.13 18:56:11 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.06.26 12:26:58 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2007.06.26 11:58:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.06.16 08:50:36 | 000,004,892 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2007.06.13 21:55:35 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.06.13 14:21:37 | 000,168,448 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.09 19:33:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007.06.09 19:33:32 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007.06.09 19:33:32 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.06.09 19:33:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007.06.09 19:33:18 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.06.09 19:33:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.04.03 15:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006.11.15 19:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.07 20:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 16:33:31 | 000,704,422 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,138,514 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,387,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,662,002 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,121,670 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.09.16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2011.12.06 21:01:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5053
[2011.12.09 21:52:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5054
[2011.10.22 21:47:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.10.22 21:47:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.11.21 14:40:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hansenet
[2011.12.06 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2011.01.23 09:21:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local
[2009.06.14 17:20:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.12.07 20:32:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2011.12.06 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2011.12.10 00:46:51 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >
[2007.06.13 14:08:48 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.11.29 21:56:22 | 000,000,000 | ---D | M] -- C:\b4d29411b4abeb3a2e8d8e97d5
[2006.11.15 19:24:50 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.11.23 16:30:35 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2007.06.13 14:37:24 | 000,000,000 | ---D | M] -- C:\DELL
[2007.06.09 19:27:38 | 000,000,000 | ---D | M] -- C:\doctemp
[2007.06.13 14:03:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2007.06.09 19:27:29 | 000,000,000 | ---D | M] -- C:\Drivers
[2007.08.24 14:37:53 | 000,000,000 | ---D | M] -- C:\inetpub
[2007.06.13 14:08:52 | 000,000,000 | ---D | M] -- C:\Intel
[2011.12.10 11:32:40 | 000,000,000 | ---D | M] -- C:\MDT
[2011.12.09 21:34:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.09 21:34:37 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2007.06.13 14:03:20 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.10 11:58:04 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.06.17 18:49:52 | 000,000,000 | ---D | M] -- C:\Temp
[2007.06.13 14:07:36 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.27 18:53:18 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< MD5 for: AFD.SYS >
[2006.11.02 09:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\System32\drivers\afd.sys
[2006.11.02 09:58:43 | 000,270,336 | ---- | M] (Microsoft Corporation) MD5=5D24CAF8EFD924A875698FF28384DB8B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6000.16386_none_d5b1809661820e7c\afd.sys
[2008.01.19 06:57:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys

< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.02.26 19:48:11 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.02.26 19:48:10 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: REGEDIT.EXE >
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

< MD5 for: USERINIT.EXE >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WININIT.EXE >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-09 20:10:55

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\WLAN:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Versicherung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\USB-Stick:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Uni:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Spaß:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Shops:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Seehofstr:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Rezepte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Programme:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\outlook contact:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\outlook calendar:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\O2_Handyrechnung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Kreditkarte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Karneval:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Julia_Jens:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Häuser:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\flugbestaetigung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\ebay-Konto:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\DVDs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Comdirect:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Capire Ferrero:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Bordeaux:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Bewerbungen Praktika:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Bewerbung_Trainee:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Barbie_Kicker.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Australien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Alice Telefon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Steuererklärung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Ringe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Dunstabzugshaube:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Bilder entwickeln:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Australienalbum:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\391166_281130305261958_100000949735962_798838_937651639_n.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\391052_10150941745505078_545460077_22055348_2037490511_n.jpg:Roxio EMC Stream
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE

< End of report >

Logfile Extras.txt:
OTL Extras logfile created on: 10.12.2011 11:54:08 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1013,82 Mb Total Physical Memory | 353,67 Mb Available Physical Memory | 34,88% Memory free
2,22 Gb Paging File | 1,16 Gb Available in Paging File | 51,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,70 Gb Total Space | 10,14 Gb Free Space | 10,17% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,40 Gb Free Space | 64,05% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D55831-ECD5-4707-8F47-C093E2C12E98}" = rport=139 | protocol=6 | dir=out | app=system |
"{1E51854D-E9E6-4B21-A946-98296982B08A}" = lport=139 | protocol=6 | dir=in | app=system |
"{44B39939-A472-4BDF-BECA-173886D37034}" = lport=137 | protocol=17 | dir=in | app=system |
"{649C3D9C-1BC2-4D1E-B2D6-0A92DE33861B}" = lport=445 | protocol=6 | dir=in | app=system |
"{705B0F1B-6124-4258-8E10-D9E003DD836A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{98AD0570-C85A-42D5-B88E-3928305A8A09}" = lport=138 | protocol=17 | dir=in | app=system |
"{B01D8004-AEEE-4AF8-896C-49C8C5483E16}" = rport=137 | protocol=17 | dir=out | app=system |
"{BEB1317F-7171-443A-B15E-F45FAB283CDD}" = rport=445 | protocol=6 | dir=out | app=system |
"{CCE46412-D7BF-4EA4-8A90-7BAD8340C183}" = rport=138 | protocol=17 | dir=out | app=system |
"{FAC53328-F544-470F-95EF-2DA2811CF3B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EB58040-280E-4282-B4AF-61B4D54C8BEC}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{32547EB2-04E5-4194-869B-E939436E2F37}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{406D743A-892D-4B2C-9810-BA82037D33C5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{55FEFD8A-B89E-4A75-BED5-2AFFA78417C6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5816C0E8-2E89-4823-9B37-781DB2FC7461}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E401F9B-4E53-46F4-A6DE-717CD998B257}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B38EA284-37EB-4195-BD26-2570F0F28F15}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B5C4917D-2515-443B-A1D8-414B012B85E9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA1D351D-976C-46E2-B7DA-31934C7D87F8}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{CCC544D8-64A9-4720-BE43-EDB2313F4A5E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ECE2D387-4CA3-4E02-8C6B-2CC1A146EB4D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{43075C91-6BCA-4768-A28B-C5DD8ABD971F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{449AF455-264F-4307-B443-286EC8B8FA89}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{63EF905C-ED13-4172-97FC-213D84B58BCA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{93CEE3ED-12C2-4F8B-A11A-C315CA93E4B4}C:\program files\napster\napster.exe" = protocol=6 | dir=in | app=c:\program files\napster\napster.exe |
"TCP Query User{D3542F77-9A30-46ED-A378-866A6983447F}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{358C4848-6758-48B4-87B0-1841B0D9B883}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4DB32ED4-18D0-41BF-B55D-FB5543680E79}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{73598DC0-388D-47FF-9040-212E8C666605}C:\program files\napster\napster.exe" = protocol=17 | dir=in | app=c:\program files\napster\napster.exe |
"UDP Query User{8CF5541F-E2C3-4DDE-962B-442DBE57CB2C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DB935ABC-A7DF-4326-BD1C-F9B1DF9E3B73}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0FD60254-35B7-4915-862B-26847C9FE8DE}" = Tunebite
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = Benutzerhandbuch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Assistant zum Anpassen des Dell-Systems
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Alice Software" = Alice Software 4.10.0
"AndreaMosaicVersion3" = AndreaMosaic 3.20
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DivX Setup.divx.com" = DivX-Setup
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Desktop" = Google Desktop
"GSview 4.8" = GSview 4.8
"GSview 4.9" = GSview 4.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"PDF Blender" = PDF Blender
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31.01.2010 18:34:49 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 31.01.2010 18:35:14 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 31.01.2010 18:35:50 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 31.01.2010 18:37:11 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 31.01.2010 18:38:17 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 31.01.2010 18:38:57 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 31.01.2010 19:02:01 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 31.01.2010 19:03:33 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 02.02.2010 16:13:56 | Computer Name = Home-PC | Source = RasClient | ID = 20227
Description =

Error - 02.02.2010 18:09:25 | Computer Name = Home-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 04.12.2011 09:05:20 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04.12.2011 09:06:16 | Computer Name = Home-PC | Source = DCOM | ID = 10010
Description =

Error - 05.12.2011 16:28:10 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 05.12.2011 16:30:50 | Computer Name = Home-PC | Source = DCOM | ID = 10010
Description =

Error - 06.12.2011 15:43:03 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 07.12.2011 15:31:29 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 08.12.2011 16:07:30 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 09.12.2011 15:59:28 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 09.12.2011 19:44:15 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10.12.2011 06:26:16 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

gmer:
Bei gmer (hab ein 32 bit System) habe ich den Scan gestartet, wenig später hat sich mein PC automatisch runtergefahren. Hab es noch ein 2. Mal probiert, Windows fährt wieder runter :-(

Malwarebytes:
Ich hatte schon gestern Abend den Vollscan von Malwarebytes drüberlaufen lassen:
Ziemlich am Anfang kam folgende Meldung:
Malwarebytes hat den Ausführungsversuch eines bösartigen Prozesses festgestellt und dessen Ausführung unterbunden
C:\USERS\***\APPDATA\ROAMING\ACROIEHELPE060.DLL (TROJAN.PASSWORDS)
--> Hab auf Quarantäne geklickt

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8344

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

10.12.2011 00:37:59
mbam-log-2011-12-10 (00-37-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 323970
Laufzeit: 2 Stunde(n), 36 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A} (Trojan.Passwords) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Passwords) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Backdoor.Agent) -> Value: Userinit -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Roaming\acroiehelpe059.dll (Trojan.Passwords) -> No action taken.
c:\Users\***\AppData\LocalLow\Sun\Java\deployment\cache\6.0\34\4ce291e2-5a0625cd (Trojan.Zbot.CBCGen) -> No action taken.
c:\Users\***\documents\Spaß\Tests\langeweile1.exe (PUP.Joke.Langeweile) -> No action taken.
c:\Users\***\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> No action taken.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\0.9352774845792712.exe.lnk (Backdoor.Agent) -> No action taken.

Ich hoffe sehr, dass Ihr mir weiterhelfen könnt! Vorab schon mal ganz lieben Dank!!!

cosinus · 12.12.2011, 12:18

Zitat:

Avira AntiVir zeigt mir folgende Warnungen an:
TR/Drop.Croff.A
TR/Offend.KD.448731
TR/crypt.epack.gen
Java-Scriptvirus JS/Toieung.A

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Zitat:

-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Spekulatius · 13.12.2011, 00:16

Hallo Arne,
vielen Dank für Deine Antwort!

Hier ist der AntiVir-Bericht:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 12. Dezember 2011 21:08

Es wird nach 3560421 Virenstämmen gesucht.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (plain) [6.0.6000]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : HOME-PC

Versionsinformationen:
BUILD.DAT : 9.0.0.429 21701 Bytes 06.10.2010 09:59:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 19.11.2009 19:51:06
AVSCAN.DLL : 9.0.3.0 49409 Bytes 13.02.2009 11:04:10
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:44
LUKERES.DLL : 9.0.2.0 13569 Bytes 26.01.2009 09:41:59
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 19:51:01
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 17:31:35
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 21:15:33
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 20:14:15
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31.05.2011 19:20:32
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07.07.2011 18:58:39
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16.08.2011 21:19:20
VBASE007.VDF : 7.11.15.106 2389504 Bytes 05.10.2011 20:12:07
VBASE008.VDF : 7.11.18.32 2132992 Bytes 24.11.2011 22:08:42
VBASE009.VDF : 7.11.18.33 2048 Bytes 24.11.2011 22:08:43
VBASE010.VDF : 7.11.18.34 2048 Bytes 24.11.2011 22:08:43
VBASE011.VDF : 7.11.18.35 2048 Bytes 24.11.2011 22:08:43
VBASE012.VDF : 7.11.18.36 2048 Bytes 24.11.2011 22:08:43
VBASE013.VDF : 7.11.18.89 204800 Bytes 28.11.2011 21:05:38
VBASE014.VDF : 7.11.18.145 143872 Bytes 01.12.2011 00:05:57
VBASE015.VDF : 7.11.18.180 173056 Bytes 02.12.2011 12:01:15
VBASE016.VDF : 7.11.18.208 164864 Bytes 05.12.2011 20:29:11
VBASE017.VDF : 7.11.18.239 177152 Bytes 06.12.2011 20:29:20
VBASE018.VDF : 7.11.19.36 171520 Bytes 09.12.2011 20:29:44
VBASE019.VDF : 7.11.19.37 2048 Bytes 09.12.2011 20:29:45
VBASE020.VDF : 7.11.19.38 2048 Bytes 09.12.2011 20:29:45
VBASE021.VDF : 7.11.19.39 2048 Bytes 09.12.2011 20:29:45
VBASE022.VDF : 7.11.19.40 2048 Bytes 09.12.2011 20:29:45
VBASE023.VDF : 7.11.19.41 2048 Bytes 09.12.2011 20:29:45
VBASE024.VDF : 7.11.19.42 2048 Bytes 09.12.2011 20:29:46
VBASE025.VDF : 7.11.19.43 2048 Bytes 09.12.2011 20:29:46
VBASE026.VDF : 7.11.19.44 2048 Bytes 09.12.2011 20:29:46
VBASE027.VDF : 7.11.19.45 2048 Bytes 09.12.2011 20:29:46
VBASE028.VDF : 7.11.19.46 2048 Bytes 09.12.2011 20:29:46
VBASE029.VDF : 7.11.19.47 2048 Bytes 09.12.2011 20:29:46
VBASE030.VDF : 7.11.19.48 2048 Bytes 09.12.2011 20:29:46
VBASE031.VDF : 7.11.19.72 136192 Bytes 12.12.2011 19:51:12
Engineversion : 8.2.6.134
AEVDF.DLL : 8.1.2.2 106868 Bytes 25.10.2011 20:22:23
AESCRIPT.DLL : 8.1.3.90 491899 Bytes 08.12.2011 20:42:54
AESCN.DLL : 8.1.7.2 127349 Bytes 05.12.2010 14:46:13
AESBX.DLL : 8.2.4.5 434549 Bytes 02.12.2011 00:06:23
AERDL.DLL : 8.1.9.15 639348 Bytes 10.09.2011 17:53:13
AEPACK.DLL : 8.2.14.5 741751 Bytes 08.12.2011 20:42:14
AEOFFICE.DLL : 8.1.2.21 201084 Bytes 02.12.2011 00:06:16
AEHEUR.DLL : 8.1.3.6 3895670 Bytes 08.12.2011 20:40:47
AEHELP.DLL : 8.1.18.0 254327 Bytes 25.10.2011 20:22:16
AEGEN.DLL : 8.1.5.17 405877 Bytes 08.12.2011 20:30:17
AEEMU.DLL : 8.1.3.0 393589 Bytes 05.12.2010 14:45:52
AECORE.DLL : 8.1.24.0 196983 Bytes 25.10.2011 20:22:15
AEBB.DLL : 8.1.1.0 53618 Bytes 23.04.2010 20:35:15
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:56
AVPREF.DLL : 9.0.3.0 44289 Bytes 08.09.2009 14:34:36
AVREP.DLL : 10.0.0.9 174120 Bytes 04.03.2011 21:12:56
AVREG.DLL : 9.0.0.0 36609 Bytes 07.11.2008 14:25:04
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:37
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:04
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:28
NETNT.DLL : 9.0.0.0 11521 Bytes 07.11.2008 14:41:21
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 14:35:17
RCTEXT.DLL : 9.0.73.0 87297 Bytes 19.11.2009 19:50:54

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: c:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Montag, 12. Dezember 2011 21:08

Der Suchlauf nach versteckten Objekten wird begonnen.
Es wurden '136052' Objekte überprüft, '0' versteckte Objekte wurden gefunden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CPSHelpRunner.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WmiPrvSE.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'quickset.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DLG.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DSAgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DDMService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'napster.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleDesktop.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'PCMService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RoxWatchTray9.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sttray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RoxMediaDB9.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'XAudio.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'stacsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RoxWatch9.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cvpnd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'audiodg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '71' Prozesse mit '71' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '54' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei.
[HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\59d1b301-6ac9d459
[0] Archivtyp: ZIP
--> Market.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/2011-3544.A
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4592ce11-41f8b35f
[FUND] Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\3f3db65f-7a105d14
[0] Archivtyp: ZIP
--> v1.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Tharra.B
C:\Users\***\AppData\Roaming\AcroIEHelpe060.dll
[FUND] Ist das Trojanische Pferd TR/Offend.kdv.467480
C:\Users\***\AppData\Roaming\5053\components\AcroFF.dll
[FUND] Ist das Trojanische Pferd TR/Drop.Croff.A
C:\Users\***\AppData\Roaming\5053\components\AcroFF0.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.245760.2
C:\Users\***\AppData\Roaming\5053\components\AcroFF6.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.266240.4
C:\Users\***\AppData\Roaming\5053\components\AcroFF7.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.237568.7
C:\Users\***\AppData\Roaming\5053\components\AcroFF8.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.237568.6
C:\Users\***\AppData\Roaming\5054\components\AcroFF054.dll
[0] Archivtyp: RSRC
--> Object
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.266240.4
--> Object
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.237568.7
--> Object
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.237568.6
C:\Users\***\AppData\Roaming\5054\components\AcroFF0546.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.266240.4
C:\Users\***\AppData\Roaming\5054\components\AcroFF0547.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.237568.7
C:\Users\***\AppData\Roaming\5054\components\AcroFF0548.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.237568.6
Beginne mit der Suche in 'D:\' <RECOVERY>

Beginne mit der Desinfektion:
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\59d1b301-6ac9d459
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f4a88b1.qua' verschoben!
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\4592ce11-41f8b35f
[FUND] Ist das Trojanische Pferd TR/Crypt.EPACK.Gen2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f1f88ae.qua' verschoben!
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\3f3db65f-7a105d14
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f1988df.qua' verschoben!
C:\Users\***\AppData\Roaming\AcroIEHelpe060.dll
[FUND] Ist das Trojanische Pferd TR/Offend.kdv.467480
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f5888dc.qua' verschoben!
C:\Users\***\AppData\Roaming\5053\components\AcroFF.dll
[FUND] Ist das Trojanische Pferd TR/Drop.Croff.A
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4acd3c2d.qua' verschoben!
C:\Users\***\AppData\Roaming\5053\components\AcroFF0.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.245760.2
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4dcadf05.qua' verschoben!
C:\Users\***\AppData\Roaming\5053\components\AcroFF6.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.266240.4
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ac04495.qua' verschoben!
C:\Users\***\AppData\Roaming\5053\components\AcroFF7.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.237568.7
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4add4665.qua' verschoben!
C:\Users\***\AppData\Roaming\5053\components\AcroFF8.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.237568.6
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ade5e5d.qua' verschoben!
C:\Users\***\AppData\Roaming\5054\components\AcroFF054.dll
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4adf5695.qua' verschoben!
C:\Users\***\AppData\Roaming\5054\components\AcroFF0546.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.266240.4
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ad06ecd.qua' verschoben!
C:\Users\***\AppData\Roaming\5054\components\AcroFF0547.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.237568.7
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4f5888dd.qua' verschoben!
C:\Users\***\AppData\Roaming\5054\components\AcroFF0548.dll
[FUND] Enthält Erkennungsmuster der Ad- oder Spyware ADSPY/Agent.237568.6
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4aec5e2e.qua' verschoben!

Ende des Suchlaufs: Dienstag, 13. Dezember 2011 00:04
Benötigte Zeit: 2:49:09 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

27870 Verzeichnisse wurden überprüft
506325 Dateien wurden geprüft
15 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
13 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
506309 Dateien ohne Befall
2895 Archive wurden durchsucht
1 Warnungen
14 Hinweise
136052 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Bei Malwarebytes hat sich am Ende des Suchlaufes ein Fenster geöffnet ("Liste der bösartigen Programme, die auf Ihrem System gefunden wurden") - habe diese entfernt!

Wie muss ich weiter vorgehen?
Danke für Deine Hilfe!!

cosinus · 13.12.2011, 11:01

Zitat:

Bei Malwarebytes hat sich am Ende des Suchlaufes ein Fenster geöffnet

Das Log dazu bitte auch posten!

Spekulatius · 13.12.2011, 23:51

Hier das Log dazu:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8344

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

10.12.2011 00:39:15
mbam-log-2011-12-10 (00-39-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 323970
Laufzeit: 2 Stunde(n), 36 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{EFF39A40-C163-4d5d-B073-52FBB55C646A} (Trojan.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EFF39A40-C163-4D5D-B073-52FBB55C646A} (Trojan.Passwords) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Userinit (Backdoor.Agent) -> Value: Userinit -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Roaming\acroiehelpe059.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\Users\***\AppData\LocalLow\Sun\Java\deployment\cache\6.0\34\4ce291e2-5a0625cd (Trojan.Zbot.CBCGen) -> Quarantined and deleted successfully.
c:\Users\***\documents\Spaß\Tests\langeweile1.exe (PUP.Joke.Langeweile) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\appconf32.exe (Backdoor.Agent) -> Delete on reboot.
c:\Users\***\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\0.9352774845792712.exe.lnk (Backdoor.Agent) -> Quarantined and deleted successfully.

Sind die Trojaner damit tatsächlich schon vom Rechner verschwunden?

cosinus · 14.12.2011, 11:35

Das ist ja schon wieder ein paar Tage her.
Bitte Malwarebytes updaten und einen neuen Vollscan machen

Spekulatius · 14.12.2011, 21:57

So, hier nun das neue Log:

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8370

Windows 6.0.6000
Internet Explorer 7.0.6000.17037

14.12.2011 21:40:46
mbam-log-2011-12-14 (21-40-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 318003
Laufzeit: 2 Stunde(n), 5 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Sieht doch ganz gut aus, oder?

cosinus · 14.12.2011, 22:00

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Spekulatius · 15.12.2011, 08:42

Hier das neue Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8ed0d45af00b984393f789e814b97980
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-15 07:15:24
# local_time=2011-12-15 08:15:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6000 NT
# compatibility_mode=1797 16775141 100 100 115201 99447443 0 0
# compatibility_mode=5892 16776573 100 100 48888 161464864 0 0
# compatibility_mode=8192 67108863 100 0 210 210 0 0
# scanned=23909
# found=0
# cleaned=0
# scan_time=1209

cosinus · 15.12.2011, 11:40

Mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Spekulatius · 15.12.2011, 21:43

So, hier das neue OTL-Log:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.12.2011 20:33:22 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,82 Mb Total Physical Memory | 219,63 Mb Available Physical Memory | 21,66% Memory free
2,22 Gb Paging File | 1,19 Gb Available in Paging File | 53,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99,70 Gb Total Space | 10,20 Gb Free Space | 10,23% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 6,40 Gb Free Space | 64,05% Space Free | Partition Type: NTFS
 
Computer Name: HOME-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.10 11:50:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.20 17:21:40 | 000,323,280 | ---- | M] (Napster) -- C:\Programme\Napster\napster.exe
PRC - [2009.08.08 12:17:06 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007.06.26 19:27:46 | 000,312,320 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2007.04.03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007.03.15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Programme\DellSupport\DSAgnt.exe
PRC - [2007.02.20 13:01:12 | 001,125,088 | ---- | M] (Dell Inc) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2007.02.08 06:11:04 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2007.02.08 06:11:00 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe
PRC - [2006.11.05 11:22:16 | 000,221,184 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006.11.05 10:55:48 | 000,010,752 | ---- | M] (Sonic Solutions) -- C:\Programme\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2006.10.13 11:31:34 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Programme\Dell\MediaDirect\PCMService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.01.11 00:25:48 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.01.11 00:25:06 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2007.02.20 13:01:18 | 000,105,184 | ---- | M] () -- C:\Programme\Dell\QuickSet\dadkeyb.dll
MOD - [2006.11.15 19:08:02 | 000,061,440 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006.11.15 19:07:56 | 000,077,824 | ---- | M] () -- C:\Windows\System32\hccutils.dll
MOD - [2006.11.05 10:58:44 | 000,516,096 | ---- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
MOD - [2006.11.05 10:28:18 | 004,587,520 | R--- | M] () -- C:\Programme\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.02.21 00:52:02 | 000,322,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.02.21 00:52:02 | 000,322,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.08.08 12:17:06 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 15:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007.06.13 14:33:49 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.04.03 15:18:08 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.03.07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007.02.08 06:11:00 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Programme\SigmaTel\C-Major Audio\WDM\stacsv.exe -- (STacSV)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.11.16 12:18:27 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2009.12.07 23:53:43 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.04.03 15:17:08 | 000,306,295 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.03.12 05:49:54 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007.02.25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007.02.08 06:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007.01.31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.20 20:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.20 20:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006.11.20 20:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.12 00:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.10.30 18:42:28 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006.10.05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Programme\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0070609
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0070609
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0070609
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "hxxp://www.bild.de/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.01.23 09:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.01.23 09:21:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.11 17:05:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.27 13:36:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5054 [2011.12.09 21:52:52 | 000,000,000 | ---D | M]
 
[2008.09.08 21:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.10.22 21:47:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fwuw6id.default\extensions
[2010.07.23 18:55:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fwuw6id.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.07 06:33:34 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fwuw6id.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.10.22 21:47:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fwuw6id.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.04.12 15:43:52 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\4fwuw6id.default\extensions\moveplayer@movenetworks.com
[2011.11.11 17:05:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.06.26 12:12:43 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.12.09 21:52:52 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\***\APPDATA\ROAMING\5054
[2011.11.11 17:05:47 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2011.10.09 22:37:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.09 22:37:19 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.09 22:37:19 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.09 22:37:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.09 22:37:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.09 22:37:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot File not found
O4 - HKLM..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe /silence File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk =  File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} hxxp://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab (Steuerung des DownloadManager )
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55759925-22C0-4037-A870-C0D677EB88F3}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programme\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\***\Pictures\2010\New York\New\RIMG1434.JPG
O24 - Desktop BackupWallPaper: C:\Users\***\Pictures\2010\New York\New\RIMG1434.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{488cb7bb-3e2c-11df-950a-f16578a91cd4}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe
O33 - MountPoints2\{f56b4739-ac1c-11df-8bdc-da4a1febea92}\Shell - "" = AutoRun
O33 - MountPoints2\{f56b4739-ac1c-11df-8bdc-da4a1febea92}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "startup" - 0
MsConfig - State: "services" - 0
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.15 07:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.15 07:49:17 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2011.12.10 11:50:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.12.09 21:52:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5054
[2011.12.09 21:34:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.12.09 21:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.09 21:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.09 21:34:32 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 21:34:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.09 21:32:02 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.07 20:32:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\UAs
[2011.12.06 21:01:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5053
[2011.12.06 21:01:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xmldm
[2011.12.06 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\kock
[2011.12.02 12:43:59 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ebay-Konto
[2011.11.29 21:56:16 | 000,000,000 | ---D | C] -- C:\b4d29411b4abeb3a2e8d8e97d5
[2011.11.28 23:04:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Julia
[2011.11.27 18:53:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.11.23 09:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.11.23 09:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.11.23 09:21:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.22 21:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.15 20:21:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.15 20:19:42 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.15 20:19:42 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.15 20:19:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.15 08:03:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.15 07:49:30 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2011.12.10 13:00:22 | 205,495,312 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.10 12:41:15 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\18c5idp8.exe
[2011.12.10 11:50:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2011.12.10 11:47:21 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.12.10 11:46:01 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2011.12.09 21:34:38 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.09 21:32:28 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.51.2.1300.exe
[2011.12.09 21:27:45 | 000,000,036 | ---- | M] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2011.12.07 21:22:43 | 000,040,330 | ---- | M] () -- C:\Users\***\Desktop\391166_281130305261958_100000949735962_798838_937651639_n.jpg
[2011.12.01 08:30:26 | 000,704,422 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.01 08:30:26 | 000,662,002 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.01 08:30:26 | 000,138,514 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.01 08:30:26 | 000,121,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.23 10:18:48 | 000,056,996 | ---- | M] () -- C:\Users\***\Desktop\391052_10150941745505078_545460077_22055348_2037490511_n.jpg
[2011.11.23 09:27:43 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.10 12:41:09 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\18c5idp8.exe
[2011.12.10 11:47:21 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.12.10 11:45:57 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2011.12.09 21:34:38 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.07 21:22:31 | 000,040,330 | ---- | C] () -- C:\Users\***\Desktop\391166_281130305261958_100000949735962_798838_937651639_n.jpg
[2011.12.06 21:01:37 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2011.11.27 18:52:53 | 205,495,312 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.11.23 10:18:23 | 000,056,996 | ---- | C] () -- C:\Users\***\Desktop\391052_10150941745505078_545460077_22055348_2037490511_n.jpg
[2011.11.23 09:27:43 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009.11.25 13:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.03.06 23:45:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007.09.18 17:10:20 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2007.09.18 17:10:20 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2007.08.16 17:16:56 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2007.08.16 17:16:56 | 000,001,024 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2007.08.16 17:16:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2007.08.16 17:16:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth2.dll
[2007.08.16 17:16:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\serauth1.dll
[2007.08.16 17:16:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\nsprs.dll
[2007.08.16 17:11:30 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2007.08.16 17:11:30 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2007.07.16 09:39:31 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2007.07.13 18:56:11 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.06.26 12:26:58 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2007.06.26 11:58:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007.06.16 08:50:36 | 000,004,892 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2007.06.13 21:55:35 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.06.13 14:21:37 | 000,168,448 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.09 19:33:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2007.06.09 19:33:32 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2007.06.09 19:33:32 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.06.09 19:33:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2007.06.09 19:33:18 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.06.09 19:33:09 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.04.03 15:18:26 | 000,197,672 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2006.11.15 19:30:32 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.07 20:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 16:33:31 | 000,704,422 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,138,514 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,387,176 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,662,002 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,121,670 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2006.09.16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006.09.16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.12.06 21:01:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5053
[2011.12.09 21:52:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5054
[2011.10.22 21:47:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.10.22 21:47:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.11.21 14:40:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hansenet
[2011.12.06 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2011.01.23 09:21:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local
[2009.06.14 17:20:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.12.07 20:32:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2011.12.06 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
[2011.12.15 08:44:37 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.06 21:01:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5053
[2011.12.09 21:52:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5054
[2008.04.13 08:57:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2007.06.17 20:55:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AdobeUM
[2011.10.29 14:41:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2007.07.15 16:43:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CyberLink
[2010.12.31 17:32:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2011.10.22 21:47:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.10.22 21:47:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2007.06.13 14:48:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2007.06.13 14:23:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GTek
[2008.11.21 14:40:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hansenet
[2007.06.13 14:08:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2011.01.19 22:43:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2011.12.06 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2011.01.23 09:21:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Local
[2007.06.13 15:17:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.12.09 21:34:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2008.04.28 13:28:47 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2008.09.08 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2009.06.14 17:20:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2009.12.22 14:25:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real
[2011.01.22 16:16:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio
[2011.03.08 23:56:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2011.03.09 00:04:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2011.12.07 20:32:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs
[2011.12.06 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2007.06.20 10:18:15 | 023,813,608 | ---- | M] (                            ) -- C:\Users\***\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe
[2008.05.28 08:48:12 | 022,319,360 | ---- | M] (                                   ) -- C:\Users\***\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AdbeRdr710_de_DE.exe
[2008.02.25 17:50:57 | 000,327,437 | ---- | M] () -- C:\Users\***\AppData\Roaming\GTek\GTUpdate\AUpdate\Channels\ch_u1\CIP\TransferAgentSetup.exe
[2009.05.15 17:02:55 | 001,915,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2007.06.09 19:31:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2007.06.09 19:31:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007.06.09 19:31:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007.06.09 19:31:07 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.06.09 19:31:50 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007.06.09 19:31:41 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2007.06.09 19:31:41 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2007.06.09 19:31:50 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007.06.09 19:31:50 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008.02.26 19:45:45 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.26 19:45:45 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.26 19:45:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\drivers\atapi.sys
[2008.02.26 19:45:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.02.26 19:45:44 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.06.13 14:30:09 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2007.06.13 14:30:08 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2007.06.13 14:30:08 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\df81987ce1972154ab659b2f560f1610\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2006.11.02 10:46:04 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\expsrv.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\WLAN:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Versicherung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\USB-Stick:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Uni:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Spaß:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Shops:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Seehofstr:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Rezepte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Programme:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\outlook contact:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\outlook calendar:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\O2_Handyrechnung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Kreditkarte:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Karneval:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Julia_Jens:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Häuser:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\flugbestaetigung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\ebay-Konto:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\DVDVideoSoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\DVDs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Comdirect:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Capire Ferrero:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Bordeaux:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Bewerbungen Praktika:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Bewerbung_Trainee:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Barbie_Kicker.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Australien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Documents\Alice Telefon:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Steuererklärung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Ringe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Dunstabzugshaube:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Bilder entwickeln:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\Australienalbum:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\391166_281130305261958_100000949735962_798838_937651639_n.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\***\Desktop\391052_10150941745505078_545460077_22055348_2037490511_n.jpg:Roxio EMC Stream
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE

< End of report >

--- --- ---

Ist es geschafft?

cosinus · 15.12.2011, 21:50

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{488cb7bb-3e2c-11df-950a-f16578a91cd4}\Shell\AutoRun\command - "" = G:\Get_Started_for_Win.exe
O33 - MountPoints2\{f56b4739-ac1c-11df-8bdc-da4a1febea92}\Shell - "" = AutoRun
O33 - MountPoints2\{f56b4739-ac1c-11df-8bdc-da4a1febea92}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2011.12.07 20:32:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\UAs
[2011.12.06 21:01:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5053
[2011.12.06 21:01:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\xmldm
[2011.12.06 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\kock
[2011.12.09 21:52:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\5054
[2011.12.06 21:01:37 | 000,000,036 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Spekulatius · 15.12.2011, 22:46

Hey, hier das neue Logfile:

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{488cb7bb-3e2c-11df-950a-f16578a91cd4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{488cb7bb-3e2c-11df-950a-f16578a91cd4}\ not found.
File G:\Get_Started_for_Win.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f56b4739-ac1c-11df-8bdc-da4a1febea92}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f56b4739-ac1c-11df-8bdc-da4a1febea92}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f56b4739-ac1c-11df-8bdc-da4a1febea92}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f56b4739-ac1c-11df-8bdc-da4a1febea92}\ not found.
File G:\LaunchU3.exe -a not found.
C:\Users\***\AppData\Roaming\UAs folder moved successfully.
C:\Users\***\AppData\Roaming\5053\components folder moved successfully.
C:\Users\***\AppData\Roaming\5053 folder moved successfully.
C:\Users\***\AppData\Roaming\xmldm folder moved successfully.
C:\Users\***\AppData\Roaming\kock folder moved successfully.
C:\Users\***\AppData\Roaming\5054\components folder moved successfully.
C:\Users\***\AppData\Roaming\5054 folder moved successfully.
C:\Users\***\AppData\Roaming\blckdom.res moved successfully.
ADS C:\ProgramData\TEMP:0B174FAE deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ***
->Temp folder emptied: 181651727 bytes
->Temporary Internet Files folder emptied: 569956157 bytes
->Java cache emptied: 48956509 bytes
->FireFox cache emptied: 158206032 bytes
->Flash cache emptied: 2032398 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 15699 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 354583661 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 316711 bytes
RecycleBin emptied: 52910830 bytes

Total Files Cleaned = 1.305,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12152011_221700

Files\Folders moved on Reboot...
C:\Windows\temp\JETF1FC.tmp moved successfully.

Registry entries deleted on Reboot...

cosinus · 16.12.2011, 10:20

Bitte nun (im normalen Modus!) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Spekulatius · 16.12.2011, 22:51

Hallo Arne,
hier das Ergebnis vom TDSS-Killer:
(Ich hoffe ich habe das richtig verstanden, dass ich diesmal nicht "als Administrator ausführen" ausgewählt habe, ja? Bin Vista-User)

22:37:47.0213 4672 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:37:47.0459 4672 ============================================================
22:37:47.0459 4672 Current date / time: 2011/12/16 22:37:47.0459
22:37:47.0459 4672 SystemInfo:
22:37:47.0459 4672
22:37:47.0459 4672 OS Version: 6.0.6000 ServicePack: 0.0
22:37:47.0459 4672 Product type: Workstation
22:37:47.0459 4672 ComputerName: HOME-PC
22:37:47.0459 4672 UserName: ***
22:37:47.0459 4672 Windows directory: C:\Windows
22:37:47.0459 4672 System windows directory: C:\Windows
22:37:47.0459 4672 Processor architecture: Intel x86
22:37:47.0459 4672 Number of processors: 2
22:37:47.0459 4672 Page size: 0x1000
22:37:47.0459 4672 Boot type: Normal boot
22:37:47.0459 4672 ============================================================
22:37:50.0441 4672 Initialize success
22:38:43.0751 4860 ============================================================
22:38:43.0751 4860 Scan started
22:38:43.0751 4860 Mode: Manual; SigCheck; TDLFS;
22:38:43.0751 4860 ============================================================
22:38:46.0328 4860 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
22:38:46.0518 4860 ACPI - ok
22:38:46.0889 4860 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:38:47.0066 4860 adp94xx - ok
22:38:47.0322 4860 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:38:47.0409 4860 adpahci - ok
22:38:47.0615 4860 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:38:47.0665 4860 adpu160m - ok
22:38:47.0974 4860 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:38:48.0064 4860 adpu320 - ok
22:38:48.0350 4860 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
22:38:49.0971 4860 AFD - ok
22:38:50.0153 4860 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
22:38:50.0219 4860 agp440 - ok
22:38:50.0482 4860 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:38:50.0578 4860 aic78xx - ok
22:38:50.0855 4860 aliide (5c42a992e68724d2cd3ddb4fc3b0409f) C:\Windows\system32\drivers\aliide.sys
22:38:50.0955 4860 aliide - ok
22:38:51.0198 4860 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
22:38:51.0262 4860 amdagp - ok
22:38:51.0523 4860 amdide (849dfacdde533da5d1810f0caf84eb19) C:\Windows\system32\drivers\amdide.sys
22:38:51.0614 4860 amdide - ok
22:38:52.0093 4860 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:38:52.0454 4860 AmdK7 - ok
22:38:52.0572 4860 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:38:52.0706 4860 AmdK8 - ok
22:38:52.0880 4860 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:38:52.0921 4860 arc - ok
22:38:52.0956 4860 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:38:52.0992 4860 arcsas - ok
22:38:53.0135 4860 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
22:38:53.0226 4860 AsyncMac - ok
22:38:53.0264 4860 atapi (e03e8c99d15d0381e02743c36afc7c6f) C:\Windows\system32\drivers\atapi.sys
22:38:53.0276 4860 atapi - ok
22:38:53.0368 4860 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:38:53.0410 4860 avgio - ok
22:38:53.0502 4860 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\Windows\system32\DRIVERS\avgntflt.sys
22:38:53.0589 4860 avgntflt - ok
22:38:53.0657 4860 avipbb (6d52060b59e7d79cd2a044b6add1f1ef) C:\Windows\system32\DRIVERS\avipbb.sys
22:38:53.0704 4860 avipbb - ok
22:38:53.0812 4860 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
22:38:53.0884 4860 bcm4sbxp - ok
22:38:53.0949 4860 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
22:38:54.0040 4860 Beep - ok
22:38:54.0151 4860 blbdrive - ok
22:38:54.0227 4860 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
22:38:54.0323 4860 bowser - ok
22:38:54.0477 4860 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:38:54.0661 4860 BrFiltLo - ok
22:38:54.0764 4860 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:38:54.0841 4860 BrFiltUp - ok
22:38:54.0881 4860 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:38:54.0970 4860 Brserid - ok
22:38:55.0072 4860 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:38:55.0195 4860 BrSerWdm - ok
22:38:55.0222 4860 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:38:55.0334 4860 BrUsbMdm - ok
22:38:55.0440 4860 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:38:55.0526 4860 BrUsbSer - ok
22:38:55.0567 4860 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:38:55.0663 4860 BTHMODEM - ok
22:38:55.0773 4860 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
22:38:55.0874 4860 cdfs - ok
22:38:55.0940 4860 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
22:38:56.0020 4860 cdrom - ok
22:38:56.0126 4860 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:38:56.0205 4860 circlass - ok
22:38:56.0247 4860 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
22:38:56.0266 4860 CLFS - ok
22:38:56.0383 4860 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
22:38:56.0456 4860 CmBatt - ok
22:38:56.0497 4860 cmdide (de11a06e187756ecb86cfa82dac40ff7) C:\Windows\system32\drivers\cmdide.sys
22:38:56.0530 4860 cmdide - ok
22:38:56.0642 4860 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
22:38:56.0682 4860 Compbatt - ok
22:38:56.0722 4860 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:38:56.0754 4860 crcdisk - ok
22:38:56.0782 4860 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:38:56.0850 4860 Crusoe - ok
22:38:56.0980 4860 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
22:38:57.0033 4860 CVirtA - ok
22:38:57.0085 4860 CVPNDRVA (1c2999966f0f36aa44eaecbee70cf770) C:\Windows\system32\Drivers\CVPNDRVA.sys
22:38:57.0155 4860 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
22:38:57.0155 4860 CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
22:38:57.0272 4860 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
22:38:57.0369 4860 DfsC - ok
22:38:57.0741 4860 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
22:38:57.0817 4860 disk - ok
22:38:58.0001 4860 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\Windows\system32\DRIVERS\dne2000.sys
22:38:58.0013 4860 DNE - ok
22:38:58.0087 4860 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
22:38:58.0187 4860 drmkaud - ok
22:38:58.0268 4860 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
22:38:58.0314 4860 DSproct ( UnsignedFile.Multi.Generic ) - warning
22:38:58.0314 4860 DSproct - detected UnsignedFile.Multi.Generic (1)
22:38:58.0401 4860 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
22:38:58.0463 4860 dsunidrv - ok
22:38:58.0526 4860 DXGKrnl (334988883de69adb27e2cf9f9715bbdb) C:\Windows\System32\drivers\dxgkrnl.sys
22:38:58.0606 4860 DXGKrnl - ok
22:38:58.0706 4860 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
22:38:58.0824 4860 e1express - ok
22:38:58.0874 4860 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:38:58.0967 4860 E1G60 - ok
22:38:59.0068 4860 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys
22:38:59.0099 4860 Ecache - ok
22:38:59.0173 4860 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:38:59.0217 4860 elxstor - ok
22:38:59.0316 4860 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
22:38:59.0425 4860 fastfat - ok
22:38:59.0454 4860 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:38:59.0534 4860 fdc - ok
22:38:59.0634 4860 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
22:38:59.0665 4860 FileInfo - ok
22:38:59.0694 4860 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
22:38:59.0785 4860 Filetrace - ok
22:38:59.0861 4860 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:38:59.0981 4860 flpydisk - ok
22:39:00.0023 4860 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
22:39:00.0059 4860 FltMgr - ok
22:39:00.0159 4860 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
22:39:00.0323 4860 Fs_Rec - ok
22:39:00.0439 4860 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:39:00.0474 4860 gagp30kx - ok
22:39:00.0517 4860 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:39:00.0544 4860 GEARAspiWDM - ok
22:39:00.0745 4860 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:39:00.0872 4860 HdAudAddService - ok
22:39:00.0906 4860 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:39:00.0944 4860 HDAudBus - ok
22:39:01.0049 4860 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:39:01.0130 4860 HidBth - ok
22:39:01.0155 4860 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:39:01.0256 4860 HidIr - ok
22:39:01.0387 4860 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\DRIVERS\hidusb.sys
22:39:01.0492 4860 HidUsb - ok
22:39:01.0564 4860 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:39:01.0605 4860 HpCISSs - ok
22:39:01.0772 4860 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
22:39:01.0950 4860 HSF_DPV - ok
22:39:02.0064 4860 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
22:39:02.0138 4860 HSXHWAZL - ok
22:39:02.0240 4860 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys
22:39:02.0408 4860 HTTP - ok
22:39:02.0545 4860 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:39:02.0577 4860 i2omp - ok
22:39:02.0645 4860 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
22:39:02.0746 4860 i8042prt - ok
22:39:02.0902 4860 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:39:02.0954 4860 iaStorV - ok
22:39:03.0051 4860 igfx (0215e1204d5410e50a5ea9d442fe7da3) C:\Windows\system32\DRIVERS\igdkmd32.sys
22:39:03.0259 4860 igfx - ok
22:39:03.0388 4860 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:39:03.0420 4860 iirsp - ok
22:39:03.0483 4860 intelide (59b00efb24ead979becf413703bb1fac) C:\Windows\system32\drivers\intelide.sys
22:39:03.0518 4860 intelide - ok
22:39:03.0642 4860 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
22:39:03.0742 4860 intelppm - ok
22:39:03.0781 4860 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:03.0911 4860 IpFilterDriver - ok
22:39:04.0074 4860 IpInIp - ok
22:39:04.0122 4860 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:39:04.0216 4860 IPMIDRV - ok
22:39:04.0277 4860 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
22:39:04.0411 4860 IPNAT - ok
22:39:04.0526 4860 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
22:39:04.0615 4860 IRENUM - ok
22:39:04.0651 4860 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
22:39:04.0682 4860 isapnp - ok
22:39:04.0715 4860 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
22:39:04.0728 4860 iScsiPrt - ok
22:39:04.0811 4860 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:39:04.0855 4860 iteatapi - ok
22:39:04.0903 4860 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:39:04.0938 4860 iteraid - ok
22:39:05.0022 4860 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
22:39:05.0059 4860 kbdclass - ok
22:39:05.0103 4860 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
22:39:05.0182 4860 kbdhid - ok
22:39:05.0239 4860 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys
22:39:05.0302 4860 KSecDD - ok
22:39:05.0397 4860 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
22:39:05.0482 4860 lltdio - ok
22:39:05.0531 4860 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:39:05.0549 4860 LSI_FC - ok
22:39:05.0567 4860 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:39:05.0585 4860 LSI_SAS - ok
22:39:05.0687 4860 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:39:05.0730 4860 LSI_SCSI - ok
22:39:05.0771 4860 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
22:39:05.0843 4860 luafv - ok
22:39:05.0940 4860 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
22:39:05.0975 4860 MBAMProtector - ok
22:39:06.0040 4860 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
22:39:06.0095 4860 mdmxsdk - ok
22:39:06.0196 4860 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:39:06.0233 4860 megasas - ok
22:39:06.0274 4860 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
22:39:06.0349 4860 Modem - ok
22:39:06.0443 4860 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
22:39:06.0501 4860 monitor - ok
22:39:06.0575 4860 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
22:39:06.0610 4860 mouclass - ok
22:39:06.0734 4860 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
22:39:06.0794 4860 mouhid - ok
22:39:06.0828 4860 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
22:39:06.0867 4860 MountMgr - ok
22:39:06.0981 4860 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:39:07.0017 4860 mpio - ok
22:39:07.0065 4860 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
22:39:07.0120 4860 mpsdrv - ok
22:39:07.0224 4860 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:39:07.0255 4860 Mraid35x - ok
22:39:07.0304 4860 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
22:39:07.0412 4860 MRxDAV - ok
22:39:07.0546 4860 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:07.0702 4860 mrxsmb - ok
22:39:08.0013 4860 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:08.0103 4860 mrxsmb10 - ok
22:39:08.0230 4860 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:08.0280 4860 mrxsmb20 - ok
22:39:08.0336 4860 msahci (0d1c042188ffe61a702a9df5944de5ba) C:\Windows\system32\drivers\msahci.sys
22:39:08.0372 4860 msahci - ok
22:39:08.0491 4860 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:39:08.0526 4860 msdsm - ok
22:39:08.0562 4860 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
22:39:08.0636 4860 Msfs - ok
22:39:08.0685 4860 msisadrv (207df26dbb2537c20276da0e15892274) C:\Windows\system32\drivers\msisadrv.sys
22:39:08.0724 4860 msisadrv - ok
22:39:08.0833 4860 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
22:39:08.0925 4860 MSKSSRV - ok
22:39:08.0967 4860 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:09.0046 4860 MSPCLOCK - ok
22:39:09.0155 4860 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
22:39:09.0248 4860 MSPQM - ok
22:39:09.0291 4860 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
22:39:09.0331 4860 MsRPC - ok
22:39:09.0423 4860 mssmbios (7dbaa028f625aa46b95dda4fbe4b602b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:39:09.0432 4860 mssmbios - ok
22:39:09.0484 4860 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
22:39:09.0562 4860 MSTEE - ok
22:39:09.0574 4860 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
22:39:09.0608 4860 Mup - ok
22:39:09.0719 4860 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
22:39:09.0787 4860 NativeWifiP - ok
22:39:09.0874 4860 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
22:39:09.0901 4860 NDIS - ok
22:39:09.0999 4860 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:10.0095 4860 NdisTapi - ok
22:39:10.0158 4860 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:10.0260 4860 Ndisuio - ok
22:39:10.0345 4860 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:10.0452 4860 NdisWan - ok
22:39:10.0504 4860 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
22:39:10.0582 4860 NDProxy - ok
22:39:10.0678 4860 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
22:39:10.0761 4860 NetBIOS - ok
22:39:10.0804 4860 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
22:39:10.0933 4860 netbt - ok
22:39:11.0288 4860 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys
22:39:11.0604 4860 NETw3v32 - ok
22:39:11.0704 4860 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:39:11.0735 4860 nfrd960 - ok
22:39:11.0807 4860 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
22:39:11.0892 4860 Npfs - ok
22:39:11.0951 4860 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
22:39:12.0041 4860 nsiproxy - ok
22:39:12.0160 4860 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
22:39:12.0221 4860 Ntfs - ok
22:39:12.0347 4860 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:39:12.0424 4860 ntrigdigi - ok
22:39:12.0473 4860 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
22:39:12.0550 4860 Null - ok
22:39:12.0658 4860 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
22:39:12.0697 4860 nvraid - ok
22:39:12.0740 4860 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
22:39:12.0762 4860 nvstor - ok
22:39:12.0783 4860 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
22:39:12.0823 4860 nv_agp - ok
22:39:12.0907 4860 NwlnkFlt - ok
22:39:12.0922 4860 NwlnkFwd - ok
22:39:12.0979 4860 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
22:39:13.0076 4860 ohci1394 - ok
22:39:13.0386 4860 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:39:13.0482 4860 Parport - ok
22:39:13.0590 4860 partmgr (84be786f33fdbd8765e05df3b7f5b9e6) C:\Windows\system32\drivers\partmgr.sys
22:39:13.0625 4860 partmgr - ok
22:39:13.0661 4860 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:39:13.0761 4860 Parvdm - ok
22:39:13.0880 4860 pci (bdd96f9cf34d58958aff1be6ef4c8020) C:\Windows\system32\drivers\pci.sys
22:39:13.0898 4860 pci - ok
22:39:13.0930 4860 pciide (54d23dc5b5072311116826fdb7f6e83e) C:\Windows\system32\DRIVERS\pciide.sys
22:39:13.0950 4860 pciide - ok
22:39:13.0981 4860 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:39:14.0044 4860 pcmcia - ok
22:39:14.0192 4860 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:39:14.0405 4860 PEAUTH - ok
22:39:14.0566 4860 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
22:39:14.0645 4860 PptpMiniport - ok
22:39:14.0691 4860 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:39:14.0770 4860 Processor - ok
22:39:14.0898 4860 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
22:39:14.0912 4860 PSched - ok
22:39:14.0942 4860 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
22:39:14.0982 4860 PxHelp20 - ok
22:39:15.0062 4860 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:39:15.0152 4860 ql2300 - ok
22:39:15.0289 4860 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:39:15.0330 4860 ql40xx - ok
22:39:15.0358 4860 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
22:39:15.0445 4860 QWAVEdrv - ok
22:39:15.0623 4860 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
22:39:16.0028 4860 R300 - ok
22:39:16.0147 4860 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
22:39:16.0239 4860 RasAcd - ok
22:39:16.0273 4860 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:39:16.0323 4860 Rasl2tp - ok
22:39:16.0443 4860 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
22:39:16.0524 4860 RasPppoe - ok
22:39:16.0652 4860 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
22:39:16.0752 4860 rdbss - ok
22:39:16.0985 4860 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:39:17.0125 4860 RDPCDD - ok
22:39:17.0364 4860 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
22:39:17.0424 4860 rdpdr - ok
22:39:17.0498 4860 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
22:39:17.0577 4860 RDPENCDD - ok
22:39:17.0669 4860 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
22:39:17.0773 4860 RDPWD - ok
22:39:17.0849 4860 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:39:17.0927 4860 rimmptsk - ok
22:39:18.0003 4860 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:39:18.0087 4860 rimsptsk - ok
22:39:18.0156 4860 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:39:18.0225 4860 rismxdp - ok
22:39:18.0321 4860 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
22:39:18.0391 4860 rspndr - ok
22:39:18.0579 4860 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:39:18.0625 4860 sbp2port - ok
22:39:18.0719 4860 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
22:39:18.0785 4860 sdbus - ok
22:39:18.0857 4860 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:39:18.0937 4860 secdrv - ok
22:39:19.0022 4860 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:39:19.0130 4860 Serenum - ok
22:39:19.0196 4860 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:39:19.0283 4860 Serial - ok
22:39:19.0348 4860 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
22:39:19.0381 4860 sermouse - ok
22:39:19.0476 4860 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys
22:39:19.0540 4860 sffdisk - ok
22:39:19.0618 4860 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:39:19.0697 4860 sffp_mmc - ok
22:39:19.0772 4860 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:39:19.0840 4860 sffp_sd - ok
22:39:19.0918 4860 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:39:20.0004 4860 sfloppy - ok
22:39:20.0077 4860 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
22:39:20.0093 4860 sisagp - ok
22:39:20.0135 4860 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:39:20.0160 4860 SiSRaid2 - ok
22:39:20.0231 4860 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:39:20.0268 4860 SiSRaid4 - ok
22:39:20.0335 4860 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
22:39:20.0442 4860 Smb - ok
22:39:20.0540 4860 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
22:39:20.0596 4860 spldr - ok
22:39:20.0707 4860 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys
22:39:20.0856 4860 srv - ok
22:39:20.0963 4860 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys
22:39:21.0058 4860 srv2 - ok
22:39:21.0268 4860 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys
22:39:21.0324 4860 srvnet - ok
22:39:21.0367 4860 ssmdrv (5ec550b8952882ee856b862cf648522d) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:39:21.0394 4860 ssmdrv - ok
22:39:21.0582 4860 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
22:39:21.0778 4860 STHDA - ok
22:39:21.0925 4860 swenum (3b80b4383c9bce13279c8482734b32b2) C:\Windows\system32\DRIVERS\swenum.sys
22:39:21.0947 4860 swenum - ok
22:39:22.0003 4860 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:39:22.0045 4860 Symc8xx - ok
22:39:22.0170 4860 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:39:22.0204 4860 Sym_hi - ok
22:39:22.0252 4860 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:39:22.0295 4860 Sym_u3 - ok
22:39:22.0440 4860 SynTP (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys
22:39:22.0504 4860 SynTP - ok
22:39:22.0645 4860 tbhsd (77bd6143c6dce0a1bf7b5571bed860dc) C:\Windows\system32\drivers\tbhsd.sys
22:39:22.0678 4860 tbhsd - ok
22:39:22.0712 4860 tclondrv - ok
22:39:22.0782 4860 Tcpip (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\drivers\tcpip.sys
22:39:22.0968 4860 Tcpip - ok
22:39:23.0103 4860 Tcpip6 (4a82fa8f0df67aa354580c3faaf8bde3) C:\Windows\system32\DRIVERS\tcpip.sys
22:39:23.0155 4860 Tcpip6 - ok
22:39:23.0318 4860 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
22:39:23.0408 4860 tcpipreg - ok
22:39:23.0439 4860 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
22:39:23.0497 4860 TDPIPE - ok
22:39:23.0513 4860 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
22:39:23.0587 4860 TDTCP - ok
22:39:23.0878 4860 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
22:39:24.0004 4860 tdx - ok
22:39:24.0108 4860 TermDD (849ed71967d45f15c3e0abfc633fdf2a) C:\Windows\system32\DRIVERS\termdd.sys
22:39:24.0148 4860 TermDD - ok
22:39:24.0192 4860 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:39:24.0278 4860 tssecsrv - ok
22:39:24.0396 4860 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys
22:39:24.0436 4860 tunmp - ok
22:39:24.0469 4860 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys
22:39:24.0511 4860 tunnel - ok
22:39:24.0557 4860 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:39:24.0596 4860 uagp35 - ok
22:39:24.0717 4860 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
22:39:24.0844 4860 udfs - ok
22:39:24.0881 4860 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
22:39:24.0913 4860 uliagpkx - ok
22:39:25.0052 4860 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:39:25.0113 4860 uliahci - ok
22:39:25.0189 4860 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:39:25.0239 4860 UlSata - ok
22:39:25.0360 4860 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:39:25.0402 4860 ulsata2 - ok
22:39:25.0423 4860 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
22:39:25.0517 4860 umbus - ok
22:39:25.0661 4860 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
22:39:25.0744 4860 USBAAPL - ok
22:39:25.0777 4860 usbccgp (9d554e3509868322fabd3c9933e3ccc2) C:\Windows\system32\DRIVERS\usbccgp.sys
22:39:25.0867 4860 usbccgp - ok
22:39:25.0976 4860 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:39:26.0057 4860 usbcir - ok
22:39:26.0092 4860 usbehci (ad99bf6bee66686d68721ffcc6e08cbe) C:\Windows\system32\DRIVERS\usbehci.sys
22:39:26.0120 4860 usbehci - ok
22:39:26.0236 4860 usbhub (275dbb5a31281feaf565378526319d5a) C:\Windows\system32\DRIVERS\usbhub.sys
22:39:26.0277 4860 usbhub - ok
22:39:26.0320 4860 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:39:26.0402 4860 usbohci - ok
22:39:26.0510 4860 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
22:39:26.0625 4860 usbprint - ok
22:39:26.0681 4860 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
22:39:26.0818 4860 usbscan - ok
22:39:26.0920 4860 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:39:26.0982 4860 USBSTOR - ok
22:39:27.0010 4860 usbuhci (9b13bca94168e18ff71fdd500b96643c) C:\Windows\system32\DRIVERS\usbuhci.sys
22:39:27.0042 4860 usbuhci - ok
22:39:27.0180 4860 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
22:39:27.0277 4860 vga - ok
22:39:27.0297 4860 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
22:39:27.0371 4860 VgaSave - ok
22:39:27.0476 4860 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
22:39:27.0516 4860 viaagp - ok
22:39:27.0544 4860 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:39:27.0619 4860 ViaC7 - ok
22:39:27.0729 4860 viaide (c0ace9d0f5a5ee0b00f58345947a57fc) C:\Windows\system32\drivers\viaide.sys
22:39:27.0768 4860 viaide - ok
22:39:27.0799 4860 volmgr (fd16fac15f9f165ac19a618e7b391f5c) C:\Windows\system32\drivers\volmgr.sys
22:39:27.0828 4860 volmgr - ok
22:39:27.0869 4860 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
22:39:27.0910 4860 volmgrx - ok
22:39:28.0019 4860 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
22:39:28.0071 4860 volsnap - ok
22:39:28.0105 4860 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:39:28.0123 4860 vsmraid - ok
22:39:28.0170 4860 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:39:28.0248 4860 WacomPen - ok
22:39:28.0358 4860 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
22:39:28.0415 4860 Wanarp - ok
22:39:28.0440 4860 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
22:39:28.0453 4860 Wanarpv6 - ok
22:39:28.0499 4860 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:39:28.0552 4860 Wd - ok
22:39:28.0769 4860 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
22:39:28.0870 4860 Wdf01000 - ok
22:39:29.0217 4860 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
22:39:29.0328 4860 winachsf - ok
22:39:29.0490 4860 WmiAcpi (17eac0d023a65fa9b02114cc2baacad5) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:39:29.0516 4860 WmiAcpi - ok
22:39:29.0628 4860 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
22:39:29.0717 4860 WpdUsb - ok
22:39:29.0822 4860 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
22:39:29.0905 4860 ws2ifsl - ok
22:39:29.0955 4860 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:39:30.0047 4860 WUDFRd - ok
22:39:30.0171 4860 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
22:39:30.0182 4860 XAudio - ok
22:39:30.0246 4860 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:39:30.0368 4860 \Device\Harddisk0\DR0 - ok
22:39:30.0395 4860 Boot (0x1200) (5c3c46487198fc341fe235f611b445b4) \Device\Harddisk0\DR0\Partition0
22:39:30.0396 4860 \Device\Harddisk0\DR0\Partition0 - ok
22:39:30.0400 4860 Boot (0x1200) (1b909469ed409944aef171a69c2bcc6a) \Device\Harddisk0\DR0\Partition1
22:39:30.0402 4860 \Device\Harddisk0\DR0\Partition1 - ok
22:39:30.0404 4860 ============================================================
22:39:30.0404 4860 Scan finished
22:39:30.0404 4860 ============================================================
22:39:30.0661 5560 Detected object count: 2
22:39:30.0661 5560 Actual detected object count: 2
22:43:59.0288 5560 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
22:43:59.0288 5560 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:43:59.0289 5560 DSproct ( UnsignedFile.Multi.Generic ) - skipped by user
22:43:59.0289 5560 DSproct ( UnsignedFile.Multi.Generic ) - User select action: Skip

Auf meine Dateien/Verknüpfungen etc. kann ich zugreifen, daher habe ich unhide.exe nicht ausgeführt.

14.12.2011, 11:35	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner TR/Drop.Croff.A, TR/Offend.KD.448731, TR/crypt.epack.gen und Java-Scriptvirus JS/Toieung.A Das ist ja schon wieder ein paar Tage her. Bitte Malwarebytes updaten und einen neuen Vollscan machen __________________ --> Trojaner TR/Drop.Croff.A, TR/Offend.KD.448731, TR/crypt.epack.gen und Java-Scriptvirus JS/Toieung.A

Trojaner TR/Drop.Croff.A, TR/Offend.KD.448731, TR/crypt.epack.gen und Java-Scriptvirus JS/Toieung.A

Log-Analyse und Auswertung: Trojaner TR/Drop.Croff.A, TR/Offend.KD.448731, TR/crypt.epack.gen und Java-Scriptvirus JS/Toieung.A