Spigot Search Settings nicht entfernbar

rawhide · 18.12.2011, 16:29

Hallo zusammen!

Heute habe ich über msconfig zwei Autostart-Einträge entfernt. Dabei ist mir spigot search settings aufgefallen. Ich weiß leider nicht, was das ist und kann es zu allem Übel auch nicht entfernen.

Ist es gefährlich?
Wie kann ich es entfernen, wenn nötig?

Vielen Dank im Voraus!

cosinus · 19.12.2011, 13:34

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

rawhide · 20.12.2011, 21:52

Hallo, hier mal die Ergebnisse:

Zitat:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8401

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.12.2011 18:57:01
mbam-log-2011-12-20 (18-57-01).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 312697
Laufzeit: 2 Stunde(n), 13 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programme\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=659c3da00ed0f4449261b62010b49493
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-20 08:47:05
# local_time=2011-12-20 09:47:05 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775145 100 93 341224 60939417 354204 0
# compatibility_mode=8192 67108863 100 0 3731 3731 0 0
# scanned=131766
# found=16
# cleaned=0
# scan_time=6471
C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\SoftonicDownloader_fuer_cocreate-modeling.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\SoftonicDownloader_fuer_divx-plus.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\SoftonicDownloader_fuer_webocton-scriptly.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\YouTubeDownloaderSetup34.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\kx4qsmnm.default\Cache\E\BD\2CB7Fd01 HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\2YRQURPU\youtubedownloaderToolbar[1].msi a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Adware.Toolbar.Dealio application 00000000000000000000000000000000 I

cosinus · 20.12.2011, 22:12

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

rawhide · 20.12.2011, 22:35

Nein, habe Malwarebytes heute zum ersten Mal benutzt!

cosinus · 20.12.2011, 22:50

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

rawhide · 20.12.2011, 23:04

Das ist rausgekommen.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.12.2011 22:53:34 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 77,73% Memory free
4,84 Gb Paging File | 4,19 Gb Available in Paging File | 86,70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 193,55 Gb Free Space | 83,11% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: A300 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.20 22:52:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\OTL.exe
PRC - [2011.12.13 17:35:24 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2011.07.21 11:08:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.26 21:23:02 | 000,223,088 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011.04.26 21:22:44 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.03 19:18:12 | 008,133,120 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
PRC - [2010.10.18 01:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2010.10.17 20:38:42 | 000,742,912 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZillaServer.exe
PRC - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008.05.27 08:23:42 | 000,360,448 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2008.05.08 10:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008.04.29 10:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008.04.22 10:44:00 | 000,648,520 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2008.04.18 18:27:40 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2008.04.14 22:05:40 | 002,979,144 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.04.14 15:43:38 | 000,034,304 | ---- | M] (TOSHIBA Corp.) -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.11 10:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008.03.31 18:08:50 | 000,083,272 | ---- | M] (TOSHIBA CORPORATION.) -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2008.02.15 13:44:30 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007.10.15 14:02:40 | 000,266,240 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2007.10.15 14:02:26 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2007.09.28 15:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007.09.11 11:09:20 | 000,696,320 | ---- | M] () -- C:\Programme\Samsung\WLAN Monitor\WlanMon.exe
PRC - [2007.05.11 11:02:12 | 000,143,360 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
PRC - [2007.04.26 10:49:34 | 000,495,616 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
PRC - [2007.01.19 10:49:26 | 000,049,152 | ---- | M] (Wireless Service) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006.03.16 12:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005.04.12 09:05:26 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2005.01.17 15:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.21 14:12:30 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.04.26 21:23:02 | 000,223,088 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
MOD - [2011.04.26 21:22:44 | 000,681,840 | ---- | M] () -- C:\Programme\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010.12.03 19:18:12 | 008,133,120 | ---- | M] () -- c:\xampp\mysql\bin\mysqld.exe
MOD - [2010.03.23 13:26:48 | 000,201,512 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2010.03.14 20:52:00 | 000,077,876 | ---- | M] () -- C:\xampp\apache\bin\zlib1.dll
MOD - [2008.05.08 10:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2008.04.14 13:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
MOD - [2008.04.14 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.09.11 11:09:20 | 000,696,320 | ---- | M] () -- C:\Programme\Samsung\WLAN Monitor\WlanMon.exe
MOD - [2007.08.20 16:41:12 | 000,233,472 | ---- | M] () -- C:\WINDOWS\system32\WlanApp.dll
MOD - [2007.04.03 17:21:34 | 000,049,152 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005.07.22 20:30:18 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\TosCommAPI.dll
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.13 17:35:24 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.07.21 11:08:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.26 21:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Programme\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.03 19:18:12 | 008,133,120 | ---- | M] () [Auto | Running] -- c:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2010.10.18 01:32:10 | 000,020,549 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2010.10.17 20:38:42 | 000,742,912 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\filezillaftp\filezillaserver.exe -- (FileZilla Server)
SRV - [2010.03.23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.04.14 15:43:38 | 000,034,304 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2008.04.11 10:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007.11.21 17:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007.08.02 11:05:22 | 000,352,338 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Programme\Samsung\WLAN Monitor\JSWUtil\jswpsapi.exe -- (jswpsapi)
SRV - [2007.01.19 10:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Running] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005.01.17 15:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.21 11:11:12 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.21 11:11:11 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.04.04 13:55:38 | 000,020,480 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2011.03.31 13:53:22 | 000,024,064 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2011.03.05 19:49:51 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.03.05 19:49:51 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.02.07 16:36:00 | 000,011,008 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2010.10.15 17:18:40 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.04.01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010.03.23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009.11.05 13:04:30 | 000,489,408 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.29 15:05:15 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.08 10:56:12 | 000,042,752 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2009.01.29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009.01.29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008.11.18 16:26:40 | 000,103,552 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtstusbser.sys -- (gtstusbser)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008.04.28 05:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008.04.23 16:15:26 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.09 17:01:16 | 004,703,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.08 01:21:52 | 002,876,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.03.25 12:54:02 | 000,041,472 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2008.03.19 10:38:24 | 000,074,112 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.02.27 18:30:58 | 003,688,640 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtHDMI.sys -- (RTHDMIAzAudService)
DRV - [2008.02.15 17:01:18 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008.01.22 19:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2008.01.03 21:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.12.17 11:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007.11.29 08:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.11.14 19:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007.11.02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007.10.18 13:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.02 10:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.09.11 11:02:00 | 000,379,584 | ---- | M] (                                                                                                                                       ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5523.sys -- (AR5523)
DRV - [2007.07.30 10:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.30 09:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.07.06 16:30:54 | 000,057,376 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2007.04.04 07:56:48 | 000,005,888 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2007.03.26 11:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007.02.19 11:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.10.23 15:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006.10.18 11:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005.12.11 10:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005.01.07 04:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003.01.29 13:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.25 20:57:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.05.16 07:58:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.05.16 07:58:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F3D26C8-9907-48ff-BC74-B8C572D317BF}: C:\Programme\AusweisApp\mozilla\eCardClientExt_FFxx_Win [2011.11.06 13:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4F0963A3-1658-4fde-9585-23A25CC288BF}: C:\Programme\AusweisApp\mozilla\eCardClientPIn_FFxx_Win [2011.11.06 13:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.09 13:55:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.27 14:28:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.25 20:57:33 | 000,000,000 | ---D | M]
 
[2010.01.25 21:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2011.12.15 10:59:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kx4qsmnm.default\extensions
[2010.07.24 21:00:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kx4qsmnm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.14 19:39:51 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kx4qsmnm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.03.24 15:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kx4qsmnm.default\searchplugins\conduit.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kx4qsmnm.default\searchplugins\startsear.xml
[2010.07.11 09:30:06 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kx4qsmnm.default\searchplugins\winamp-search.xml
[2011.11.09 13:55:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KX4QSMNM.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\KX4QSMNM.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2011.12.15 10:59:13 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
[2011.12.15 10:59:15 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAMME\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011.11.09 13:55:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.12 16:41:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.06.09 12:41:48 | 000,081,920 | ---- | M] (vShare.tv ) -- C:\Programme\mozilla firefox\plugins\npvsharetvplg.dll
[2011.10.05 13:37:41 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.05 13:37:41 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.05 13:37:41 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.05 13:37:41 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.05 13:37:41 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.05 13:37:41 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (eCard Client Initiator) - {C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} - C:\Programme\AusweisApp\siqeCardClient.ols (OpenLimit SignCubes AG)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [DDWMon] C:\Programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [ITSecMng] C:\Programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [Samsung WLAN Monitor] C:\Programme\Samsung\WLAN Monitor\WlanMon.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [topi] C:\Programme\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1278836046281 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D1DA8AD-0F6D-4338-B533-C213B7FD241E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008.07.24 14:39:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6ad8b70a-190f-11e0-a942-0022fa29e734}\Shell - "" = AutoRun
O33 - MountPoints2\{6ad8b70a-190f-11e0-a942-0022fa29e734}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ad8b70a-190f-11e0-a942-0022fa29e734}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "Browser"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^OpenOffice.org 3.2.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ANIWZCS2Service - hkey= - key= - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player 9 ActiveX
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.20 19:57:03 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.20 10:21:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2011.12.20 10:21:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.20 10:21:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.20 10:21:39 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.20 10:21:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.18 10:55:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\pdf24
[2011.12.15 10:59:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\YouTube Downloader
[2011.12.14 19:39:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoft
[2011.12.14 19:39:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.12.14 19:39:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DVDVideoSoft
[2011.12.14 19:39:37 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[2011.12.14 19:39:37 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2011.12.14 19:39:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\DVDVideoSoft
[2011.12.14 19:37:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings
[2011.12.14 19:37:33 | 000,000,000 | ---D | C] -- C:\Programme\YouTube Downloader Toolbar
[2011.12.14 19:37:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2011.12.14 19:37:33 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2011.12.07 14:56:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011.12.07 14:56:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Cisco Systems VPN Client
[2011.12.07 14:56:01 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Deterministic Networks
[2011.12.07 14:55:59 | 000,000,000 | ---D | C] -- C:\Programme\Cisco Systems
[2010.09.13 09:19:57 | 000,379,584 | ---- | C] (                                                                                                                                       ) -- C:\WINDOWS\System32\drivers\ar5523.sys
[2008.07.24 15:16:47 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.20 19:48:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.20 19:47:19 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2011.12.20 19:46:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.20 19:46:38 | 3219,116,032 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.18 21:48:23 | 000,006,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel
[2011.12.18 16:15:21 | 000,000,226 | RHS- | M] () -- C:\boot.ini
[2011.12.18 10:15:15 | 000,366,087 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\modifizierte Gürtelschnalle.pdf
[2011.12.18 10:14:43 | 000,608,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\modifizierte Gürtelschnalle.odt
[2011.12.18 09:55:25 | 000,202,688 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Schnalle 1.jpg
[2011.12.18 09:51:04 | 000,393,852 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Schnalle 2.jpg
[2011.12.18 09:46:15 | 000,608,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Schnalle 1.jpg
[2011.12.16 16:30:57 | 000,288,496 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.15 14:05:14 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.07 14:56:46 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNInstall.MIF
[2011.12.02 16:21:54 | 000,053,613 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Gliederung - Andreas Fischer.pdf
[2011.12.02 16:20:52 | 000,015,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Gliederung.odt
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.18 21:48:23 | 000,006,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\.recently-used.xbel
[2011.12.18 10:15:15 | 000,366,087 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\modifizierte Gürtelschnalle.pdf
[2011.12.18 09:49:29 | 000,393,852 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Schnalle 2.jpg
[2011.12.18 09:46:48 | 000,202,688 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Schnalle 1.jpg
[2011.12.18 09:46:15 | 000,608,118 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Schnalle 1.jpg
[2011.12.18 09:42:41 | 000,608,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\modifizierte Gürtelschnalle.odt
[2011.12.07 14:56:02 | 000,002,423 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2011.12.07 14:55:51 | 000,001,594 | ---- | C] () -- C:\WINDOWS\VPNInstall.MIF
[2011.12.02 16:21:54 | 000,053,613 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Gliederung - Andreas Fischer.pdf
[2011.12.02 16:02:11 | 000,015,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Gliederung.odt
[2011.08.23 18:50:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011.07.26 15:31:34 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011.03.07 22:47:01 | 000,001,223 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2011.03.05 19:49:51 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011.03.05 19:49:51 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.10.25 20:44:51 | 000,225,460 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2010.10.25 20:44:51 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2010.10.24 18:50:48 | 000,000,966 | ---- | C] () -- C:\WINDOWS\Mobile Partner Manager.INI
[2010.10.15 19:07:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.10.13 12:57:29 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.10.09 09:57:13 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.09.13 09:20:19 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\WlanApp.dll
[2010.09.13 09:20:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2010.09.13 09:19:57 | 000,153,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2010.08.12 18:04:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.04 17:39:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2010.07.04 17:39:39 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2010.05.21 15:05:54 | 003,099,648 | ---- | C] () -- C:\Programme\openofficeorg32.msi
[2010.05.21 15:04:24 | 000,460,088 | ---- | C] () -- C:\Programme\setup.exe
[2010.05.21 15:02:28 | 145,988,142 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2010.05.21 14:07:44 | 000,000,290 | ---- | C] () -- C:\Programme\setup.ini
[2010.03.23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010.03.23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2010.01.25 21:13:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.01.25 20:53:40 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2010.01.25 20:53:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2010.01.25 20:53:40 | 000,010,146 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2010.01.25 20:53:40 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2010.01.25 20:53:10 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.01.25 20:52:51 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKHDRC1.dat
[2010.01.25 20:52:51 | 000,000,852 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKHDRC0.dat
[2010.01.25 20:52:51 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2010.01.25 20:52:50 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX1.dat
[2010.01.25 20:52:50 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTEQEX0.dat
[2010.01.25 20:52:50 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2010.01.25 20:50:51 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.01.25 18:34:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.07.24 16:09:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.07.24 16:08:16 | 000,000,660 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2008.07.24 15:35:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.07.24 15:35:00 | 000,288,496 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.07.24 15:28:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008.07.24 15:28:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008.07.24 15:28:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008.07.24 15:28:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008.07.24 15:28:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008.07.24 15:28:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008.07.24 15:27:42 | 000,000,322 | ---- | C] () -- C:\WINDOWS\Tinst.ini
[2008.07.24 15:26:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2008.07.24 15:16:47 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2008.07.24 15:09:31 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.07.24 15:09:31 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008.07.24 15:09:31 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008.07.24 15:09:30 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008.07.24 14:58:38 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2008.07.24 14:56:52 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008.07.24 14:56:30 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2008.07.24 14:56:30 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.07.24 14:40:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.07.24 14:37:56 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.07.24 12:31:01 | 000,459,498 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.07.24 12:31:01 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.07.24 12:31:01 | 000,085,162 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.07.24 12:31:01 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.07.24 12:30:59 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.07.24 12:30:59 | 000,441,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.07.24 12:30:59 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.07.24 12:30:59 | 000,071,784 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.07.24 12:30:59 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.07.24 12:30:59 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.07.24 12:30:59 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.07.24 12:30:58 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.07.24 12:30:58 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.07.24 12:30:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.07.24 12:30:53 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.07.24 12:30:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2007.12.21 15:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2002.01.03 01:09:18 | 000,000,356 | ---- | C] () -- C:\WINDOWS\System32\AF15IrTbl.bin
 
========== LOP Check ==========
 
[2011.06.17 09:58:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\CoCreate
[2011.10.27 13:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DAEMON Tools Lite
[2011.10.03 10:07:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DDMSettings
[2011.12.14 19:39:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoft
[2011.12.14 19:39:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.10.12 16:43:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software
[2011.12.18 21:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0
[2011.10.23 19:16:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQ
[2010.10.07 18:46:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InterVideo
[2010.08.03 15:28:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller
[2010.07.24 12:36:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org
[2011.12.14 19:37:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings
[2010.10.09 15:09:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Softplicity
[2011.04.19 19:38:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SQL Developer
[2011.08.23 18:53:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TerraTec
[2010.01.26 03:24:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\toshiba
[2011.06.19 21:10:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011.05.10 08:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Webocton - Scriptly
[2011.12.15 10:59:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\YouTube Downloader
[2010.10.15 17:18:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.07.18 10:33:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
[2011.08.23 18:55:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec
[2010.01.25 20:49:53 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registrierungserinnerung 1.job
[2010.01.25 20:49:54 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registrierungserinnerung 2.job
[2010.01.25 20:49:54 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registrierungserinnerung 3.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2011.07.26 15:30:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Kaspersky Lab
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.19 21:09:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe
[2010.01.25 20:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ATI
[2011.09.09 09:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Avira
[2011.06.17 09:58:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\CoCreate
[2011.10.27 13:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DAEMON Tools Lite
[2011.10.03 10:07:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DDMSettings
[2010.12.26 21:40:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DivX
[2011.08.11 08:27:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\dvdcss
[2011.12.14 19:39:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoft
[2011.12.14 19:39:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.10.12 16:43:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software
[2011.04.11 19:14:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Google
[2011.12.18 21:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0
[2010.11.16 19:42:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Help
[2010.10.25 21:06:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\HP
[2011.12.11 16:33:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\HPAppData
[2011.10.23 19:16:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQ
[2010.01.26 03:24:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Identities
[2010.01.26 03:24:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InstallShield
[2010.10.07 18:46:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InterVideo
[2010.07.11 09:16:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia
[2011.12.20 10:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2011.11.06 13:12:35 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft
[2010.01.25 21:13:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla
[2010.08.03 15:28:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller
[2010.07.24 12:36:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org
[2011.12.14 19:37:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings
[2010.11.04 10:21:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Skype
[2010.11.04 08:06:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\skypePM
[2010.10.09 15:09:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Softplicity
[2011.04.19 19:38:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SQL Developer
[2010.01.26 03:24:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sun
[2011.08.23 18:53:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TerraTec
[2010.01.26 03:24:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\toshiba
[2011.06.19 21:10:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010.11.27 16:43:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\vlc
[2011.05.10 08:28:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Webocton - Scriptly
[2011.10.27 14:29:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Winamp
[2010.08.05 17:00:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\WinRAR
[2010.10.25 20:57:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Yahoo!
[2011.12.15 10:59:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\YouTube Downloader
 
< %APPDATA%\*.exe /s >
[2011.06.19 21:09:27 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.08.03 15:28:15 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller\msnauins.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2009.12.19 23:00:00 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2008.04.15 16:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\OemDir\iaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\DRVSTORE\iaAHCI_E7EB69FF3449D216602D0D37A1D73969621673A9\iaStor.sys
[2008.04.15 16:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 13:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.04.14 13:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.04.14 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.10.15 17:18:40 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.07.24 16:34:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.07.24 16:34:08 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.07.24 16:34:08 | 000,466,944 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

--- --- ---

cosinus · 21.12.2011, 09:49

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2008.07.24 14:39:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6ad8b70a-190f-11e0-a942-0022fa29e734}\Shell - "" = AutoRun
O33 - MountPoints2\{6ad8b70a-190f-11e0-a942-0022fa29e734}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6ad8b70a-190f-11e0-a942-0022fa29e734}\Shell\AutoRun\command - "" = F:\setup.exe -a
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
[2011.12.14 19:37:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings
[2011.12.14 19:37:33 | 000,000,000 | ---D | C] -- C:\Programme\YouTube Downloader Toolbar
[2011.12.14 19:37:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
:Files
C:\Programme\YouTube Downloader Toolbar
C:\Programme\Winload
C:\Programme\ConduitEngine
C:\Programme\Winamp\winampa.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

rawhide · 30.12.2011, 23:27

Sorry, dass ich mich so lange nicht gemeldet hat, Feiertage eben.

Hier das Logfile:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ deleted successfully.
C:\Programme\Winload\prxtbWin0.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ deleted successfully.
C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
File C:\Programme\Winload\prxtbWin0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F3FEE66E-E034-436a-86E4-9690573BEE8A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
File C:\Programme\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{40C3CC16-7269-4B32-9531-17F2950FB06F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40C3CC16-7269-4B32-9531-17F2950FB06F}\ not found.
File C:\Programme\Winload\prxtbWin0.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ad8b70a-190f-11e0-a942-0022fa29e734}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ad8b70a-190f-11e0-a942-0022fa29e734}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ad8b70a-190f-11e0-a942-0022fa29e734}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ad8b70a-190f-11e0-a942-0022fa29e734}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6ad8b70a-190f-11e0-a942-0022fa29e734}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6ad8b70a-190f-11e0-a942-0022fa29e734}\ not found.
File F:\setup.exe -a not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\WinampAgent\ deleted successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings\temp folder moved successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings\res folder moved successfully.
C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings folder moved successfully.
C:\Programme\YouTube Downloader Toolbar\Res\Lang folder moved successfully.
C:\Programme\YouTube Downloader Toolbar\Res folder moved successfully.
C:\Programme\YouTube Downloader Toolbar\IE\4.9 folder moved successfully.
C:\Programme\YouTube Downloader Toolbar\IE folder moved successfully.
C:\Programme\YouTube Downloader Toolbar\FF\chrome\skin folder moved successfully.
C:\Programme\YouTube Downloader Toolbar\FF\chrome\locale\EN-US folder moved successfully.
C:\Programme\YouTube Downloader Toolbar\FF\chrome\locale folder moved successfully.
C:\Programme\YouTube Downloader Toolbar\FF\chrome\content folder moved successfully.
C:\Programme\YouTube Downloader Toolbar\FF\chrome folder moved successfully.
C:\Programme\YouTube Downloader Toolbar\FF folder moved successfully.
C:\Programme\YouTube Downloader Toolbar folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Lang folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot folder moved successfully.
========== FILES ==========
File\Folder C:\Programme\YouTube Downloader Toolbar not found.
C:\Programme\Winload folder moved successfully.
C:\Programme\ConduitEngine folder moved successfully.
C:\Programme\Winamp\winampa.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 594408190 bytes
->Temporary Internet Files folder emptied: 23612033 bytes
->Java cache emptied: 26350239 bytes
->FireFox cache emptied: 1095557881 bytes
->Flash cache emptied: 78508 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56468 bytes
 
User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 32969 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 8384903 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14912907 bytes
RecycleBin emptied: 28783655 bytes
 
Total Files Cleaned = 1.709,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12302011_230619

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 30.12.2011, 23:50

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

rawhide · 01.01.2012, 20:08

Hier der nächste Bericht:

Code:

ATTFilter

20:05:27.0562 5832	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:05:27.0640 5832	============================================================
20:05:27.0640 5832	Current date / time: 2012/01/01 20:05:27.0640
20:05:27.0640 5832	SystemInfo:
20:05:27.0640 5832	
20:05:27.0640 5832	OS Version: 5.1.2600 ServicePack: 3.0
20:05:27.0640 5832	Product type: Workstation
20:05:27.0640 5832	ComputerName: A300
20:05:27.0640 5832	UserName: Admin
20:05:27.0640 5832	Windows directory: C:\WINDOWS
20:05:27.0640 5832	System windows directory: C:\WINDOWS
20:05:27.0640 5832	Processor architecture: Intel x86
20:05:27.0640 5832	Number of processors: 2
20:05:27.0640 5832	Page size: 0x1000
20:05:27.0640 5832	Boot type: Normal boot
20:05:27.0640 5832	============================================================
20:05:27.0890 5832	Initialize success
20:06:10.0187 4512	============================================================
20:06:10.0187 4512	Scan started
20:06:10.0187 4512	Mode: Manual; SigCheck; TDLFS; 
20:06:10.0187 4512	============================================================
20:06:10.0406 4512	Abiosdsk - ok
20:06:10.0421 4512	abp480n5 - ok
20:06:10.0468 4512	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:06:11.0265 4512	ACPI - ok
20:06:11.0406 4512	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:06:11.0515 4512	ACPIEC - ok
20:06:11.0640 4512	adpu160m - ok
20:06:11.0671 4512	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:06:11.0796 4512	aec - ok
20:06:11.0984 4512	AF15BDA         (4706a9caeeaf149ad2857d0a0b57f177) C:\WINDOWS\system32\DRIVERS\AF15BDA.sys
20:06:12.0046 4512	AF15BDA - ok
20:06:12.0234 4512	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:06:12.0281 4512	AFD - ok
20:06:12.0500 4512	AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
20:06:12.0609 4512	AgereSoftModem - ok
20:06:12.0750 4512	Aha154x - ok
20:06:12.0765 4512	aic78u2 - ok
20:06:12.0796 4512	aic78xx - ok
20:06:12.0828 4512	AliIde - ok
20:06:12.0828 4512	amsint - ok
20:06:12.0875 4512	ANIO            (920298c7aef97d8168d219d35975d295) C:\WINDOWS\system32\ANIO.SYS
20:06:12.0906 4512	ANIO ( UnsignedFile.Multi.Generic ) - warning
20:06:12.0906 4512	ANIO - detected UnsignedFile.Multi.Generic (1)
20:06:13.0109 4512	AR5523          (676c3f7315de4937dabe7b5940ca7580) C:\WINDOWS\system32\DRIVERS\ar5523.sys
20:06:13.0171 4512	AR5523 ( UnsignedFile.Multi.Generic ) - warning
20:06:13.0171 4512	AR5523 - detected UnsignedFile.Multi.Generic (1)
20:06:13.0328 4512	Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:06:13.0437 4512	Arp1394 - ok
20:06:13.0578 4512	asc - ok
20:06:13.0593 4512	asc3350p - ok
20:06:13.0625 4512	asc3550 - ok
20:06:13.0687 4512	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:06:13.0796 4512	AsyncMac - ok
20:06:13.0968 4512	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:06:14.0078 4512	atapi - ok
20:06:14.0218 4512	Atdisk - ok
20:06:14.0343 4512	ati2mtag        (fed6e59c29cdb40904c5246335284184) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:06:14.0484 4512	ati2mtag - ok
20:06:14.0640 4512	atksgt          (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys
20:06:14.0687 4512	atksgt ( UnsignedFile.Multi.Generic ) - warning
20:06:14.0687 4512	atksgt - detected UnsignedFile.Multi.Generic (1)
20:06:14.0843 4512	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:06:14.0953 4512	Atmarpc - ok
20:06:15.0109 4512	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:06:15.0218 4512	audstub - ok
20:06:15.0328 4512	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
20:06:15.0343 4512	avgio - ok
20:06:15.0515 4512	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:06:15.0531 4512	avgntflt - ok
20:06:15.0703 4512	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:06:15.0718 4512	avipbb - ok
20:06:15.0875 4512	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:06:15.0984 4512	Beep - ok
20:06:16.0187 4512	BTCFilterService (4813df77ede536a52e3737971f910baa) C:\WINDOWS\system32\DRIVERS\motfilt.sys
20:06:16.0375 4512	BTCFilterService - ok
20:06:16.0515 4512	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:06:16.0640 4512	cbidf2k - ok
20:06:16.0796 4512	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:06:16.0906 4512	CCDECODE - ok
20:06:17.0046 4512	cd20xrnt - ok
20:06:17.0093 4512	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:06:17.0203 4512	Cdaudio - ok
20:06:17.0359 4512	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:06:17.0468 4512	Cdfs - ok
20:06:17.0640 4512	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:06:17.0750 4512	Cdrom - ok
20:06:17.0875 4512	Changer - ok
20:06:17.0968 4512	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:06:18.0078 4512	CmBatt - ok
20:06:18.0218 4512	CmdIde - ok
20:06:18.0250 4512	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:06:18.0343 4512	Compbatt - ok
20:06:18.0500 4512	Cpqarray - ok
20:06:18.0562 4512	CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
20:06:18.0593 4512	CVirtA - ok
20:06:18.0812 4512	CVPNDRVA        (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
20:06:18.0859 4512	CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
20:06:18.0859 4512	CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
20:06:18.0984 4512	dac2w2k - ok
20:06:19.0015 4512	dac960nt - ok
20:06:19.0093 4512	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:06:19.0187 4512	Disk - ok
20:06:19.0390 4512	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
20:06:19.0531 4512	dmboot - ok
20:06:19.0718 4512	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
20:06:19.0828 4512	dmio - ok
20:06:20.0015 4512	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:06:20.0109 4512	dmload - ok
20:06:20.0312 4512	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:06:20.0406 4512	DMusic - ok
20:06:20.0562 4512	DNE             (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:06:20.0593 4512	DNE - ok
20:06:20.0734 4512	dpti2o - ok
20:06:20.0765 4512	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:06:20.0859 4512	drmkaud - ok
20:06:21.0093 4512	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:06:21.0203 4512	Fastfat - ok
20:06:21.0390 4512	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:06:21.0500 4512	Fdc - ok
20:06:21.0687 4512	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
20:06:21.0781 4512	Fips - ok
20:06:21.0953 4512	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:06:22.0062 4512	Flpydisk - ok
20:06:22.0281 4512	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
20:06:22.0375 4512	FltMgr - ok
20:06:22.0562 4512	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:06:22.0671 4512	Fs_Rec - ok
20:06:22.0875 4512	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:06:22.0984 4512	Ftdisk - ok
20:06:23.0156 4512	FwLnk           (4d52c52101492c450518124c592d8925) C:\WINDOWS\system32\DRIVERS\FwLnk.sys
20:06:23.0203 4512	FwLnk - ok
20:06:23.0375 4512	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:06:23.0500 4512	Gpc - ok
20:06:23.0671 4512	gtstusbser      (b980d6f28324183c71d9bffa9d022f52) C:\WINDOWS\system32\DRIVERS\gtstusbser.sys
20:06:23.0734 4512	gtstusbser - ok
20:06:23.0906 4512	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:06:24.0015 4512	HDAudBus - ok
20:06:24.0203 4512	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:06:24.0296 4512	HidUsb - ok
20:06:24.0453 4512	hpn - ok
20:06:24.0500 4512	HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:06:24.0656 4512	HPZid412 - ok
20:06:24.0828 4512	HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:06:24.0843 4512	HPZipr12 - ok
20:06:25.0015 4512	HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:06:25.0062 4512	HPZius12 - ok
20:06:25.0265 4512	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:06:25.0312 4512	HTTP - ok
20:06:25.0453 4512	i2omgmt - ok
20:06:25.0468 4512	i2omp - ok
20:06:25.0515 4512	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:06:25.0640 4512	i8042prt - ok
20:06:25.0640 4512	ialm - ok
20:06:25.0671 4512	iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
20:06:25.0687 4512	iaStor - ok
20:06:25.0875 4512	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:06:25.0984 4512	Imapi - ok
20:06:26.0125 4512	ini910u - ok
20:06:26.0296 4512	IntcAzAudAddService (febb470bf0de4dbebbf72b79df993c5f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:06:26.0500 4512	IntcAzAudAddService - ok
20:06:26.0640 4512	IntelIde - ok
20:06:26.0718 4512	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:06:26.0812 4512	intelppm - ok
20:06:27.0000 4512	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
20:06:27.0109 4512	Ip6Fw - ok
20:06:27.0296 4512	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:06:27.0421 4512	IpFilterDriver - ok
20:06:27.0593 4512	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:06:27.0718 4512	IpInIp - ok
20:06:27.0890 4512	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:06:28.0000 4512	IpNat - ok
20:06:28.0171 4512	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:06:28.0281 4512	IPSec - ok
20:06:28.0468 4512	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:06:28.0531 4512	IRENUM - ok
20:06:28.0703 4512	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:06:28.0812 4512	isapnp - ok
20:06:29.0015 4512	JSWSCIMD        (0c79476ceb3d497a7d0d6d828e9de4c6) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
20:06:29.0078 4512	JSWSCIMD - ok
20:06:29.0265 4512	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:06:29.0375 4512	Kbdclass - ok
20:06:29.0718 4512	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:06:29.0828 4512	kbdhid - ok
20:06:29.0937 4512	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:06:30.0031 4512	kmixer - ok
20:06:30.0093 4512	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:06:30.0171 4512	KSecDD - ok
20:06:30.0265 4512	lbrtfdc - ok
20:06:30.0312 4512	lirsgt          (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
20:06:30.0359 4512	lirsgt ( UnsignedFile.Multi.Generic ) - warning
20:06:30.0359 4512	lirsgt - detected UnsignedFile.Multi.Generic (1)
20:06:30.0468 4512	MBAMSwissArmy - ok
20:06:30.0578 4512	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:06:30.0687 4512	mnmdd - ok
20:06:30.0828 4512	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
20:06:30.0921 4512	Modem - ok
20:06:30.0953 4512	motccgp         (f4ea1193a52c8fe4b8a135e210abe546) C:\WINDOWS\system32\DRIVERS\motccgp.sys
20:06:30.0984 4512	motccgp - ok
20:06:31.0109 4512	motccgpfl       (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
20:06:31.0171 4512	motccgpfl - ok
20:06:31.0312 4512	MotDev          (e190ed75bcc7928143f8f2af4c34d91d) C:\WINDOWS\system32\DRIVERS\motodrv.sys
20:06:31.0406 4512	MotDev - ok
20:06:31.0546 4512	motmodem        (69814acd50a9d6d28296050ef6215d46) C:\WINDOWS\system32\DRIVERS\motmodem.sys
20:06:31.0593 4512	motmodem - ok
20:06:31.0625 4512	MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\WINDOWS\system32\DRIVERS\motswch.sys
20:06:31.0687 4512	MotoSwitchService - ok
20:06:31.0843 4512	Motousbnet      (ddc489d40b49f443787e7ffa75373522) C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
20:06:31.0890 4512	Motousbnet - ok
20:06:32.0031 4512	motusbdevice    (f18898d418f43e74a93edc57e1f28bc9) C:\WINDOWS\system32\DRIVERS\motusbdevice.sys
20:06:32.0093 4512	motusbdevice - ok
20:06:32.0234 4512	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:06:32.0359 4512	Mouclass - ok
20:06:32.0515 4512	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:06:32.0609 4512	MountMgr - ok
20:06:32.0687 4512	MPE             (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
20:06:32.0796 4512	MPE - ok
20:06:32.0906 4512	mraid35x - ok
20:06:32.0968 4512	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:06:33.0062 4512	MRxDAV - ok
20:06:33.0218 4512	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:06:33.0281 4512	MRxSmb - ok
20:06:33.0390 4512	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:06:33.0500 4512	Msfs - ok
20:06:33.0531 4512	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:06:33.0656 4512	MSKSSRV - ok
20:06:33.0796 4512	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:06:33.0890 4512	MSPCLOCK - ok
20:06:34.0046 4512	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:06:34.0140 4512	MSPQM - ok
20:06:34.0296 4512	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:06:34.0375 4512	mssmbios - ok
20:06:34.0390 4512	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:06:34.0500 4512	MSTEE - ok
20:06:34.0671 4512	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:06:34.0703 4512	Mup - ok
20:06:34.0859 4512	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:06:34.0968 4512	NABTSFEC - ok
20:06:35.0140 4512	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:06:35.0234 4512	NDIS - ok
20:06:35.0375 4512	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:06:35.0453 4512	NdisIP - ok
20:06:35.0484 4512	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:06:35.0531 4512	NdisTapi - ok
20:06:35.0687 4512	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:06:35.0812 4512	Ndisuio - ok
20:06:35.0953 4512	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:06:36.0062 4512	NdisWan - ok
20:06:36.0218 4512	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:06:36.0281 4512	NDProxy - ok
20:06:36.0453 4512	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:06:36.0546 4512	NetBIOS - ok
20:06:36.0687 4512	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:06:36.0812 4512	NetBT - ok
20:06:36.0968 4512	Netdevio        (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
20:06:37.0000 4512	Netdevio ( UnsignedFile.Multi.Generic ) - warning
20:06:37.0000 4512	Netdevio - detected UnsignedFile.Multi.Generic (1)
20:06:37.0250 4512	NETw5x32        (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
20:06:37.0484 4512	NETw5x32 - ok
20:06:37.0671 4512	NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:06:37.0781 4512	NIC1394 - ok
20:06:37.0953 4512	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:06:38.0062 4512	Npfs - ok
20:06:38.0265 4512	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:06:38.0421 4512	Ntfs - ok
20:06:38.0593 4512	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:06:38.0703 4512	Null - ok
20:06:38.0875 4512	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:06:38.0984 4512	NwlnkFlt - ok
20:06:39.0171 4512	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:06:39.0265 4512	NwlnkFwd - ok
20:06:39.0468 4512	ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:06:39.0562 4512	ohci1394 - ok
20:06:39.0750 4512	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
20:06:39.0859 4512	Parport - ok
20:06:40.0062 4512	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:06:40.0156 4512	PartMgr - ok
20:06:40.0343 4512	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
20:06:40.0453 4512	ParVdm - ok
20:06:40.0625 4512	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
20:06:40.0718 4512	PCI - ok
20:06:40.0718 4512	PCIDump - ok
20:06:40.0750 4512	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:06:40.0859 4512	PCIIde - ok
20:06:41.0046 4512	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:06:41.0156 4512	Pcmcia - ok
20:06:41.0296 4512	PDCOMP - ok
20:06:41.0312 4512	PDFRAME - ok
20:06:41.0312 4512	PDRELI - ok
20:06:41.0328 4512	PDRFRAME - ok
20:06:41.0328 4512	perc2 - ok
20:06:41.0343 4512	perc2hib - ok
20:06:41.0390 4512	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:06:41.0500 4512	PptpMiniport - ok
20:06:41.0687 4512	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:06:41.0796 4512	PSched - ok
20:06:41.0968 4512	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:06:42.0078 4512	Ptilink - ok
20:06:42.0265 4512	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:06:42.0281 4512	PxHelp20 - ok
20:06:42.0421 4512	ql1080 - ok
20:06:42.0421 4512	Ql10wnt - ok
20:06:42.0437 4512	ql12160 - ok
20:06:42.0437 4512	ql1240 - ok
20:06:42.0437 4512	ql1280 - ok
20:06:42.0484 4512	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:06:42.0593 4512	RasAcd - ok
20:06:42.0781 4512	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:06:42.0890 4512	Rasl2tp - ok
20:06:43.0078 4512	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:06:43.0187 4512	RasPppoe - ok
20:06:43.0359 4512	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:06:43.0484 4512	Raspti - ok
20:06:43.0671 4512	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:06:43.0781 4512	Rdbss - ok
20:06:43.0937 4512	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:06:44.0046 4512	RDPCDD - ok
20:06:44.0234 4512	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:06:44.0343 4512	rdpdr - ok
20:06:44.0531 4512	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:06:44.0578 4512	RDPWD - ok
20:06:44.0765 4512	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:06:44.0875 4512	redbook - ok
20:06:45.0062 4512	rimmptsk        (c2ef513bbe069f0d4ee0938a76f975d3) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
20:06:45.0078 4512	rimmptsk - ok
20:06:45.0250 4512	rimsptsk        (c398bca91216755b098679a8da8a2300) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
20:06:45.0328 4512	rimsptsk - ok
20:06:45.0359 4512	rismxdp         (2a2554cb24506e0a0508fc395c4a1b42) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
20:06:45.0406 4512	rismxdp - ok
20:06:45.0578 4512	ROOTMODEM       (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
20:06:45.0687 4512	ROOTMODEM - ok
20:06:45.0937 4512	RTHDMIAzAudService (856531cd105523a2f81375e7be4954c7) C:\WINDOWS\system32\drivers\RtHDMI.sys
20:06:46.0187 4512	RTHDMIAzAudService - ok
20:06:46.0359 4512	RTLE8023xp      (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:06:46.0421 4512	RTLE8023xp - ok
20:06:46.0593 4512	sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:06:46.0718 4512	sdbus - ok
20:06:46.0890 4512	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:06:46.0953 4512	Secdrv - ok
20:06:47.0140 4512	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
20:06:47.0250 4512	Serial - ok
20:06:47.0453 4512	sffdisk         (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
20:06:47.0562 4512	sffdisk - ok
20:06:47.0718 4512	sffp_sd         (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
20:06:47.0828 4512	sffp_sd - ok
20:06:48.0000 4512	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:06:48.0093 4512	Sfloppy - ok
20:06:48.0265 4512	Simbad - ok
20:06:48.0296 4512	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:06:48.0406 4512	SLIP - ok
20:06:48.0562 4512	Sparrow - ok
20:06:48.0609 4512	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:06:48.0703 4512	splitter - ok
20:06:48.0890 4512	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
20:06:48.0937 4512	sr - ok
20:06:49.0140 4512	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:06:49.0203 4512	Srv - ok
20:06:49.0343 4512	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:06:49.0359 4512	ssmdrv - ok
20:06:49.0421 4512	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:06:49.0531 4512	streamip - ok
20:06:49.0687 4512	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:06:49.0796 4512	swenum - ok
20:06:49.0984 4512	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:06:50.0078 4512	swmidi - ok
20:06:50.0218 4512	symc810 - ok
20:06:50.0218 4512	symc8xx - ok
20:06:50.0234 4512	sym_hi - ok
20:06:50.0250 4512	sym_u3 - ok
20:06:50.0281 4512	SynTP           (d7b9ad3abd0f7f9f694d71f38b5c7b72) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:06:50.0359 4512	SynTP - ok
20:06:50.0531 4512	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:06:50.0640 4512	sysaudio - ok
20:06:50.0843 4512	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:06:50.0953 4512	Tcpip - ok
20:06:51.0109 4512	tdcmdpst        (1825bceb47bf41c5a9f0e44de82fc27a) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
20:06:51.0125 4512	tdcmdpst ( UnsignedFile.Multi.Generic ) - warning
20:06:51.0125 4512	tdcmdpst - detected UnsignedFile.Multi.Generic (1)
20:06:51.0140 4512	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:06:51.0265 4512	TDPIPE - ok
20:06:51.0437 4512	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:06:51.0546 4512	TDTCP - ok
20:06:51.0734 4512	tdudf           (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
20:06:51.0781 4512	tdudf - ok
20:06:51.0953 4512	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:06:52.0078 4512	TermDD - ok
20:06:52.0312 4512	TosIde - ok
20:06:52.0468 4512	tosporte        (2c15b4856f929ac7dd144044d8334b54) C:\WINDOWS\system32\DRIVERS\tosporte.sys
20:06:52.0531 4512	tosporte - ok
20:06:52.0828 4512	tosrfbd         (cd6e9c27adc6b37b0b3df29cc83e15a7) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
20:06:52.0906 4512	tosrfbd - ok
20:06:53.0062 4512	tosrfbnp        (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
20:06:53.0140 4512	tosrfbnp - ok
20:06:53.0312 4512	Tosrfcom        (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
20:06:53.0343 4512	Tosrfcom - ok
20:06:53.0515 4512	tosrfec         (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
20:06:53.0578 4512	tosrfec - ok
20:06:53.0765 4512	Tosrfhid        (d3f87c46c7c9e5db99fbd3d17121b891) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
20:06:53.0828 4512	Tosrfhid - ok
20:06:54.0000 4512	tosrfnds        (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
20:06:54.0015 4512	tosrfnds - ok
20:06:54.0171 4512	TosRfSnd        (156d63f6898e4d95f2962f2b72862868) C:\WINDOWS\system32\drivers\tosrfsnd.sys
20:06:54.0234 4512	TosRfSnd - ok
20:06:54.0406 4512	Tosrfusb        (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
20:06:54.0484 4512	Tosrfusb - ok
20:06:54.0734 4512	trudf           (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
20:06:54.0859 4512	trudf - ok
20:06:55.0093 4512	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:06:55.0203 4512	Udfs - ok
20:06:55.0312 4512	ultra - ok
20:06:55.0359 4512	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:06:55.0484 4512	Update - ok
20:06:55.0671 4512	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:06:55.0781 4512	usbccgp - ok
20:06:55.0953 4512	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:06:56.0062 4512	usbehci - ok
20:06:56.0250 4512	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:06:56.0359 4512	usbhub - ok
20:06:56.0515 4512	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:06:56.0640 4512	usbprint - ok
20:06:56.0812 4512	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:06:56.0921 4512	usbscan - ok
20:06:57.0125 4512	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:06:57.0265 4512	USBSTOR - ok
20:06:57.0453 4512	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:06:57.0562 4512	usbuhci - ok
20:06:57.0718 4512	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:06:57.0828 4512	usbvideo - ok
20:06:58.0140 4512	UVCFTR          (8c5094a8ab24de7496c7c19942f2df04) C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS
20:06:58.0203 4512	UVCFTR - ok
20:06:58.0406 4512	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:06:58.0515 4512	VgaSave - ok
20:06:58.0656 4512	ViaIde - ok
20:06:58.0734 4512	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
20:06:58.0828 4512	VolSnap - ok
20:06:59.0046 4512	vsdatant        (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys
20:06:59.0125 4512	vsdatant - ok
20:06:59.0328 4512	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:06:59.0453 4512	Wanarp - ok
20:06:59.0703 4512	Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:06:59.0781 4512	Wdf01000 - ok
20:06:59.0937 4512	WDICA - ok
20:07:00.0000 4512	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:07:00.0125 4512	wdmaud - ok
20:07:00.0515 4512	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:07:00.0625 4512	WpdUsb - ok
20:07:01.0031 4512	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:07:01.0156 4512	WSTCODEC - ok
20:07:01.0421 4512	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:07:01.0546 4512	WudfPf - ok
20:07:01.0890 4512	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:07:01.0968 4512	WudfRd - ok
20:07:02.0078 4512	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:07:02.0703 4512	\Device\Harddisk0\DR0 - ok
20:07:02.0781 4512	Boot (0x1200)   (3f0c89f63fcc2de5073468cf16a2a412) \Device\Harddisk0\DR0\Partition0
20:07:02.0781 4512	\Device\Harddisk0\DR0\Partition0 - ok
20:07:02.0781 4512	============================================================
20:07:02.0781 4512	Scan finished
20:07:02.0781 4512	============================================================
20:07:02.0890 4488	Detected object count: 7
20:07:02.0890 4488	Actual detected object count: 7
20:07:14.0187 4488	ANIO ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:14.0187 4488	ANIO ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:14.0203 4488	AR5523 ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:14.0203 4488	AR5523 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:14.0218 4488	atksgt ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:14.0218 4488	atksgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:14.0218 4488	CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:14.0218 4488	CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:14.0218 4488	lirsgt ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:14.0218 4488	lirsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:14.0218 4488	Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:14.0218 4488	Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:07:14.0218 4488	tdcmdpst ( UnsignedFile.Multi.Generic ) - skipped by user
20:07:14.0218 4488	tdcmdpst ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 02.01.2012, 13:44

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

rawhide · 02.01.2012, 18:56

Hier das nächste Ding:

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-01-02.01 - Admin 02.01.2012  18:50:59.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3070.2361 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Admin\Eigene Dateien\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\Setup.exe
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-02 bis 2012-01-02  ))))))))))))))))))))))))))))))
.
.
2011-12-30 22:06 . 2011-12-30 22:06	--------	d-----w-	C:\_OTL
2011-12-20 18:57 . 2011-12-20 18:57	--------	d-----w-	c:\programme\ESET
2011-12-20 09:21 . 2011-12-20 09:21	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\Malwarebytes
2011-12-20 09:21 . 2011-12-20 09:21	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-20 09:21 . 2011-12-20 09:21	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2011-12-20 09:21 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-15 09:59 . 2011-12-15 09:59	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\YouTube Downloader
2011-12-14 18:39 . 2011-12-14 18:39	--------	d-----w-	c:\dokumente und einstellungen\Admin\Anwendungsdaten\DVDVideoSoft
2011-12-14 18:39 . 2011-12-14 18:39	--------	d-----w-	c:\programme\Gemeinsame Dateien\DVDVideoSoft
2011-12-14 18:39 . 2011-12-14 18:39	--------	d-----w-	c:\programme\DVDVideoSoft
2011-12-14 18:37 . 2011-12-14 18:37	--------	d-----w-	c:\programme\Application Updater
2011-12-07 13:56 . 2011-12-07 13:56	--------	d-----w-	c:\windows\Internet Logs
2011-12-07 13:56 . 2011-12-07 13:56	--------	d-----w-	c:\programme\Gemeinsame Dateien\Deterministic Networks
2011-12-07 13:55 . 2011-12-07 13:55	--------	d-----w-	c:\programme\Cisco Systems
2011-12-07 13:54 . 2010-03-23 12:30	56832	----a-w-	c:\programme\Mozilla Firefox\vpnclient-winx86-5.0.07.0290\vpnclient-win-msi-5.0.07.0290-k9\vpnclient_setup.exe
2011-12-07 13:54 . 2010-03-23 12:16	221315	----a-w-	c:\programme\Mozilla Firefox\vpnclient-winx86-5.0.07.0290\vpnclient-win-msi-5.0.07.0290-k9\installservice.exe
2011-12-07 13:54 . 2010-03-23 12:15	16505	----a-w-	c:\programme\Mozilla Firefox\vpnclient-winx86-5.0.07.0290\vpnclient-win-msi-5.0.07.0290-k9\DelayInst.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 14:40 . 2008-07-24 11:31	1859712	----a-w-	c:\windows\system32\win32k.sys
2011-11-15 18:22 . 2011-05-13 09:07	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-04 19:13 . 2008-07-24 11:31	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2008-07-24 11:30	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2008-07-24 11:30	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-07-24 11:30	385024	----a-w-	c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-07-24 11:30	1288704	----a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2008-07-24 11:30	33280	----a-w-	c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30	2029568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29	2151424	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-10-18 11:13 . 2008-07-24 11:30	186880	----a-w-	c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2008-07-24 13:38	692736	----a-w-	c:\windows\system32\inetcomm.dll
2010-05-21 14:05 . 2010-05-21 14:05	3099648	----a-w-	c:\programme\openofficeorg32.msi
2011-11-09 12:55 . 2011-10-05 12:37	134104	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A}]
2011-10-21 16:11	3075520	----a-w-	c:\programme\AusweisApp\siqeCardClient.ols
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"THotkey"="c:\programme\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"TPSMain"="TPSMain.exe" [2007-10-15 266240]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2007-05-11 143360]
"NDSTray.exe"="NDSTray.exe" [BU]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"TFncKy"="TFncKy.exe" [BU]
"Samsung WLAN Monitor"="c:\programme\Samsung\WLAN Monitor\WlanMon.exe" [2007-09-11 696320]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-4-14 2979144]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2011-12-7 6144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Admin^Startmenü^Programme^Autostart^OpenOffice.org 3.2.lnk]
path=c:\dokumente und einstellungen\Admin\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58	37296	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 09:49	49152	----a-w-	c:\programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	357696	----a-w-	c:\programme\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08	1259376	----a-w-	c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 14:24	54840	----a-w-	c:\programme\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2011-12-16 11:54	220744	----a-w-	c:\programme\pdf24\pdf24.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17	61440	----a-w-	c:\programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Browser"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Toshiba\\ConfigFree\\NDSTray.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programme\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Programme\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\DivX\\DivX Plus Player\\DivX Plus Player.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Motorola\\Software Update\\msu.exe"=
"c:\\Programme\\Anno 1701\\Anno1701.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\Programme\\ICQ7.5\\ICQ.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\InstTool.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\CinergyDvr.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\tvtvSetup\\tvtv_Wizard.exe"=
"c:\\Programme\\TerraTec\\TerraTec Home Cinema\\VersionCheck\\VersionCheck.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [06.09.2011 08:26 136360]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [18.10.2010 01:32 20549]
R2 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [13.12.2011 17:35 748440]
R2 MotoHelper;MotoHelper Service;c:\programme\Motorola\MotoHelper\MotoHelperService.exe [26.04.2011 21:23 223088]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 11:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 11:15 134016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [24.07.2008 15:16 5888]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [13.09.2010 09:19 57376]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [11.08.2011 07:28 6016]
S3 gtstusbser;Option210 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\gtstusbser.sys [06.06.2011 07:07 103552]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\programme\Samsung\WLAN Monitor\JSWUtil\jswpsapi.exe [13.09.2010 09:19 352338]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [05.01.2011 22:05 20480]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [05.01.2011 22:05 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [11.08.2011 07:28 42752]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [11.08.2011 07:28 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [11.08.2011 07:28 11008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService	REG_MULTI_SZ   	HPSLPSVC
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2010-01-25 c:\windows\Tasks\Registrierungserinnerung 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-24 12:00]
.
2010-01-25 c:\windows\Tasks\Registrierungserinnerung 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-24 12:00]
.
2010-01-25 c:\windows\Tasks\Registrierungserinnerung 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-07-24 12:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
mStart Page = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\dokumente und einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\kx4qsmnm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{40c3cc16-7269-4b32-9531-17f2950fb06f} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-29904223.sys
MSConfigStartUp-ICQ - c:\programme\ICQ7.2\ICQ.exe
MSConfigStartUp-SearchSettings - c:\programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe
AddRemove-conduitEngine - c:\programme\ConduitEngine\ConduitEngineUninstall.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Winload Toolbar - c:\programme\Winload\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-02 18:54
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]
"7040510900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1832)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2012-01-02  18:55:28
ComboFix-quarantined-files.txt  2012-01-02 17:55
.
Vor Suchlauf: 18 Verzeichnis(se), 209.373.356.032 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 209.369.509.888 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /forceresetreg
.
- - End Of File - - 2BF6DCF6EA4E7CE774CB9987349B320A

--- --- ---

cosinus · 02.01.2012, 21:12

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

rawhide · 02.01.2012, 22:08

GMER LOG (keine Ahnung, ob das abgestürzt ist, ist recht wenig)

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-01-02 21:41:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00
Running: w2jm660c.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\pxtdrpog.sys


---- System - GMER 1.0.15 ----

Code            \??\C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys  pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

OSAM LOG

OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:46:42 on 02.01.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"HWSETUP.cpl" - "TOSHIBA Corp." - C:\WINDOWS\system32\HWSETUP.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"LocalCOM.cpl" - "TOSHIBA CORPORATION" - C:\WINDOWS\system32\LocalCOM.cpl
"TOSCDSPD.cpl" - ? - C:\WINDOWS\system32\TOSCDSPD.cpl  (File found, but it contains no detailed information)
"TPwrSave.cpl" - "TOSHIBA Corporation" - C:\WINDOWS\system32\TPwrSave.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"ToshSrv" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Controls\ToshSrv.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ANIO Service" (ANIO) - "Alpha Networks Inc." - C:\WINDOWS\system32\ANIO.SYS
"atksgt" (atksgt) - ? - C:\WINDOWS\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Cinergy T-Stick service" (AF15BDA) - "ITETech                  " - C:\WINDOWS\System32\DRIVERS\AF15BDA.sys
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
"Deterministic Network Enhancer Miniport" (DNE) - "Deterministic Networks, Inc." - C:\WINDOWS\System32\DRIVERS\dne2000.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"ialm" (ialm) - ? - C:\WINDOWS\System32\DRIVERS\igxpmp32.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\WINDOWS\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys  (File not found)
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"pxtdrpog" (pxtdrpog) - ? - C:\DOKUME~1\Admin\LOKALE~1\Temp\pxtdrpog.sys  (Hidden registry entry, rootkit activity | File not found)
"Samsung WLAN USB stick Service" (AR5523) - "                                                                                                                                       " - C:\WINDOWS\System32\DRIVERS\ar5523.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"TOSHIBA Network Device Usermode I/O Protocol" (Netdevio) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\netdevio.sys
"TOSHIBA Writing Engine Filter Driver" (tdcmdpst) - "TOSHIBA Corporation." - C:\WINDOWS\System32\DRIVERS\tdcmdpst.sys
"vsdatant" (vsdatant) - "Zone Labs, LLC" - C:\WINDOWS\system32\vsdatant.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{280CFDE1-1354-4431-92F3-03073BA593FB} "TotalConverter Context Menu Shell Extension" - ? - C:\Programme\TotalHTMLConverter\axTotalConverter.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.6.0_20\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
"ICQ7.5" - "ICQ, LLC." - C:\Programme\ICQ7.5\ICQ.exe
"PokerStars" - "PokerStars" - C:\Programme\PokerStars\PokerStarsUpdate.exe
"PokerStars.net" - "PokerStars" - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{AD6E6555-FB2C-47D4-8339-3E2965509877} "TerraTec Home Cinema" - "TerraTec Electronic GmbH" - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
{C9EE92B7-EDD5-4ad9-8029-2EC6818E653A} "eCard Client Initiator" - "OpenLimit SignCubes AG" - C:\Programme\AusweisApp\siqeCardClient.ols
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Bluetooth Manager.lnk" - "TOSHIBA CORPORATION." - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"VPN Client.lnk" - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\vpngui.exe  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"TOSCDSPD" - "TOSHIBA" - C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"Camera Assistant Software" - "Chicony" - "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
"DDWMon" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
"ITSecMng" - " TOSHIBA CORPORATION" - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
"NDSTray.exe" - ? - NDSTray.exe  (File not found)
"Samsung WLAN Monitor" - ? - C:\Programme\Samsung\WLAN Monitor\WlanMon.exe
"SmoothView" - "TOSHIBA Corporation" - C:\Programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
"TFncKy" - ? - TFncKy.exe  (File not found)
"THotkey" - "TOSHIBA" - C:\Programme\Toshiba\Toshiba Applet\thotkey.exe
"topi" - "TOSHIBA" - C:\Programme\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
"TPSMain" - "TOSHIBA Corporation" - TPSMain.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Toshiba Bluetooth Monitor" - "TOSHIBA CORPORATION." - C:\WINDOWS\system32\tbtmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"ANIWZCSd Service" (ANIWZCSdService) - "Wireless Service" - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
"Apache2.2" (Apache2.2) - "Apache Software Foundation" - C:\xampp\apache\bin\httpd.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Programme\Application Updater\ApplicationUpdater.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"ConfigFree Service" (CFSvcs) - "TOSHIBA CORPORATION" - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
"FileZilla Server FTP server" (FileZilla Server) - "FileZilla Project" - C:\xampp\filezillaftp\filezillaserver.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Jumpstart Wifi Protected Setup" (jswpsapi) - "Atheros Communications, Inc." - C:\Programme\Samsung\WLAN Monitor\JSWUtil\jswpsapi.exe
"MotoHelper Service" (MotoHelper) - ? - C:\Programme\Motorola\MotoHelper\MotoHelperService.exe
"mysql" (mysql) - ? - c:\xampp\mysql\bin\mysqld.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"TOSHIBA Application Service" (TAPPSRV) - "TOSHIBA Corp." - C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
"TOSHIBA Bluetooth Service" (TOSHIBA Bluetooth Service) - "TOSHIBA CORPORATION" - c:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\WINDOWS\system32\TODDSrv.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"igfxcui" - ? - igfxdev.dll  (File not found)
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswmMBR

Code:

ATTFilter

aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
Run date: 2012-01-02 21:47:14
-----------------------------
21:47:14.125    OS Version: Windows 5.1.2600 Service Pack 3
21:47:14.125    Number of processors: 2 586 0x170A
21:47:14.125    ComputerName: A300  UserName: 
21:47:15.281    Initialize success
21:52:42.281    AVAST engine defs: 12010201
21:54:46.531    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:54:46.546    Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
21:54:46.625    Disk 0 MBR read successfully
21:54:46.625    Disk 0 MBR scan
21:54:46.687    Disk 0 Windows XP default MBR code
21:54:46.703    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       238472 MB offset 63
21:54:46.703    Disk 0 scanning sectors +488392065
21:54:46.781    Disk 0 scanning C:\WINDOWS\system32\drivers
21:54:55.609    Service scanning
21:54:56.484    Modules scanning
21:55:18.203    Disk 0 trace - called modules:
21:55:18.203    
21:55:18.937    AVAST engine scan C:\WINDOWS
21:55:26.031    AVAST engine scan C:\WINDOWS\system32
21:56:58.750    AVAST engine scan C:\WINDOWS\system32\drivers
21:57:13.468    AVAST engine scan C:\Dokumente und Einstellungen\Admin
22:03:21.812    AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:04:02.031    Scan finished successfully
22:04:20.046    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Admin\Eigene Dateien\MBR.dat"
22:04:20.046    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Admin\Eigene Dateien\aswMBR.txt"

20.12.2011, 22:12	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Spigot Search Settings nicht entfernbar Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

Spigot Search Settings nicht entfernbar

Plagegeister aller Art und deren Bekämpfung: Spigot Search Settings nicht entfernbar