Nach HTML/Infected.WebPage.Gen2 - 14 Warnungen und 18 Versteckte Objekte bei AntiVir

simabo · 17.01.2012, 13:23

Hallo liebes Forum,

seit gestern habe ich Probleme mit meinem Laptop. Eigentilch funktioniert er noch ganz normal. Nachdem ich jedoch mit AntiVir die Warnung erhalten habe, dass sich in C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6D3RYH0N\IFRAMEcont[1].htm Enthält Erkennungsmuster des HTML-Scriptvirus HTML/Infected.WebPage.Gen2 tauchten beim kurzen Surfen im Netz immer wieder eine Werbeseite auf. Danach habe ich sofort die Internetverbindung unterbrochen und eine komplette Systemprüfung durchgeführt. Avira Free Antivirus sagte mir dann beim ersten Mal, es gäbe ein Problem, dass ich mit einer Antivir CD lösen sollte. Daraufhin konnte der Laptop nur neu gestartet werden. Danach funktioniert bis jetzt alles wie immer. Allerdings findet Antivir immer wieder Versteckte Datein und warnt vor \\.\globalroot\systemroot\system32\mswsock.dll. Diese Datei kann er nicht öffnen.

Im Internet (über einen anderen PC), habe ich mich ein wenig durchgelesen und auch im Forum umgeguckt. HTML/Infected.WebPage.Gen2 scheint nicht so ungefährlich zu sein. Und deshalb bräuchte ich dringend Hilfe, da ich mich nur bedingt auskenne.
Ich habe bereits, wie meistens hier im Forum empfohlen OTL laufen lassen mit dem Benutzerdefinierten text. Die Textdatei habe ich hier:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Bernd
->Flash cache emptied: 1639 bytes

User: Bernd2
->Flash cache emptied: 2248 bytes

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Public

User: Simon
->Flash cache emptied: 209184 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Bernd
->Temp folder emptied: 6470824 bytes
->Temporary Internet Files folder emptied: 2006726 bytes
->FireFox cache emptied: 62437349 bytes
->Flash cache emptied: 0 bytes

User: Bernd2
->Temp folder emptied: 4706005 bytes
->Temporary Internet Files folder emptied: 1358184 bytes
->Java cache emptied: 578988 bytes
->FireFox cache emptied: 201200099 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Simon
->Temp folder emptied: 109055493 bytes
->Temporary Internet Files folder emptied: 360582 bytes
->Java cache emptied: 1079441 bytes
->FireFox cache emptied: 49938830 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 966829 bytes
RecycleBin emptied: 1375 bytes

Total Files Cleaned = 420,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01172012_125954

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Noch ein paar allgemeine Informationen: Der laptop läuft mit Windows Vista mit allen ServicePacks. AntiVir und die Windows Firewall laufen ständig. Sonst hatte ich erst einmal im November Probleme mit TR\Yakes.gkr, der aber seitdem in Quarantäne war und sonst auch keine Auffälligkeiten zeigte.

Es wäre schön, wenn mir jemand helfen könnte.
Beste Grüße,
Simon

PS: Hab die MovedFiles aus _OTL auch einmal über den Forumuploader hochgeladen.

simabo · 17.01.2012, 15:10

Malwarebytes lass ich auch schon einmal laufen.

Wäre echt klasse, wenn sich jemand mit um mein Problem kümmern würde:

cosinus · 17.01.2012, 15:18

Zitat:

PS: Hab die MovedFiles aus _OTL auch einmal über den Forumuploader hochgeladen.

Hinweise wie sowas hier:

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

stehe hier zu Hauf. Warum hast du das ignoriert?

simabo · 17.01.2012, 15:23

Sorry

Ich wollte eigentlich schon einmal soweit wie es geht vorarbeiten. Mist. Kann man trotzdem was machen?

cosinus · 17.01.2012, 15:38

Ja nun ist es passiert. Welches Script zum Fixen hast du genau genommen?
Und poste alle Logs von Malwarebytes

simabo · 17.01.2012, 15:41

:OTL
O4 - HKCU..\Run: [utikm.exe] C:\Users\***\AppData\Roaming\Odulax\utikm.exe ()
:Files
C:\Users\***\AppData\Roaming\Odulax
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

Das war das Script, dass ich verwendet habe.
Malwarebytes läuft mittlerweile schon seit über einer Stunde. Und hat 15 infizierte Objekte gefunden.
Werde alle Logs einstellen. Danke schon einmal für die Hilfe.

cosinus · 17.01.2012, 15:43

Zitat:

Das war das Script, dass ich verwendet habe.

Und die Sternchen wahrscheinlich nicht wegeditiert.
So einen Pfad kann das System nicht finden und OTL kann dann auch nichts fixen.
Zudem sind Dateien/Ordner wie utikm.exe oder Odulax durch den oder die Schädling(e) mit zufälligen Namen versehen, es wäre also schon mehr als unwahrscheinlich, dass du dieselben Schädlinge mit denselben Datei/Ordnernamen hast!

simabo · 17.01.2012, 15:48

Okay, jetzt habe ich es ein wenig verstanden. Die Sternchen habe ich schon mit dem Benutzernamen ersetzt.
Was für Dateien hat OTL den alles gelöscht?

(Malwarbytes läuft noch...)

cosinus · 17.01.2012, 16:47

Zitat:

Was für Dateien hat OTL den alles gelöscht?

Steht doch da im Script!
Wenn du keine Ahnung vom Script hast wieso führst du es denn blind aus! Du hättest warten müssen bis dir jmd ein individuelles FixScript gepostet hätte

simabo · 17.01.2012, 17:19

Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.17.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Simon :: SIMON-LAPTOP [Administrator]

Schutz: Aktiviert

17.01.2012 14:22:45
mbam-log-2012-01-17 (14-22-45).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 403887
Laufzeit: 2 Stunde(n), 33 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 12
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Das ist das Skript, nachdem ich alle Dateien markiert habe und "ausgewählte entfernen" gedrückt hab. Fehlt noch was?
Danach wurde ich zum Neustart aufgefordert.

simabo · 17.01.2012, 21:30

Bisher habe ich mich vielleicht nicht so clever verhalten, ich würde mich trotzdem wirklich sehr freuen, wenn ihr mir weiter helft...

cosinus · 17.01.2012, 21:31

Nein, das in #10 ist ein Malwarebytes-Log und kein Script.
Poste das erste OTL-Log wo noch nichts gefixt wurde

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

simabo · 17.01.2012, 22:21

Danke Arne!!!

Noch einmal ein Neuanfang: Ich habe nur ein OTL Log erhalten. Das ist das, was im ersten Beitrag zu lesen ist.

Hier noch einmal...

Code:

ATTFilter

 All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Bernd
->Flash cache emptied: 1639 bytes
 
User: Bernd2
->Flash cache emptied: 2248 bytes
 
User: Default
->Flash cache emptied: 56475 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LogMeInRemoteUser
 
User: Public
 
User: Simon
->Flash cache emptied: 209184 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Bernd
->Temp folder emptied: 6470824 bytes
->Temporary Internet Files folder emptied: 2006726 bytes
->FireFox cache emptied: 62437349 bytes
->Flash cache emptied: 0 bytes
 
User: Bernd2
->Temp folder emptied: 4706005 bytes
->Temporary Internet Files folder emptied: 1358184 bytes
->Java cache emptied: 578988 bytes
->FireFox cache emptied: 201200099 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Simon
->Temp folder emptied: 109055493 bytes
->Temporary Internet Files folder emptied: 360582 bytes
->Java cache emptied: 1079441 bytes
->FireFox cache emptied: 49938830 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 966829 bytes
RecycleBin emptied: 1375 bytes
 
Total Files Cleaned = 420,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 01172012_125954

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 17.01.2012, 22:25

Kann es sein, dass du gar kein OTL-Log erstellt hast

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

simabo · 17.01.2012, 23:14

Ich hoffe, ich hab nicht schon wieder was falsch gemacht.

Einmal der Text aus OTL.txt
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.01.2012 22:28:44 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Simon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 56,75% Memory free
6,19 Gb Paging File | 4,99 Gb Available in Paging File | 80,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 126,37 Gb Total Space | 12,50 Gb Free Space | 9,89% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 13,03 Gb Free Space | 57,51% Space Free | Partition Type: FAT32
 
Computer Name: SIMON-LAPTOP | User Name: Simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.17 12:55:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011.08.10 14:31:10 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.08.10 14:28:38 | 001,526,080 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.05.05 18:59:40 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.31 12:35:58 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.08.31 10:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.06 11:57:40 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.02 17:41:42 | 000,767,240 | ---- | M] (AgileBits) [Disabled | Stopped] -- C:\Programme\1Password\Agile1pService.exe -- (Agile1Password)
SRV - [2011.09.14 22:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011.08.10 14:28:38 | 001,526,080 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.08.10 14:23:30 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.05.05 18:59:40 | 000,583,360 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [Disabled | Stopped] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.01.06 11:52:31 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.12.08 15:28:21 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.26 17:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011.09.16 14:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011.08.18 13:45:42 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2010.11.29 19:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.05 18:46:38 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2009.04.11 05:45:37 | 000,185,856 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\netbt.sys -- (netbt)
DRV - [2009.02.05 18:39:08 | 000,017,064 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2009.02.05 18:39:00 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2009.02.05 18:38:24 | 000,212,520 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2007.12.18 11:31:00 | 007,630,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.08.30 19:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.08.22 18:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.08.08 07:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.07.31 10:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2006.11.28 14:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2003.04.28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig?hl=de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6c: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.06 12:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.06 12:38:36 | 000,000,000 | ---D | M]
 
[2011.03.09 10:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Extensions
[2012.01.06 10:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\xrixt5i0.default\extensions
[2011.12.12 22:48:40 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Simon\AppData\Roaming\mozilla\Firefox\Profiles\xrixt5i0.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011.11.28 22:00:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XRIXT5I0.DEFAULT\EXTENSIONS\{6E764C17-863A-450F-BDD0-6772BD5AAA18}.XPI
() (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XRIXT5I0.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\USERS\SIMON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XRIXT5I0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.27 12:53:59 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 10:14:54 | 000,083,456 | ---- | M] (vShare.tv ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2011.12.27 12:53:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.27 12:53:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.12.27 12:53:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.27 12:53:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.27 12:53:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.27 12:53:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (1Password) - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Programme\1Password\Agile1pIE.dll (AgileBits)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Users\Simon\AppData\Local\Apps\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: 1Password - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Programme\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra 'Tools' menuitem : 1Password	Ctrl+Alt+ß - {00FAC6C9-C494-4AD8-B3C0-DE677AFDDBD8} - C:\Programme\1Password\Agile1pIE.dll (AgileBits)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197719312979 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BBB45861-79BD-4D58-A980-3EC0AE2A0BF8}: DhcpNameServer = 192.168.11.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O27 - HKLM IFEO\backitup.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\coverdes.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\discspeed.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\infotool.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neromediahome.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\neroupgrade.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\recode.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\showtime.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\waveedit.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{14942f83-9cc6-11e0-a34a-0016d389e0d2}\Shell - "" = AutoRun
O33 - MountPoints2\{14942f83-9cc6-11e0-a34a-0016d389e0d2}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{db6cfa6c-9524-11e0-bfa9-0016d389e0d2}\Shell - "" = AutoRun
O33 - MountPoints2\{db6cfa6c-9524-11e0-bfa9-0016d389e0d2}\Shell\AutoRun\command - "" = G:\AurLaunch\LaunchScreen.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetBT - C:\Windows\System32\drivers\netbt.sys ()
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.17 14:21:40 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\Malwarebytes
[2012.01.17 14:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.17 14:21:19 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.17 14:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.17 14:20:50 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Simon\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.17 13:30:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.17 13:28:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2012.01.17 12:17:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.17 07:55:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.01.17 07:50:22 | 001,974,064 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Simon\Desktop\tdsskiller.exe
[2012.01.17 00:13:04 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\Cro_Meine_Musik_Mixtape
[2012.01.16 22:27:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.01.16 21:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photomatix Pro 4.1
[2012.01.16 21:03:43 | 000,000,000 | ---D | C] -- C:\Program Files\PhotomatixPro4
[2012.01.15 12:38:12 | 000,000,000 | ---D | C] -- C:\Users\Simon\Documents\SHK Psychologisches Insititut
[2012.01.15 12:09:12 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\HDR
[2012.01.14 18:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imagenomic
[2012.01.14 18:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Imagenomic
[2012.01.14 11:02:15 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\HDRsoft
[2012.01.13 17:35:00 | 000,000,000 | ---D | C] -- C:\Users\Simon\Desktop\Neuer Ordner
[2012.01.12 22:05:26 | 000,000,000 | ---D | C] -- C:\Users\Simon\Documents\Praktikum FC Schalke 04
[2012.01.08 17:02:14 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.01.06 18:37:56 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.01.06 18:36:52 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
[2012.01.06 18:36:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.01.06 12:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012.01.06 12:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS3
[2012.01.06 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012.01.06 11:52:31 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.01.06 11:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012.01.06 11:51:43 | 000,000,000 | ---D | C] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Lite
[2012.01.06 11:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.01.05 12:19:55 | 000,000,000 | ---D | C] -- C:\Users\Simon\Documents\Groupon.de
[2012.01.01 22:55:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.01.01 22:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.01.01 22:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2007.10.22 12:45:46 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007.10.22 12:45:45 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.17 22:21:01 | 000,642,248 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.17 22:21:01 | 000,607,228 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.17 22:21:01 | 000,131,686 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.17 22:21:01 | 000,108,604 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.17 21:22:09 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 21:22:09 | 000,003,168 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 17:51:27 | 000,132,531 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\nvModes.001
[2012.01.17 17:22:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.17 17:21:58 | 3217,489,920 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.17 14:22:08 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Simon\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.17 14:21:23 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.17 12:55:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Simon\Desktop\OTL.exe
[2012.01.17 12:17:44 | 000,000,808 | ---- | M] () -- C:\Users\Simon\Desktop\CCleaner.lnk
[2012.01.17 07:50:24 | 001,974,064 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Simon\Desktop\tdsskiller.exe
[2012.01.16 21:03:50 | 000,001,787 | ---- | M] () -- C:\Users\Simon\Desktop\Photomatix Pro 4.1.4 (32-bit).lnk
[2012.01.15 23:28:14 | 000,132,531 | ---- | M] () -- C:\Users\Simon\AppData\Roaming\nvModes.dat
[2012.01.15 23:17:30 | 000,000,414 | ---- | M] () -- C:\Users\Simon\Desktop\Bilder.lnk
[2012.01.15 12:45:40 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.01.14 18:09:30 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\Noiseware Community Edition.lnk
[2012.01.13 10:31:34 | 000,040,960 | ---- | M] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.12 20:33:28 | 000,056,065 | ---- | M] () -- C:\Users\Simon\Desktop\jessicas plan.pdf
[2012.01.11 14:21:07 | 000,011,768 | ---- | M] () -- C:\Users\Simon\Documents\20120112Leistungsübersicht_Studium_Simon_Borgmann.pdf
[2012.01.11 14:21:00 | 000,182,263 | ---- | M] () -- C:\Users\Simon\Documents\Abiturzeugnis_Simon_Borgmann.pdf
[2012.01.09 00:08:26 | 001,735,488 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.01.08 14:58:46 | 000,001,773 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
[2012.01.06 11:52:31 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys
[2012.01.03 17:39:37 | 000,473,666 | ---- | M] () -- C:\Users\Simon\Desktop\821454.pdf
[2012.01.02 23:18:01 | 000,007,876 | ---- | M] () -- C:\Users\Simon\.recently-used.xbel
[2012.01.02 21:32:29 | 006,977,002 | ---- | M] () -- C:\Users\Simon\Desktop\CUG_EOS450D_DE_Flat.pdf
 
========== Files Created - No Company Name ==========
 
[2012.01.17 14:21:23 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.17 12:17:44 | 000,000,808 | ---- | C] () -- C:\Users\Simon\Desktop\CCleaner.lnk
[2012.01.16 22:33:57 | 3217,489,920 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.16 21:03:50 | 000,001,787 | ---- | C] () -- C:\Users\Simon\Desktop\Photomatix Pro 4.1.4 (32-bit).lnk
[2012.01.15 23:17:30 | 000,000,414 | ---- | C] () -- C:\Users\Simon\Desktop\Bilder.lnk
[2012.01.14 18:09:30 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\Noiseware Community Edition.lnk
[2012.01.12 20:33:28 | 000,056,065 | ---- | C] () -- C:\Users\Simon\Desktop\jessicas plan.pdf
[2012.01.11 14:21:07 | 000,011,768 | ---- | C] () -- C:\Users\Simon\Documents\20120112Leistungsübersicht_Studium_Simon_Borgmann.pdf
[2012.01.11 14:21:00 | 000,182,263 | ---- | C] () -- C:\Users\Simon\Documents\Abiturzeugnis_Simon_Borgmann.pdf
[2012.01.08 15:06:46 | 000,000,878 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.01.08 14:58:46 | 000,001,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 10.lnk
[2012.01.08 14:58:46 | 000,001,773 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 10.lnk
[2012.01.06 18:36:52 | 000,000,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012.01.06 12:12:11 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2012.01.03 17:39:36 | 000,473,666 | ---- | C] () -- C:\Users\Simon\Desktop\821454.pdf
[2012.01.02 23:18:01 | 000,007,876 | ---- | C] () -- C:\Users\Simon\.recently-used.xbel
[2012.01.02 21:32:29 | 006,977,002 | ---- | C] () -- C:\Users\Simon\Desktop\CUG_EOS450D_DE_Flat.pdf
[2011.09.24 10:33:52 | 000,000,600 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\winscp.rnd
[2011.09.20 07:27:59 | 000,152,232 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2011.06.28 20:40:32 | 000,000,000 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\Default.PLS
[2011.05.16 15:28:29 | 000,001,356 | ---- | C] () -- C:\Users\Simon\AppData\Local\d3d9caps.dat
[2011.03.11 11:54:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.03.11 11:54:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.03.11 11:54:14 | 000,185,856 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys
[2011.03.10 23:56:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.03.10 12:56:38 | 000,040,960 | ---- | C] () -- C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.09 13:15:14 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini
[2011.03.09 11:44:38 | 000,132,531 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\nvModes.001
[2011.03.09 11:44:30 | 000,132,531 | ---- | C] () -- C:\Users\Simon\AppData\Roaming\nvModes.dat
[2011.03.09 08:47:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.08 11:41:24 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2007.12.15 06:36:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007.10.25 08:15:05 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.10.25 08:15:04 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.10.23 03:20:15 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2007.10.22 12:45:45 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007.10.22 12:45:45 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007.10.22 12:45:45 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007.10.22 12:45:45 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2007.09.18 08:38:30 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2007.09.18 08:33:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2007.09.18 08:16:24 | 000,000,132 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2007.09.12 08:36:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.09.12 08:35:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll
[2007.09.12 08:35:31 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2006.12.11 05:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 16:33:31 | 000,642,248 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,131,686 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 001,735,488 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,607,228 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,108,604 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.10.04 12:56:21 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Agile Web Solutions
[2012.01.06 18:37:56 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.01.06 11:54:22 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Lite
[2011.06.14 09:14:01 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Pro
[2012.01.09 00:36:45 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Dropbox
[2012.01.02 23:18:01 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\gtk-2.0
[2012.01.14 11:02:15 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\HDRsoft
[2011.03.11 14:04:10 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Mp3tag
[2011.10.17 15:50:42 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Nokia Ovi Suite
[2011.03.10 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PC Suite
[2011.10.03 11:29:49 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\TuneUp Software
[2012.01.17 17:21:04 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.16 16:10:43 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Adobe
[2011.10.04 12:56:21 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Agile Web Solutions
[2011.11.21 09:43:11 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Apple Computer
[2011.10.23 21:02:07 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Avira
[2012.01.06 18:37:56 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.06.28 20:40:35 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\CyberLink
[2012.01.06 11:54:22 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Lite
[2011.06.14 09:14:01 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\DAEMON Tools Pro
[2012.01.09 00:36:45 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Dropbox
[2012.01.02 23:18:01 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\gtk-2.0
[2012.01.14 11:02:15 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\HDRsoft
[2011.03.09 09:50:04 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Identities
[2011.03.09 10:05:15 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Macromedia
[2012.01.17 14:21:40 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Media Center Programs
[2012.01.14 11:28:02 | 000,000,000 | --SD | M] -- C:\Users\Simon\AppData\Roaming\Microsoft
[2011.03.09 10:06:04 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Mozilla
[2011.03.11 14:04:10 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Mp3tag
[2011.03.16 18:27:36 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Nero
[2011.10.17 15:50:42 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Nokia Ovi Suite
[2011.03.10 12:54:42 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\PC Suite
[2011.10.03 11:29:49 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\TuneUp Software
[2011.03.09 12:30:07 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\vlc
[2011.03.09 13:26:51 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\Winamp
[2011.06.14 07:16:29 | 000,000,000 | ---D | M] -- C:\Users\Simon\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Simon\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.12.05 20:18:12 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\Simon\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.04.17 09:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.04.17 09:30:38 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2011.03.08 13:37:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011.03.08 13:37:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011.03.08 13:37:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2011.03.08 13:37:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.07.12 15:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.09.18 11:09:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.09.18 11:09:52 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.11 08:35:04 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.04.11 08:35:04 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.04.11 08:35:01 | 000,118,784 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB24042$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

--- --- ---

17.01.2012, 15:38	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Nach HTML/Infected.WebPage.Gen2 - 14 Warnungen und 18 Versteckte Objekte bei AntiVir Ja nun ist es passiert. Welches Script zum Fixen hast du genau genommen? Und poste alle Logs von Malwarebytes __________________ Logfiles bitte immer in CODE-Tags posten

Nach HTML/Infected.WebPage.Gen2 - 14 Warnungen und 18 Versteckte Objekte bei AntiVir

Plagegeister aller Art und deren Bekämpfung: Nach HTML/Infected.WebPage.Gen2 - 14 Warnungen und 18 Versteckte Objekte bei AntiVir