Googlelinks führen zu nicht erwünschten Seiten

preusse · 18.01.2012, 15:34

Hallo,

seit heute habe ich ein Problem mit google.
Wenn ich nach einer Suche auf die Links klicke werde ich nicht zu der gewünschten Seite geführt sondern zu irgendwelchen Werbeseiten.

Ich verwende:

Windows XP
Firefox 9.0.1

Vielen Dank für Eure Mühe, mir zu helfen.

Hier die gewünschten Logs. Das Programm OTL hat bei mir kein Extra-Log erstellt!

OTL-Log

Code:

ATTFilter

OTL logfile created on: 18.01.2012 15:11:39 - Run 6
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Andreas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 77,25% Memory free
5,09 Gb Paging File | 4,43 Gb Available in Paging File | 87,02% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 30,40 Gb Total Space | 15,72 Gb Free Space | 51,72% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 465,76 Gb Total Space | 343,50 Gb Free Space | 73,75% Space Free | Partition Type: NTFS
 
Computer Name: ANDI | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.18 11:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe
PRC - [2012.01.06 09:36:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- E:\Betriebsprogramme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- E:\Betriebsprogramme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.28 20:03:01 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.01 08:51:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.24 10:04:41 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.05 16:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.08.09 10:49:26 | 003,986,552 | ---- | M] (Almico Software (www.almico.com)) -- C:\Programme\SpeedFan\speedfan.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.02.01 16:17:08 | 000,565,248 | ---- | M] (3S-Smart Software Solutions GmbH) -- C:\Programme\3S Software\CoDeSys ENI Server\ENI.exe
PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.18 15:09:25 | 000,192,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Temp\sfamcc00001.dll
MOD - [2012.01.18 15:09:25 | 000,172,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Temp\sfareca00001.dll
MOD - [2012.01.06 09:36:50 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.11.09 21:45:32 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.08.29 18:40:43 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010.03.16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2010.02.10 23:33:10 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2010.02.10 23:33:04 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll
MOD - [2010.02.10 23:32:37 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
MOD - [2010.02.10 23:32:36 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2010.02.10 23:32:29 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2010.02.10 23:32:08 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2010.02.10 23:32:05 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2010.02.10 23:32:03 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2010.02.10 23:31:57 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.10.22 12:00:29 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.10.22 12:00:27 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2005.02.01 16:17:10 | 000,069,632 | ---- | M] () -- C:\Programme\3S Software\CoDeSys ENI Server\Drivers\ENIDrvFileSystem.edd
MOD - [2005.01.06 17:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2001.10.28 15:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Betriebsprogramme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.28 20:03:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.01 08:51:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.02.01 16:17:08 | 000,565,248 | ---- | M] (3S-Smart Software Solutions GmbH) [Auto | Running] -- C:\Programme\3S Software\CoDeSys ENI Server\ENI.exe -- (ENI Server)
SRV - [2004.12.16 13:33:24 | 000,544,825 | ---- | M] (3S-Smart Software Solutions GmbH) [On_Demand | Stopped] -- C:\Programme\3S Software\CoDeSys SP RTE\RTService.exe -- (RTService)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.15 12:58:28 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.28 20:03:02 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 20:03:02 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.07.09 16:23:03 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.09 16:23:02 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.07.07 07:13:10 | 000,012,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005.03.03 18:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.02.23 16:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.12.16 12:38:26 | 000,298,043 | ---- | M] (3S - Smart Software Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\3SRTE.sys -- (3SRTE)
DRV - [2004.12.16 07:27:42 | 000,023,618 | ---- | M] (3S) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvAPIC.sys -- (RTIOdrvAPIC)
DRV - [2004.12.16 07:24:40 | 000,300,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvAutomata.sys -- (RTIOdrvAutomata)
DRV - [2004.12.06 14:56:40 | 000,057,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvHilscherDPM.sys -- (RTIOdrvHilscherDPM)
DRV - [2004.12.03 11:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.10.22 09:25:58 | 000,203,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvFC310x.sys -- (RTIOdrvFC310x)
DRV - [2004.10.18 06:43:28 | 000,030,268 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvHMS.sys -- (RTIOdrvHMS)
DRV - [2004.08.03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004.06.29 09:39:14 | 000,108,796 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvSJA.sys -- (RTIOdrvSJA)
DRV - [2004.04.14 10:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004.04.14 10:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004.04.14 10:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004.04.14 10:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003.09.24 07:21:48 | 000,398,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvCP5613.sys -- (RTIOdrvCP5613)
DRV - [2002.07.29 10:31:16 | 000,218,956 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvApplicom.sys -- (RTIOdrvApplicom)
DRV - [2002.07.22 10:25:18 | 000,264,124 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ibpcimpm.sys -- (ibpcimpm)
DRV - [2002.07.17 07:35:22 | 000,080,756 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvDAMP.sys -- (RTIOdrvDAMP)
DRV - [2001.08.17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.heute.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.heute.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.3
FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.bib.h-bonn-rhein-sieg.de/bibmedia/Downloads/bibliothek/proxy_pac-p-6656.pac"
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.06 09:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.02 00:01:27 | 000,000,000 | ---D | M]
 
[2011.02.11 22:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Extensions
[2011.02.11 22:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.14 11:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\nh7rzrgl.default\extensions
[2012.01.14 11:38:40 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\nh7rzrgl.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.11.05 16:10:09 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\nh7rzrgl.default\extensions\firefox@ghostery.com
[2011.11.09 18:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.03.05 14:44:54 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.01.06 09:36:51 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011.05.06 10:12:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 10:12:24 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.05.06 10:12:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 10:12:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.06 10:12:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 10:12:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.04 16:52:50 | 000,307,229 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Betriebsprogramme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\SpeedFan.lnk = C:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B922220B-3C7C-40AE-BD0F-5ECA4D0B7886}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.04 15:45:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{59e0c8f4-1fe4-11df-8b4c-0030843a9633}\Shell\AutoRun\command - "" = G:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Flash Player 8
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Exif Launcher S.lnk -  - File not found
MsConfig - StartUpReg: Buskb - hkey= - key= -  File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: ENISysTray - hkey= - key= - C:\Programme\3S Software\CoDeSys ENI Server\ENISysTray.exe (3S-Smart Software Solutions GmbH)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.18 15:07:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Andreas\Recent
[2012.01.18 15:02:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe
[2012.01.18 03:04:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012.01.17 00:07:44 | 000,000,000 | ---D | C] -- C:\Programme\Sierra On-Line
[2012.01.15 02:10:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\DemolitionInc
[2012.01.14 00:09:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\Tilted Mill
[2012.01.13 14:14:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\Somalian Syndrome
[2012.01.13 14:13:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Xvid
[2012.01.13 14:13:26 | 000,000,000 | ---D | C] -- C:\Programme\Xvid
[2012.01.04 19:59:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\dm-Fotowelt
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.18 15:09:11 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.18 15:09:10 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\Lrdqlhgvek.job
[2012.01.18 15:09:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.18 15:02:33 | 000,004,820 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012.01.18 13:37:08 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\9y23y0kk.exe
[2012.01.18 13:27:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\defogger_reenable
[2012.01.18 11:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe
[2012.01.18 03:04:48 | 000,118,784 | RHS- | M] () -- C:\WINDOWS\System32\perfprocg.dll
[2012.01.18 02:42:51 | 000,015,866 | ---- | M] () -- C:\monkey.s00
[2012.01.18 02:37:37 | 000,022,660 | ---- | M] () -- C:\atlantis.s01
[2012.01.18 02:33:59 | 000,024,103 | ---- | M] () -- C:\atlantis.s00
[2012.01.18 02:24:45 | 000,017,624 | ---- | M] () -- C:\zak.s01
[2012.01.18 02:22:48 | 000,016,167 | ---- | M] () -- C:\zak.s00
[2012.01.18 02:17:14 | 000,000,032 | ---- | M] () -- C:\WINDOWS\CD_Start.INI
[2012.01.17 01:40:54 | 000,000,249 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2012.01.17 00:42:25 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012.01.17 00:42:25 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2012.01.17 00:42:25 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2012.01.16 09:30:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2012.01.15 02:10:20 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2012.01.11 14:13:38 | 000,049,707 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\Lebenslauf von ***.pdf
[2012.01.09 11:17:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.18 13:39:33 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\9y23y0kk.exe
[2012.01.18 13:27:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\defogger_reenable
[2012.01.18 03:04:49 | 000,000,322 | ---- | C] () -- C:\WINDOWS\tasks\Lrdqlhgvek.job
[2012.01.18 03:04:48 | 000,118,784 | RHS- | C] () -- C:\WINDOWS\System32\perfprocg.dll
[2012.01.18 02:42:51 | 000,015,866 | ---- | C] () -- C:\monkey.s00
[2012.01.18 02:37:37 | 000,022,660 | ---- | C] () -- C:\atlantis.s01
[2012.01.18 02:33:59 | 000,024,103 | ---- | C] () -- C:\atlantis.s00
[2012.01.18 02:24:45 | 000,017,624 | ---- | C] () -- C:\zak.s01
[2012.01.18 02:22:48 | 000,016,167 | ---- | C] () -- C:\zak.s00
[2012.01.18 02:16:57 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2012.01.17 00:27:48 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012.01.17 00:27:48 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012.01.17 00:27:48 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2012.01.16 22:56:42 | 000,000,249 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2012.01.13 14:13:27 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012.01.13 14:13:27 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012.01.13 14:13:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2012.01.11 14:13:37 | 000,049,707 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\Lebenslauf von Andreas Lang.pdf
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011.07.28 19:45:56 | 000,393,256 | ---- | C] () -- C:\WINDOWS\System32\CNQ2414N.DAT
[2011.05.28 01:59:31 | 000,300,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvAutomata.sys
[2011.05.28 01:59:31 | 000,264,124 | ---- | C] () -- C:\WINDOWS\System32\drivers\ibpcimpm.sys
[2011.05.28 01:59:31 | 000,203,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvFC310x.sys
[2011.05.28 01:59:31 | 000,108,796 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvSJA.sys
[2011.05.28 01:59:31 | 000,030,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvHMS.sys
[2011.05.28 01:59:30 | 000,398,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvCP5613.sys
[2011.05.28 01:59:30 | 000,218,956 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvApplicom.sys
[2011.05.28 01:59:30 | 000,080,756 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvDAMP.sys
[2011.05.28 01:59:30 | 000,057,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvHilscherDPM.sys
[2011.05.28 01:59:15 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\callrproxy.dll
[2011.05.28 01:59:15 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\OPCENUM.EXE
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011.03.13 02:39:19 | 001,872,916 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-527237240-1220945662-839522115-1003-0.dat
[2011.03.13 02:39:18 | 000,289,054 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.03.01 19:55:51 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\PnkBstrK.sys
[2011.03.01 19:55:31 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2011.01.10 22:52:45 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.07.07 23:13:49 | 000,002,070 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2010.06.19 22:38:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010.06.19 22:38:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2010.04.27 18:22:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.02.15 00:23:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010.02.15 00:23:02 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010.02.15 00:23:02 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010.02.15 00:10:21 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.02.10 22:03:16 | 000,612,608 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.02.10 11:32:13 | 000,000,882 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.10.13 18:47:04 | 000,062,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.02 21:14:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FE.INI
[2009.08.30 02:56:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.08.11 15:31:53 | 000,000,144 | ---- | C] () -- C:\WINDOWS\PG3prefs.ini
[2009.06.11 11:01:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.06.08 15:49:27 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.06.08 15:49:27 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.06.04 22:49:07 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.06.04 22:49:02 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009.06.04 22:46:26 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009.06.04 22:15:44 | 000,000,910 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009.06.04 19:53:11 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.06.04 19:07:41 | 000,002,120 | R--- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2009.06.04 17:11:01 | 000,004,610 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.06.04 17:10:57 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.06.04 16:35:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.06.04 16:35:23 | 000,004,820 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.06.04 16:34:39 | 000,308,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.06.04 16:14:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.06.04 16:08:00 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009.06.04 15:46:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.06.04 15:42:29 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.08.05 22:14:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.09.02 14:30:50 | 000,520,090 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.09.02 14:30:50 | 000,496,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.09.02 14:30:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.09.02 14:30:50 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.09.02 14:30:50 | 000,101,506 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.09.02 14:30:50 | 000,084,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.09.02 14:30:50 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.09.02 14:30:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.09.02 14:30:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.09.02 14:30:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.09.02 14:30:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.09.02 14:29:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.09.02 14:29:12 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001.08.23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.08.05 23:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2011.07.28 19:50:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJ
[2011.07.28 19:47:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2009.12.08 15:35:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2009.07.14 22:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2011.11.27 23:50:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dbg
[2011.06.06 00:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Logs
[2010.06.19 22:38:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2009.07.09 16:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages
[2012.01.04 20:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2010.03.05 19:56:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Academic Software Zurich
[2009.08.05 23:28:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Ashampoo
[2011.07.28 19:47:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Canon
[2011.03.12 13:09:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Dev-Cpp
[2011.10.12 21:46:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DVDVideoSoft
[2011.10.12 21:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.09.28 13:37:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\FUJIFILM
[2011.06.06 00:00:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Kalypso Media
[2011.08.31 01:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mount&Blade
[2011.04.16 18:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ProtectDISC
[2011.11.29 13:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\QuickScan
[2010.12.21 23:50:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Serif
[2012.01.03 11:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\The Creative Assembly
[2011.11.30 13:26:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Tropico 3
[2012.01.18 15:09:10 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\Lrdqlhgvek.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.02.14 23:58:51 | 000,000,000 | ---D | M] -- C:\Arbeit
[2010.02.15 00:22:11 | 000,000,000 | ---D | M] -- C:\ATI
[2010.02.14 23:58:54 | 000,000,000 | ---D | M] -- C:\Bewerbung
[2011.03.12 13:01:32 | 000,000,000 | ---D | M] -- C:\Dev-Cpp
[2011.11.29 10:06:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.05.29 22:56:50 | 000,000,000 | ---D | M] -- C:\ENI
[2011.05.28 01:59:13 | 000,000,000 | ---D | M] -- C:\lm.dat
[2009.09.10 21:54:02 | 000,000,000 | ---D | M] -- C:\Netgear
[2011.11.08 13:21:13 | 000,000,000 | ---D | M] -- C:\OpenSSL-Win32
[2012.01.18 12:20:13 | 000,000,000 | R--D | M] -- C:\Programme
[2010.01.11 20:38:38 | 000,000,000 | ---D | M] -- C:\Raid
[2011.11.29 10:35:22 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.01.18 03:08:40 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.02.14 22:39:18 | 000,000,000 | ---D | M] -- C:\Systemtools
[2011.11.08 13:16:35 | 000,000,000 | ---D | M] -- C:\totalcmd
[2011.12.08 13:09:26 | 000,000,000 | ---D | M] -- C:\Users
[2012.01.18 12:29:02 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2008.04.14 00:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008.04.14 00:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\system32\drivers\afd.sys
[2004.08.03 22:14:16 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.14 00:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.14 00:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004.08.03 22:14:30 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2004.08.03 23:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2008.04.14 07:23:18 | 001,845,760 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

gmer-Log

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-18 14:44:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JB-00JJA0 rev.05.01C05
Running: 9y23y0kk.exe; Driver: C:\DOKUME~1\Andreas\LOKALE~1\Temp\pxtdrpod.sys


---- System - GMER 1.0.15 ----

SSDT    F7A9E21C                                      ZwClose
SSDT    F7A9E1D6                                      ZwCreateKey
SSDT    F7A9E226                                      ZwCreateSection
SSDT    F7A9E1CC                                      ZwCreateThread
SSDT    F7A9E1DB                                      ZwDeleteKey
SSDT    F7A9E1E5                                      ZwDeleteValueKey
SSDT    F7A9E217                                      ZwDuplicateObject
SSDT    F7A9E1EA                                      ZwLoadKey
SSDT    F7A9E1B8                                      ZwOpenProcess
SSDT    F7A9E1BD                                      ZwOpenThread
SSDT    F7A9E1F4                                      ZwReplaceKey
SSDT    F7A9E1EF                                      ZwRestoreKey
SSDT    F7A9E22B                                      ZwSetContextThread
SSDT    F7A9E1E0                                      ZwSetValueKey
SSDT    F7A9E1C7                                      ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text   ntoskrnl.exe!ZwYieldExecution + 1FE           804E4A28 4 Bytes  [EA, E1, A9, F7]
.text   C:\WINDOWS\system32\DRIVERS\ati2mtag.sys      section is writeable [0xB9613000, 0x2C28EE, 0xE8000020]
.vmp2   C:\WINDOWS\system32\drivers\acedrv11.sys      entry point in ".vmp2" section [0xA948C69D]
.text   C:\WINDOWS\system32\DRIVERS\atksgt.sys        section is writeable [0xA9422300, 0x3B6D8, 0xE8000020]
.text   C:\WINDOWS\system32\DRIVERS\lirsgt.sys        section is writeable [0xF77EF300, 0x1BEE, 0xE8000020]

---- Devices - GMER 1.0.15 ----

Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdePort0            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdePort1            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdePort2            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdePort3            sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e   sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- EOF - GMER 1.0.15 ----

Maleware-Log

Code:

ATTFilter

2012/01/18 11:10:09 +0100	ANDI	Andreas	MESSAGE	Executing scheduled update:  Daily
2012/01/18 11:10:16 +0100	ANDI	Andreas	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.01.18.01 to version v2012.01.18.02
2012/01/18 12:48:36 +0100	ANDI	Andreas	MESSAGE	Starting protection
2012/01/18 12:48:41 +0100	ANDI	Andreas	MESSAGE	Protection started successfully
2012/01/18 12:48:44 +0100	ANDI	Andreas	MESSAGE	Starting IP protection
2012/01/18 12:48:45 +0100	ANDI	Andreas	MESSAGE	IP Protection started successfully
2012/01/18 12:49:02 +0100	ANDI	Andreas	IP-BLOCK	195.88.209.15 (Type: outgoing)
2012/01/18 12:50:36 +0100	ANDI		MESSAGE	Starting protection
2012/01/18 12:50:43 +0100	ANDI		MESSAGE	Protection started successfully
2012/01/18 12:50:46 +0100	ANDI	Andreas	MESSAGE	Starting IP protection
2012/01/18 12:50:49 +0100	ANDI	Andreas	MESSAGE	IP Protection started successfully
2012/01/18 12:52:29 +0100	ANDI	Andreas	IP-BLOCK	195.88.209.15 (Type: outgoing)
2012/01/18 12:52:32 +0100	ANDI	Andreas	IP-BLOCK	195.88.209.15 (Type: outgoing)
2012/01/18 12:52:38 +0100	ANDI	Andreas	IP-BLOCK	195.88.209.15 (Type: outgoing)
2012/01/18 12:57:28 +0100	ANDI		MESSAGE	Starting protection
2012/01/18 12:57:35 +0100	ANDI		MESSAGE	Protection started successfully
2012/01/18 12:57:38 +0100	ANDI	Andreas	MESSAGE	Starting IP protection
2012/01/18 12:57:43 +0100	ANDI	Andreas	MESSAGE	IP Protection started successfully
2012/01/18 12:59:22 +0100	ANDI	Andreas	IP-BLOCK	195.88.209.15 (Type: outgoing)
2012/01/18 12:59:25 +0100	ANDI	Andreas	IP-BLOCK	195.88.209.15 (Type: outgoing)
2012/01/18 12:59:31 +0100	ANDI	Andreas	IP-BLOCK	195.88.209.15 (Type: outgoing)
2012/01/18 14:20:27 +0100	ANDI	Andreas	IP-BLOCK	94.198.240.149 (Type: outgoing)
2012/01/18 14:20:27 +0100	ANDI	Andreas	IP-BLOCK	94.198.240.149 (Type: outgoing)
2012/01/18 14:20:27 +0100	ANDI	Andreas	IP-BLOCK	94.198.240.149 (Type: outgoing)
2012/01/18 14:20:27 +0100	ANDI	Andreas	IP-BLOCK	94.198.240.149 (Type: outgoing)
2012/01/18 14:20:27 +0100	ANDI	Andreas	IP-BLOCK	94.198.240.149 (Type: outgoing)
2012/01/18 14:20:30 +0100	ANDI	Andreas	IP-BLOCK	94.198.240.149 (Type: outgoing)
2012/01/18 14:20:30 +0100	ANDI	Andreas	IP-BLOCK	94.198.240.149 (Type: outgoing)
2012/01/18 14:20:30 +0100	ANDI	Andreas	IP-BLOCK	94.198.240.149 (Type: outgoing)
2012/01/18 14:20:30 +0100	ANDI	Andreas	IP-BLOCK	94.198.240.149 (Type: outgoing)
2012/01/18 14:20:36 +0100	ANDI	Andreas	IP-BLOCK	94.198.240.149 (Type: outgoing)
2012/01/18 14:20:36 +0100	ANDI	Andreas	IP-BLOCK	94.198.240.149 (Type: outgoing)
2012/01/18 14:20:36 +0100	ANDI	Andreas	IP-BLOCK	94.198.240.149 (Type: outgoing)
2012/01/18 15:09:23 +0100	ANDI		MESSAGE	Starting protection
2012/01/18 15:09:30 +0100	ANDI		MESSAGE	Protection started successfully
2012/01/18 15:09:33 +0100	ANDI	Andreas	MESSAGE	Starting IP protection
2012/01/18 15:09:37 +0100	ANDI	Andreas	MESSAGE	IP Protection started successfully
2012/01/18 15:11:18 +0100	ANDI	Andreas	IP-BLOCK	195.88.209.15 (Type: outgoing)
2012/01/18 15:11:21 +0100	ANDI	Andreas	IP-BLOCK	195.88.209.15 (Type: outgoing)
2012/01/18 15:11:27 +0100	ANDI	Andreas	IP-BLOCK	195.88.209.15 (Type: outgoing)

cosinus · 18.01.2012, 21:09

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

preusse · 18.01.2012, 21:19

Ich habe genau noch ein anderes Log vom 29.11.2011

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8269

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

29.11.2011 13:33:57
mbam-log-2011-11-29 (13-33-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 178275
Laufzeit: 3 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 18.01.2012, 21:48

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

preusse · 19.01.2012, 00:22

Hallo,

hier die gewünschte Log-Datei von Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.18.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Andreas :: ANDI [Administrator]

Schutz: Aktiviert

18.01.2012 23:36:35
mbam-log-2012-01-18 (23-36-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 345520
Laufzeit: 46 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und die Log-Datei von ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5914d444672ada46a9e0c1135a63c892
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-18 10:19:53
# local_time=2012-01-18 11:19:53 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775125 100 100 44005 101818080 47642 0
# compatibility_mode=8192 67108863 100 0 3746 3746 0 0
# scanned=180501
# found=2
# cleaned=0
# scan_time=3677
E:\Betriebsprogramme\Unlocker1.9.1.exe	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
${Memory}	probably a variant of Win32/Ponmocup.AA trojan	00000000000000000000000000000000	I

cosinus · 19.01.2012, 10:22

Ziemlich unauffällig.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

preusse · 19.01.2012, 10:41

Hier das gewünschte neue OTL-Log:

Code:

ATTFilter

OTL logfile created on: 19.01.2012 10:31:29 - Run 7
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Andreas\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 83,65% Memory free
5,09 Gb Paging File | 4,60 Gb Available in Paging File | 90,29% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 30,40 Gb Total Space | 15,57 Gb Free Space | 51,21% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 465,76 Gb Total Space | 343,54 Gb Free Space | 73,76% Space Free | Partition Type: NTFS
 
Computer Name: ANDI | User Name: Andreas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.18 11:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- E:\Betriebsprogramme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- E:\Betriebsprogramme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.28 20:03:01 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.01 08:51:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.24 10:04:41 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.09.05 16:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.08.09 10:49:26 | 003,986,552 | ---- | M] (Almico Software (www.almico.com)) -- C:\Programme\SpeedFan\speedfan.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.02.01 16:17:08 | 000,565,248 | ---- | M] (3S-Smart Software Solutions GmbH) -- C:\Programme\3S Software\CoDeSys ENI Server\ENI.exe
PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.19 09:38:03 | 000,192,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Temp\sfamcc00001.dll
MOD - [2012.01.19 09:38:03 | 000,172,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Temp\sfareca00001.dll
MOD - [2011.11.09 21:45:32 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.07.04 22:32:38 | 000,010,752 | ---- | M] () -- E:\Betriebsprogramme\Unlocker\UnlockerCOM.dll
MOD - [2010.03.16 12:22:12 | 000,014,848 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\AxInterop.WBOCXLib.dll
MOD - [2010.02.10 23:33:10 | 011,791,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\50ea744ffc3cb7f09b027fd6c5c93b2b\System.Web.ni.dll
MOD - [2010.02.10 23:33:04 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3736ba3ecac186f9c5d85f01bda2be98\System.Runtime.Remoting.ni.dll
MOD - [2010.02.10 23:32:37 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\c2af7cfbb47c077029a2645930b4eeac\Accessibility.ni.dll
MOD - [2010.02.10 23:32:36 | 012,428,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2010.02.10 23:32:29 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2010.02.10 23:32:08 | 005,449,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2010.02.10 23:32:05 | 000,970,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll
MOD - [2010.02.10 23:32:03 | 007,867,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2010.02.10 23:31:57 | 011,485,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2009.10.22 12:00:29 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.10.22 12:00:27 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.04.27 11:55:12 | 000,678,400 | ---- | M] () -- C:\Programme\IZArc\IZArcCM.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2005.02.16 00:44:24 | 000,412,672 | ---- | M] () -- C:\Programme\WinUHA\shellwinuha.dll
MOD - [2005.02.01 16:17:10 | 000,069,632 | ---- | M] () -- C:\Programme\3S Software\CoDeSys ENI Server\Drivers\ENIDrvFileSystem.edd
MOD - [2005.01.06 17:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2001.10.28 15:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Betriebsprogramme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.28 20:03:01 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.01 08:51:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.02.01 16:17:08 | 000,565,248 | ---- | M] (3S-Smart Software Solutions GmbH) [Auto | Running] -- C:\Programme\3S Software\CoDeSys ENI Server\ENI.exe -- (ENI Server)
SRV - [2004.12.16 13:33:24 | 000,544,825 | ---- | M] (3S-Smart Software Solutions GmbH) [On_Demand | Stopped] -- C:\Programme\3S Software\CoDeSys SP RTE\RTService.exe -- (RTService)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.15 12:58:28 | 007,493,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.06.28 20:03:02 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 20:03:02 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.07.09 16:23:03 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.09 16:23:02 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.07.07 07:13:10 | 000,012,032 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.09.24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005.03.03 18:53:57 | 000,048,640 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.02.23 16:59:54 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.12.16 12:38:26 | 000,298,043 | ---- | M] (3S - Smart Software Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\3SRTE.sys -- (3SRTE)
DRV - [2004.12.16 07:27:42 | 000,023,618 | ---- | M] (3S) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvAPIC.sys -- (RTIOdrvAPIC)
DRV - [2004.12.16 07:24:40 | 000,300,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvAutomata.sys -- (RTIOdrvAutomata)
DRV - [2004.12.06 14:56:40 | 000,057,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvHilscherDPM.sys -- (RTIOdrvHilscherDPM)
DRV - [2004.12.03 11:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2004.10.22 09:25:58 | 000,203,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvFC310x.sys -- (RTIOdrvFC310x)
DRV - [2004.10.18 06:43:28 | 000,030,268 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvHMS.sys -- (RTIOdrvHMS)
DRV - [2004.08.03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004.06.29 09:39:14 | 000,108,796 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvSJA.sys -- (RTIOdrvSJA)
DRV - [2004.04.14 10:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004.04.14 10:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004.04.14 10:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004.04.14 10:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2003.09.24 07:21:48 | 000,398,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvCP5613.sys -- (RTIOdrvCP5613)
DRV - [2002.07.29 10:31:16 | 000,218,956 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvApplicom.sys -- (RTIOdrvApplicom)
DRV - [2002.07.22 10:25:18 | 000,264,124 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ibpcimpm.sys -- (ibpcimpm)
DRV - [2002.07.17 07:35:22 | 000,080,756 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTIOdrvDAMP.sys -- (RTIOdrvDAMP)
DRV - [2001.08.17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.heute.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.heute.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: firefox@ghostery.com:2.5.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.3
FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://***/bibmedia/Downloads/bibliothek/proxy_pac-p-6656.pac"
FF - prefs.js..network.proxy.type: 2
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.06 09:36:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.02 00:01:27 | 000,000,000 | ---D | M]
 
[2011.02.11 22:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Extensions
[2011.02.11 22:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.14 11:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\nh7rzrgl.default\extensions
[2012.01.14 11:38:40 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\nh7rzrgl.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.11.05 16:10:09 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla\Firefox\Profiles\nh7rzrgl.default\extensions\firefox@ghostery.com
[2011.11.09 18:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.03.05 14:44:54 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Programme\Mozilla Firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NH7RZRGL.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.01.06 09:36:51 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011.05.06 10:12:24 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 10:12:24 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.05.06 10:12:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 10:12:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.06 10:12:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 10:12:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.04 16:52:50 | 000,307,229 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 10574 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Programme\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Betriebsprogramme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Andreas\Startmenü\Programme\Autostart\SpeedFan.lnk = C:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B922220B-3C7C-40AE-BD0F-5ECA4D0B7886}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.04 15:45:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{59e0c8f4-1fe4-11df-8b4c-0030843a9633}\Shell\AutoRun\command - "" = G:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Exif Launcher S.lnk -  - File not found
MsConfig - StartUpReg: Buskb - hkey= - key= -  File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: ENISysTray - hkey= - key= - C:\Programme\3S Software\CoDeSys ENI Server\ENISysTray.exe (3S-Smart Software Solutions GmbH)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: 35679699.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: 35679699.sys - Driver
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Flash Player 8
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.19 00:43:07 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Andreas\Recent
[2012.01.18 22:16:10 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.01.18 22:15:46 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Andreas\Desktop\esetsmartinstaller_enu.exe
[2012.01.18 15:02:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe
[2012.01.18 03:04:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012.01.17 00:07:44 | 000,000,000 | ---D | C] -- C:\Programme\Sierra On-Line
[2012.01.15 02:10:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\DemolitionInc
[2012.01.14 00:09:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Eigene Dateien\Tilted Mill
[2012.01.13 14:14:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\Somalian Syndrome
[2012.01.13 14:13:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Xvid
[2012.01.13 14:13:26 | 000,000,000 | ---D | C] -- C:\Programme\Xvid
[2012.01.04 19:59:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\dm-Fotowelt
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.19 09:37:47 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.19 09:37:46 | 000,000,322 | ---- | M] () -- C:\WINDOWS\tasks\Lrdqlhgvek.job
[2012.01.19 09:37:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.18 23:35:28 | 000,004,548 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012.01.18 22:15:48 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Andreas\Desktop\esetsmartinstaller_enu.exe
[2012.01.18 20:37:32 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\Msft_User_WpdMtpDr_01_00_00.Wdf
[2012.01.18 13:37:08 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\9y23y0kk.exe
[2012.01.18 13:27:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\defogger_reenable
[2012.01.18 11:58:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Andreas\Desktop\OTL.exe
[2012.01.18 03:04:48 | 000,118,784 | RHS- | M] () -- C:\WINDOWS\System32\perfprocg.dll
[2012.01.18 02:42:51 | 000,015,866 | ---- | M] () -- C:\monkey.s00
[2012.01.18 02:37:37 | 000,022,660 | ---- | M] () -- C:\atlantis.s01
[2012.01.18 02:33:59 | 000,024,103 | ---- | M] () -- C:\atlantis.s00
[2012.01.18 02:24:45 | 000,017,624 | ---- | M] () -- C:\zak.s01
[2012.01.18 02:22:48 | 000,016,167 | ---- | M] () -- C:\zak.s00
[2012.01.18 02:17:14 | 000,000,032 | ---- | M] () -- C:\WINDOWS\CD_Start.INI
[2012.01.17 01:40:54 | 000,000,249 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
[2012.01.17 00:42:25 | 000,021,840 | ---- | M] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012.01.17 00:42:25 | 000,017,212 | ---- | M] () -- C:\WINDOWS\System32\SIntf32.dll
[2012.01.17 00:42:25 | 000,012,067 | ---- | M] () -- C:\WINDOWS\System32\SIntf16.dll
[2012.01.16 09:30:19 | 000,000,882 | ---- | M] () -- C:\WINDOWS\wcx_ftp.ini
[2012.01.15 02:10:20 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2012.01.11 14:13:38 | 000,049,707 | ---- | M] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\Lebenslauf von Andreas Lang.pdf
[2012.01.09 11:17:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.18 13:39:33 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\9y23y0kk.exe
[2012.01.18 13:27:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\defogger_reenable
[2012.01.18 03:04:49 | 000,000,322 | ---- | C] () -- C:\WINDOWS\tasks\Lrdqlhgvek.job
[2012.01.18 03:04:48 | 000,118,784 | RHS- | C] () -- C:\WINDOWS\System32\perfprocg.dll
[2012.01.18 02:42:51 | 000,015,866 | ---- | C] () -- C:\monkey.s00
[2012.01.18 02:37:37 | 000,022,660 | ---- | C] () -- C:\atlantis.s01
[2012.01.18 02:33:59 | 000,024,103 | ---- | C] () -- C:\atlantis.s00
[2012.01.18 02:24:45 | 000,017,624 | ---- | C] () -- C:\zak.s01
[2012.01.18 02:22:48 | 000,016,167 | ---- | C] () -- C:\zak.s00
[2012.01.18 02:16:57 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2012.01.17 00:27:48 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2012.01.17 00:27:48 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2012.01.17 00:27:48 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2012.01.16 22:56:42 | 000,000,249 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2012.01.13 14:13:27 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012.01.13 14:13:27 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012.01.13 14:13:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2012.01.11 14:13:37 | 000,049,707 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Desktop\Lebenslauf von Andreas Lang.pdf
[2011.11.09 22:39:44 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OpenVideo.dll
[2011.11.09 22:39:32 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011.07.28 19:45:56 | 000,393,256 | ---- | C] () -- C:\WINDOWS\System32\CNQ2414N.DAT
[2011.05.28 01:59:31 | 000,300,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvAutomata.sys
[2011.05.28 01:59:31 | 000,264,124 | ---- | C] () -- C:\WINDOWS\System32\drivers\ibpcimpm.sys
[2011.05.28 01:59:31 | 000,203,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvFC310x.sys
[2011.05.28 01:59:31 | 000,108,796 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvSJA.sys
[2011.05.28 01:59:31 | 000,030,268 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvHMS.sys
[2011.05.28 01:59:30 | 000,398,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvCP5613.sys
[2011.05.28 01:59:30 | 000,218,956 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvApplicom.sys
[2011.05.28 01:59:30 | 000,080,756 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvDAMP.sys
[2011.05.28 01:59:30 | 000,057,936 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTIOdrvHilscherDPM.sys
[2011.05.28 01:59:15 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\callrproxy.dll
[2011.05.28 01:59:15 | 000,060,416 | ---- | C] () -- C:\WINDOWS\System32\OPCENUM.EXE
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011.03.13 02:39:19 | 001,872,916 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-527237240-1220945662-839522115-1003-0.dat
[2011.03.13 02:39:18 | 000,289,054 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011.03.01 19:55:51 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\PnkBstrK.sys
[2011.03.01 19:55:31 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2011.01.10 22:52:45 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.07.07 23:13:49 | 000,002,070 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2010.06.19 22:38:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010.06.19 22:38:26 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2010.04.27 18:22:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.02.15 00:23:03 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010.02.15 00:23:02 | 000,243,168 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010.02.15 00:23:02 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010.02.15 00:10:21 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010.02.10 22:03:16 | 000,612,608 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.02.10 11:32:13 | 000,000,882 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.10.13 18:47:04 | 000,062,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Andreas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.02 21:14:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FE.INI
[2009.08.30 02:56:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.08.11 15:31:53 | 000,000,144 | ---- | C] () -- C:\WINDOWS\PG3prefs.ini
[2009.06.11 11:01:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.06.08 15:49:27 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.06.08 15:49:27 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.06.04 22:49:07 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.06.04 22:49:02 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009.06.04 22:46:26 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009.06.04 22:15:44 | 000,000,910 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009.06.04 19:53:11 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.06.04 19:07:41 | 000,002,120 | R--- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2009.06.04 17:11:01 | 000,004,610 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.06.04 17:10:57 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.06.04 16:35:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.06.04 16:35:23 | 000,004,548 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.06.04 16:34:39 | 000,308,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.06.04 16:14:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.06.04 16:08:00 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009.06.04 15:46:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.06.04 15:42:29 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.08.05 22:14:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ATIBRTMON.EXE
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.09.02 14:30:50 | 000,520,090 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.09.02 14:30:50 | 000,496,094 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.09.02 14:30:50 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.09.02 14:30:50 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.09.02 14:30:50 | 000,101,506 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.09.02 14:30:50 | 000,084,578 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.09.02 14:30:50 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.09.02 14:30:50 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.09.02 14:30:40 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.09.02 14:30:20 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.09.02 14:30:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.09.02 14:29:32 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.09.02 14:29:12 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001.08.23 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.08.05 23:25:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2011.07.28 19:50:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJ
[2011.07.28 19:47:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2009.12.08 15:35:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2009.07.14 22:54:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Pro
[2011.11.27 23:50:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dbg
[2011.06.06 00:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Logs
[2010.06.19 22:38:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2009.07.09 16:39:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages
[2012.01.04 20:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2010.03.05 19:56:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Academic Software Zurich
[2009.08.05 23:28:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Ashampoo
[2011.07.28 19:47:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Canon
[2011.03.12 13:09:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Dev-Cpp
[2011.10.12 21:46:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DVDVideoSoft
[2011.10.12 21:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.09.28 13:37:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\FUJIFILM
[2011.06.06 00:00:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Kalypso Media
[2011.08.31 01:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mount&Blade
[2011.04.16 18:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ProtectDISC
[2011.11.29 13:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\QuickScan
[2010.12.21 23:50:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Serif
[2012.01.03 11:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\The Creative Assembly
[2011.11.30 13:26:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Tropico 3
[2012.01.19 09:37:46 | 000,000,322 | ---- | M] () -- C:\WINDOWS\Tasks\Lrdqlhgvek.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.03.05 19:56:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Academic Software Zurich
[2009.07.22 13:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Adobe
[2009.08.05 23:28:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Ashampoo
[2010.02.15 00:26:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ATI
[2011.05.07 13:03:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Avira
[2011.07.28 19:47:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Canon
[2009.06.04 19:01:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\CyberLink
[2011.03.12 13:09:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Dev-Cpp
[2010.05.10 18:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DivX
[2011.10.12 21:46:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DVDVideoSoft
[2011.10.12 21:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.09.28 13:37:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\FUJIFILM
[2011.11.08 13:49:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Google
[2009.10.02 21:11:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Help
[2009.06.04 15:48:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Identities
[2009.06.04 17:11:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\InstallShield
[2011.06.06 00:00:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Kalypso Media
[2012.01.19 10:31:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Macromedia
[2011.11.29 12:44:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Malwarebytes
[2010.08.30 15:40:53 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Microsoft
[2011.03.13 12:29:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Microsoft Corporation
[2011.08.31 01:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mount&Blade
[2009.08.30 02:57:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Mozilla
[2011.04.16 18:55:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\ProtectDISC
[2011.11.29 13:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\QuickScan
[2009.10.30 01:40:15 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\SecuROM
[2010.12.21 23:50:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Serif
[2010.04.11 18:17:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Sun
[2012.01.03 11:19:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\The Creative Assembly
[2011.11.30 13:26:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Tropico 3
[2011.06.06 13:26:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Winamp
[2010.05.18 23:30:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.11.08 18:13:05 | 000,020,742 | R--- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Microsoft\Installer\{038936C2-9156-4FFC-A9E8-BB0E401AF01D}\_21F3885A18D238E15AAE81.exe
[2011.11.08 18:13:06 | 000,020,742 | R--- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Microsoft\Installer\{038936C2-9156-4FFC-A9E8-BB0E401AF01D}\_4926E6BE86013F20D231BA.exe
[2011.11.08 18:13:05 | 000,020,742 | R--- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Microsoft\Installer\{038936C2-9156-4FFC-A9E8-BB0E401AF01D}\_6FEFF9B68218417F98F549.exe
[2011.11.08 18:13:06 | 000,003,262 | R--- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Microsoft\Installer\{038936C2-9156-4FFC-A9E8-BB0E401AF01D}\_8811A8B8685F4F8E155515.exe
[2011.11.08 18:13:06 | 000,020,742 | R--- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Microsoft\Installer\{038936C2-9156-4FFC-A9E8-BB0E401AF01D}\_93173674FA5661DBD59935.exe
[2009.06.05 00:45:52 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Microsoft\Installer\{322699FF-9732-4146-AA83-17FADE68CE98}\ARPPRODUCTICON.exe
[2009.07.09 21:33:01 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
[2009.06.05 00:45:27 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Dokumente und Einstellungen\Andreas\Anwendungsdaten\Microsoft\Installer\{BBD49DF4-8156-4A5B-9C8D-285B37ED7ECF}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.03 23:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVGTS.SYS  >
[2008.08.18 18:54:52 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=37954CD1D0AFC11BECD149F7C3EC88C2 -- C:\Raid\TreiberNEU\Floppy_IN73W\XP2K_RAID\nvgts.sys
[2008.08.18 18:54:52 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=37954CD1D0AFC11BECD149F7C3EC88C2 -- C:\Raid\TreiberNEU\SATA2_XP(NF_1611_SATA)\IDE\WinXP\sataraid\nvgts.sys
[2007.10.31 04:22:06 | 000,107,008 | ---- | M] (NVIDIA Corporation) MD5=C59D85C0DBCCF4610C58B599083D454D -- C:\Raid\Drivers\ALL in 1\nVIDIA\XP_2K(NF_1611_Novga)\IDE\WinXP\sata_ide\nvgts.sys
[2007.10.31 04:22:06 | 000,107,008 | ---- | M] (NVIDIA Corporation) MD5=C59D85C0DBCCF4610C58B599083D454D -- C:\Raid\Drivers\ALL in 1\nVIDIA\XP_2K(NF_1611_Novga)\IDE\WinXP\sataraid\nvgts.sys
[2007.10.31 04:22:06 | 000,107,008 | ---- | M] (NVIDIA Corporation) MD5=C59D85C0DBCCF4610C58B599083D454D -- C:\Raid\Drivers\Serial ATA For Floppy Disk\nVIDIA\XP2K_AHCI\nvgts.sys
[2007.10.31 04:22:06 | 000,107,008 | ---- | M] (NVIDIA Corporation) MD5=C59D85C0DBCCF4610C58B599083D454D -- C:\Raid\Drivers\Serial ATA For Floppy Disk\nVIDIA\XP2K_RAID\nvgts.sys
[2008.08.18 18:54:24 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\Raid\TreiberNEU\Floppy_IN73W\XP2K_AHCI\nvgts.sys
[2008.08.18 18:54:24 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\Raid\TreiberNEU\SATA2_XP(NF_1611_SATA)\IDE\WinXP\sata_ide\nvgts.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.08.18 18:58:42 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=2A0CC26D67B38460CC7563BC8313C1D6 -- C:\Raid\TreiberNEU\Floppy_IN73W\VISTA_RAID\nvstor32.sys
[2007.10.31 04:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Raid\Drivers\Serial ATA For Floppy Disk\nVIDIA\VISTA_AHCI\nvstor32.sys
[2007.10.31 04:23:20 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=4876E7C3184BDF50EDE043FEF616B867 -- C:\Raid\i386\AHCI_Vista\nvstor32.sys
[2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EE374B6FB3CB2BB8D70395218B464A5 -- C:\Raid\TreiberNEU\Floppy_IN73W\VISTA_AHCI\nvstor32.sys
[2007.10.31 04:23:22 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=9D2BD672C0461185D6EA1AE8BD3AE3F4 -- C:\Raid\Drivers\Serial ATA For Floppy Disk\nVIDIA\VISTA_RAID\nvstor32.sys
[2007.10.31 04:23:22 | 000,115,744 | ---- | M] (NVIDIA Corporation) MD5=9D2BD672C0461185D6EA1AE8BD3AE3F4 -- C:\Raid\i386\RAID_Vista\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.03 23:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.09.02 14:31:52 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.09.02 14:31:52 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2009.06.04 17:33:57 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.06.04 17:33:57 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.06.04 17:33:57 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2012.01.18 03:04:48 | 000,118,784 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\perfprocg.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

cosinus · 19.01.2012, 11:24

Zitat:

DhcpNameServer = 192.168.1.1

Du hast einen Router.
Wurde da das Adminpasswort geändert?
Wenn nicht, setz diesen Router auf Werkseinstellungen zurück und konfiguriere ihn neu. Wichtig ist, dass du das unsichere vordefinierte Adminkennwort zum Router änderst!

preusse · 19.01.2012, 11:49

Zitat:

Zitat von cosinus

Du hast einen Router.
Wurde da das Adminpasswort geändert?
Wenn nicht, setz diesen Router auf Werkseinstellungen zurück und konfiguriere ihn neu. Wichtig ist, dass du das unsichere vordefinierte Adminkennwort zum Router änderst!

Das Passwort hatte ich damals geändert.
Dennoch habe ich es eben noch mal geändert.

cosinus · 19.01.2012, 12:16

Von den Werkseinstellungen erwähnst du leider garnix

preusse · 19.01.2012, 12:20

Sorry, hatte ich vergessen zu erwähnen.

Ich habe den Router zurückgesetzt und ein neues Passwort eingerichtet.

cosinus · 19.01.2012, 13:14

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

preusse · 19.01.2012, 13:22

Hallo,

hier das gewünschte TDSS-Log:

Nebenbei möchte ich mich bei Dir bedanken, dass Du dich meines Problems annimmst. Danke!

Code:

ATTFilter

13:20:56.0000 3632	TDSS rootkit removing tool 2.7.5.0 Jan 18 2012 09:26:24
13:20:56.0046 3632	============================================================
13:20:56.0046 3632	Current date / time: 2012/01/19 13:20:56.0046
13:20:56.0046 3632	SystemInfo:
13:20:56.0046 3632	
13:20:56.0046 3632	OS Version: 5.1.2600 ServicePack: 3.0
13:20:56.0046 3632	Product type: Workstation
13:20:56.0046 3632	ComputerName: ANDI
13:20:56.0046 3632	UserName: Andreas
13:20:56.0046 3632	Windows directory: C:\WINDOWS
13:20:56.0046 3632	System windows directory: C:\WINDOWS
13:20:56.0046 3632	Processor architecture: Intel x86
13:20:56.0046 3632	Number of processors: 4
13:20:56.0046 3632	Page size: 0x1000
13:20:56.0046 3632	Boot type: Normal boot
13:20:56.0046 3632	============================================================
13:20:57.0109 3632	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:20:57.0125 3632	Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:20:57.0187 3632	Initialize success
13:21:31.0171 3348	============================================================
13:21:31.0171 3348	Scan started
13:21:31.0171 3348	Mode: Manual; SigCheck; TDLFS; 
13:21:31.0171 3348	============================================================
13:21:31.0484 3348	3SRTE           (75c4f529679d9862fa5fb306a357af35) C:\WINDOWS\system32\drivers\3SRTE.sys
13:21:31.0609 3348	3SRTE ( UnsignedFile.Multi.Generic ) - warning
13:21:31.0609 3348	3SRTE - detected UnsignedFile.Multi.Generic (1)
13:21:31.0625 3348	Abiosdsk - ok
13:21:31.0640 3348	abp480n5 - ok
13:21:31.0671 3348	acedrv11        (e6f53d6c0dea3d375362265e175ca638) C:\WINDOWS\system32\drivers\acedrv11.sys
13:21:31.0734 3348	acedrv11 - ok
13:21:31.0765 3348	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:21:32.0343 3348	ACPI - ok
13:21:32.0390 3348	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:21:32.0484 3348	ACPIEC - ok
13:21:32.0500 3348	adpu160m - ok
13:21:32.0531 3348	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:21:32.0625 3348	aec - ok
13:21:32.0640 3348	AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
13:21:32.0718 3348	AFD - ok
13:21:32.0734 3348	Aha154x - ok
13:21:32.0750 3348	aic78u2 - ok
13:21:32.0750 3348	aic78xx - ok
13:21:32.0765 3348	AliIde - ok
13:21:32.0781 3348	amsint - ok
13:21:32.0796 3348	asc - ok
13:21:32.0812 3348	asc3350p - ok
13:21:32.0812 3348	asc3550 - ok
13:21:32.0843 3348	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:21:32.0921 3348	AsyncMac - ok
13:21:32.0953 3348	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:21:33.0031 3348	atapi - ok
13:21:33.0046 3348	Atdisk - ok
13:21:33.0250 3348	ati2mtag        (c832bf76f003999d2e91e5115583c69e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:21:33.0578 3348	ati2mtag - ok
13:21:33.0656 3348	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys
13:21:33.0656 3348	atksgt - ok
13:21:33.0703 3348	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:21:33.0781 3348	Atmarpc - ok
13:21:33.0812 3348	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:21:33.0890 3348	audstub - ok
13:21:33.0937 3348	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:21:33.0937 3348	avgio - ok
13:21:33.0968 3348	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:21:33.0968 3348	avgntflt - ok
13:21:33.0984 3348	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:21:34.0000 3348	avipbb - ok
13:21:34.0015 3348	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:21:34.0093 3348	Beep - ok
13:21:34.0125 3348	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:21:34.0218 3348	cbidf2k - ok
13:21:34.0296 3348	cd20xrnt - ok
13:21:34.0312 3348	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:21:34.0406 3348	Cdaudio - ok
13:21:34.0437 3348	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:21:34.0515 3348	Cdfs - ok
13:21:34.0546 3348	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:21:34.0625 3348	Cdrom - ok
13:21:34.0640 3348	Changer - ok
13:21:34.0656 3348	CmdIde - ok
13:21:34.0671 3348	Cpqarray - ok
13:21:34.0718 3348	cpuz130 - ok
13:21:34.0734 3348	dac2w2k - ok
13:21:34.0750 3348	dac960nt - ok
13:21:34.0765 3348	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:21:34.0828 3348	Disk - ok
13:21:34.0875 3348	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:21:34.0984 3348	dmboot - ok
13:21:35.0015 3348	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:21:35.0109 3348	dmio - ok
13:21:35.0125 3348	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:21:35.0203 3348	dmload - ok
13:21:35.0234 3348	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:21:35.0296 3348	DMusic - ok
13:21:35.0375 3348	dpti2o - ok
13:21:35.0406 3348	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:21:35.0484 3348	drmkaud - ok
13:21:35.0515 3348	ENTECH          (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
13:21:35.0515 3348	ENTECH - ok
13:21:35.0546 3348	es1371          (a55dd7d8ced5d2624a9ee2dda7be0319) C:\WINDOWS\system32\drivers\es1371mp.sys
13:21:35.0640 3348	es1371 - ok
13:21:35.0671 3348	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:21:35.0750 3348	Fastfat - ok
13:21:35.0765 3348	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
13:21:35.0859 3348	Fdc - ok
13:21:35.0875 3348	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:21:35.0953 3348	Fips - ok
13:21:35.0968 3348	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:21:36.0046 3348	Flpydisk - ok
13:21:36.0078 3348	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:21:36.0156 3348	FltMgr - ok
13:21:36.0171 3348	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:21:36.0250 3348	Fs_Rec - ok
13:21:36.0265 3348	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:21:36.0343 3348	Ftdisk - ok
13:21:36.0359 3348	gameenum        (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
13:21:36.0437 3348	gameenum - ok
13:21:36.0453 3348	giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
13:21:36.0468 3348	giveio ( UnsignedFile.Multi.Generic ) - warning
13:21:36.0468 3348	giveio - detected UnsignedFile.Multi.Generic (1)
13:21:36.0546 3348	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:21:36.0625 3348	Gpc - ok
13:21:36.0656 3348	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:21:36.0734 3348	HDAudBus - ok
13:21:36.0750 3348	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:21:36.0828 3348	HidUsb - ok
13:21:36.0828 3348	hpn - ok
13:21:36.0843 3348	hpt3xx - ok
13:21:36.0875 3348	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
13:21:36.0937 3348	HTTP - ok
13:21:36.0953 3348	i2omgmt - ok
13:21:36.0968 3348	i2omp - ok
13:21:36.0984 3348	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:21:37.0062 3348	i8042prt - ok
13:21:37.0109 3348	ibpcimpm        (e3dfd445aa6f1d52a0d1e7c1a936f374) C:\WINDOWS\system32\drivers\ibpcimpm.sys
13:21:37.0125 3348	ibpcimpm ( UnsignedFile.Multi.Generic ) - warning
13:21:37.0125 3348	ibpcimpm - detected UnsignedFile.Multi.Generic (1)
13:21:37.0140 3348	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:21:37.0218 3348	Imapi - ok
13:21:37.0234 3348	ini910u - ok
13:21:37.0250 3348	IntelIde - ok
13:21:37.0281 3348	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:21:37.0343 3348	intelppm - ok
13:21:37.0375 3348	ip6fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:21:37.0453 3348	ip6fw - ok
13:21:37.0484 3348	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:21:37.0578 3348	IpFilterDriver - ok
13:21:37.0593 3348	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:21:37.0671 3348	IpInIp - ok
13:21:37.0687 3348	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:21:37.0765 3348	IpNat - ok
13:21:37.0843 3348	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:21:37.0921 3348	IPSec - ok
13:21:37.0937 3348	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:21:38.0015 3348	IRENUM - ok
13:21:38.0046 3348	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:21:38.0125 3348	isapnp - ok
13:21:38.0140 3348	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:21:38.0218 3348	Kbdclass - ok
13:21:38.0250 3348	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:21:38.0328 3348	kbdhid - ok
13:21:38.0343 3348	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:21:38.0421 3348	kmixer - ok
13:21:38.0437 3348	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
13:21:38.0515 3348	KSecDD - ok
13:21:38.0515 3348	lbrtfdc - ok
13:21:38.0546 3348	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
13:21:38.0562 3348	lirsgt - ok
13:21:38.0578 3348	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:21:38.0578 3348	MBAMProtector - ok
13:21:38.0609 3348	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:21:38.0687 3348	mnmdd - ok
13:21:38.0718 3348	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:21:38.0796 3348	Modem - ok
13:21:38.0812 3348	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:21:38.0875 3348	Mouclass - ok
13:21:38.0906 3348	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:21:39.0000 3348	mouhid - ok
13:21:39.0078 3348	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:21:39.0156 3348	MountMgr - ok
13:21:39.0171 3348	mraid35x - ok
13:21:39.0187 3348	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:21:39.0265 3348	MRxDAV - ok
13:21:39.0296 3348	MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:21:39.0375 3348	MRxSmb - ok
13:21:39.0390 3348	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:21:39.0484 3348	Msfs - ok
13:21:39.0500 3348	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:21:39.0578 3348	MSKSSRV - ok
13:21:39.0609 3348	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:21:39.0671 3348	MSPCLOCK - ok
13:21:39.0687 3348	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:21:39.0765 3348	MSPQM - ok
13:21:39.0796 3348	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:21:39.0875 3348	mssmbios - ok
13:21:39.0875 3348	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:21:39.0953 3348	Mup - ok
13:21:39.0968 3348	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:21:40.0046 3348	NDIS - ok
13:21:40.0062 3348	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:21:40.0140 3348	NdisTapi - ok
13:21:40.0156 3348	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:21:40.0250 3348	Ndisuio - ok
13:21:40.0265 3348	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:21:40.0328 3348	NdisWan - ok
13:21:40.0343 3348	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
13:21:40.0421 3348	NDProxy - ok
13:21:40.0484 3348	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:21:40.0562 3348	NetBIOS - ok
13:21:40.0593 3348	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:21:40.0671 3348	NetBT - ok
13:21:40.0687 3348	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:21:40.0765 3348	Npfs - ok
13:21:40.0796 3348	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:21:40.0890 3348	Ntfs - ok
13:21:40.0921 3348	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:21:41.0000 3348	Null - ok
13:21:41.0031 3348	nvsmu           (7ec12a73067baca25a8e3e2a58ae83d8) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
13:21:41.0062 3348	nvsmu - ok
13:21:41.0093 3348	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:21:41.0171 3348	NwlnkFlt - ok
13:21:41.0187 3348	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:21:41.0281 3348	NwlnkFwd - ok
13:21:41.0296 3348	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:21:41.0375 3348	Parport - ok
13:21:41.0406 3348	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:21:41.0468 3348	PartMgr - ok
13:21:41.0500 3348	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:21:41.0578 3348	ParVdm - ok
13:21:41.0640 3348	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:21:41.0718 3348	PCI - ok
13:21:41.0734 3348	PCIDump - ok
13:21:41.0750 3348	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:21:41.0828 3348	PCIIde - ok
13:21:41.0859 3348	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:21:41.0937 3348	Pcmcia - ok
13:21:41.0953 3348	PDCOMP - ok
13:21:41.0968 3348	PDFRAME - ok
13:21:41.0968 3348	PDRELI - ok
13:21:41.0984 3348	PDRFRAME - ok
13:21:42.0000 3348	perc2 - ok
13:21:42.0015 3348	perc2hib - ok
13:21:42.0062 3348	pnicml - ok
13:21:42.0093 3348	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:21:42.0171 3348	PptpMiniport - ok
13:21:42.0187 3348	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:21:42.0265 3348	Processor - ok
13:21:42.0281 3348	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:21:42.0359 3348	PSched - ok
13:21:42.0375 3348	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:21:42.0468 3348	Ptilink - ok
13:21:42.0484 3348	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:21:42.0500 3348	PxHelp20 - ok
13:21:42.0500 3348	ql1080 - ok
13:21:42.0515 3348	Ql10wnt - ok
13:21:42.0515 3348	ql12160 - ok
13:21:42.0531 3348	ql1240 - ok
13:21:42.0546 3348	ql1280 - ok
13:21:42.0562 3348	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:21:42.0656 3348	RasAcd - ok
13:21:42.0671 3348	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:21:42.0750 3348	Rasl2tp - ok
13:21:42.0765 3348	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:21:42.0828 3348	RasPppoe - ok
13:21:42.0859 3348	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:21:42.0937 3348	Raspti - ok
13:21:43.0015 3348	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:21:43.0109 3348	Rdbss - ok
13:21:43.0125 3348	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:21:43.0203 3348	RDPCDD - ok
13:21:43.0234 3348	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:21:43.0312 3348	rdpdr - ok
13:21:43.0359 3348	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:21:43.0453 3348	RDPWD - ok
13:21:43.0468 3348	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:21:43.0546 3348	redbook - ok
13:21:43.0593 3348	RTIOdrvAPIC     (283afeacb5bfbaf3f837950cced74790) C:\WINDOWS\system32\drivers\RTIOdrvAPIC.sys
13:21:43.0609 3348	RTIOdrvAPIC ( UnsignedFile.Multi.Generic ) - warning
13:21:43.0609 3348	RTIOdrvAPIC - detected UnsignedFile.Multi.Generic (1)
13:21:43.0640 3348	RTIOdrvApplicom (62717d3b4cadf16a44b15260a05e9cb0) C:\WINDOWS\system32\drivers\RTIOdrvApplicom.sys
13:21:43.0656 3348	RTIOdrvApplicom ( UnsignedFile.Multi.Generic ) - warning
13:21:43.0656 3348	RTIOdrvApplicom - detected UnsignedFile.Multi.Generic (1)
13:21:43.0703 3348	RTIOdrvAutomata (c48a8ef4d156332793b6200c44c2c74c) C:\WINDOWS\system32\drivers\RTIOdrvAutomata.sys
13:21:43.0703 3348	RTIOdrvAutomata ( UnsignedFile.Multi.Generic ) - warning
13:21:43.0703 3348	RTIOdrvAutomata - detected UnsignedFile.Multi.Generic (1)
13:21:43.0796 3348	RTIOdrvCP5613   (c1d2c371f81ce63ebd3d5122f5f13807) C:\WINDOWS\system32\drivers\RTIOdrvCP5613.sys
13:21:43.0812 3348	RTIOdrvCP5613 ( UnsignedFile.Multi.Generic ) - warning
13:21:43.0812 3348	RTIOdrvCP5613 - detected UnsignedFile.Multi.Generic (1)
13:21:43.0843 3348	RTIOdrvDAMP     (328da1f5d31f59af2175bb01d037dbdf) C:\WINDOWS\system32\drivers\RTIOdrvDAMP.sys
13:21:43.0859 3348	RTIOdrvDAMP ( UnsignedFile.Multi.Generic ) - warning
13:21:43.0859 3348	RTIOdrvDAMP - detected UnsignedFile.Multi.Generic (1)
13:21:43.0906 3348	RTIOdrvFC310x   (e54a12f9ea1bad183685b2d6c253f828) C:\WINDOWS\system32\drivers\RTIOdrvFC310x.sys
13:21:43.0921 3348	RTIOdrvFC310x ( UnsignedFile.Multi.Generic ) - warning
13:21:43.0921 3348	RTIOdrvFC310x - detected UnsignedFile.Multi.Generic (1)
13:21:43.0953 3348	RTIOdrvHilscherDPM (67c113528a8c15d4339c7e48967fb53a) C:\WINDOWS\system32\drivers\RTIOdrvHilscherDPM.sys
13:21:43.0968 3348	RTIOdrvHilscherDPM ( UnsignedFile.Multi.Generic ) - warning
13:21:43.0968 3348	RTIOdrvHilscherDPM - detected UnsignedFile.Multi.Generic (1)
13:21:44.0000 3348	RTIOdrvHMS      (f0dbb33048d66857ce4033ee5abc6f31) C:\WINDOWS\system32\drivers\RTIOdrvHMS.sys
13:21:44.0015 3348	RTIOdrvHMS ( UnsignedFile.Multi.Generic ) - warning
13:21:44.0015 3348	RTIOdrvHMS - detected UnsignedFile.Multi.Generic (1)
13:21:44.0046 3348	RTIOdrvSJA      (5fce4a4eda4b8c0f7cdcd65b36d5f7a0) C:\WINDOWS\system32\drivers\RTIOdrvSJA.sys
13:21:44.0062 3348	RTIOdrvSJA ( UnsignedFile.Multi.Generic ) - warning
13:21:44.0062 3348	RTIOdrvSJA - detected UnsignedFile.Multi.Generic (1)
13:21:44.0078 3348	rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
13:21:44.0156 3348	rtl8139 - ok
13:21:44.0187 3348	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:21:44.0265 3348	Secdrv - ok
13:21:44.0328 3348	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:21:44.0390 3348	serenum - ok
13:21:44.0421 3348	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:21:44.0500 3348	Serial - ok
13:21:44.0531 3348	sfdrv01         (00de597b81b381053cb5b21a7f20e365) C:\WINDOWS\system32\drivers\sfdrv01.sys
13:21:44.0546 3348	sfdrv01 ( UnsignedFile.Multi.Generic ) - warning
13:21:44.0546 3348	sfdrv01 - detected UnsignedFile.Multi.Generic (1)
13:21:44.0562 3348	sfhlp02         (64b9ab76f1b16eb059cb6cdd906c067a) C:\WINDOWS\system32\drivers\sfhlp02.sys
13:21:44.0578 3348	sfhlp02 ( UnsignedFile.Multi.Generic ) - warning
13:21:44.0578 3348	sfhlp02 - detected UnsignedFile.Multi.Generic (1)
13:21:44.0593 3348	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:21:44.0656 3348	Sfloppy - ok
13:21:44.0671 3348	sfsync02        (798d918d8f20380008277ce3ce5319d1) C:\WINDOWS\system32\drivers\sfsync02.sys
13:21:44.0687 3348	sfsync02 ( UnsignedFile.Multi.Generic ) - warning
13:21:44.0687 3348	sfsync02 - detected UnsignedFile.Multi.Generic (1)
13:21:44.0703 3348	Simbad - ok
13:21:44.0718 3348	Sparrow - ok
13:21:44.0734 3348	speedfan        (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
13:21:44.0734 3348	speedfan ( UnsignedFile.Multi.Generic ) - warning
13:21:44.0734 3348	speedfan - detected UnsignedFile.Multi.Generic (1)
13:21:44.0765 3348	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:21:44.0843 3348	splitter - ok
13:21:44.0859 3348	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:21:44.0953 3348	sr - ok
13:21:44.0968 3348	Srv             (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
13:21:45.0062 3348	Srv - ok
13:21:45.0078 3348	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:21:45.0093 3348	ssmdrv - ok
13:21:45.0109 3348	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:21:45.0187 3348	swenum - ok
13:21:45.0203 3348	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:21:45.0296 3348	swmidi - ok
13:21:45.0359 3348	symc810 - ok
13:21:45.0375 3348	symc8xx - ok
13:21:45.0390 3348	sym_hi - ok
13:21:45.0390 3348	sym_u3 - ok
13:21:45.0421 3348	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:21:45.0500 3348	sysaudio - ok
13:21:45.0531 3348	Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:21:45.0609 3348	Tcpip - ok
13:21:45.0640 3348	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:21:45.0718 3348	TDPIPE - ok
13:21:45.0750 3348	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:21:45.0828 3348	TDTCP - ok
13:21:45.0828 3348	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:21:45.0906 3348	TermDD - ok
13:21:45.0921 3348	TosIde - ok
13:21:45.0937 3348	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:21:46.0015 3348	Udfs - ok
13:21:46.0031 3348	ultra - ok
13:21:46.0062 3348	UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) E:\Betriebsprogramme\Unlocker\UnlockerDriver5.sys
13:21:46.0078 3348	UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
13:21:46.0078 3348	UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
13:21:46.0109 3348	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:21:46.0187 3348	Update - ok
13:21:46.0218 3348	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:21:46.0296 3348	usbehci - ok
13:21:46.0312 3348	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:21:46.0375 3348	usbhub - ok
13:21:46.0406 3348	usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:21:46.0468 3348	usbohci - ok
13:21:46.0484 3348	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:21:46.0562 3348	usbprint - ok
13:21:46.0578 3348	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:21:46.0656 3348	usbscan - ok
13:21:46.0687 3348	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:21:46.0750 3348	USBSTOR - ok
13:21:46.0812 3348	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:21:46.0890 3348	VgaSave - ok
13:21:46.0906 3348	ViaIde - ok
13:21:46.0937 3348	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:21:47.0015 3348	VolSnap - ok
13:21:47.0031 3348	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:21:47.0109 3348	Wanarp - ok
13:21:47.0125 3348	WDICA - ok
13:21:47.0140 3348	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:21:47.0218 3348	wdmaud - ok
13:21:47.0265 3348	WmBEnum         (bc3ecbcb40147bdae3ad2fd0b4b346d8) C:\WINDOWS\system32\drivers\WmBEnum.sys
13:21:47.0281 3348	WmBEnum - ok
13:21:47.0296 3348	WmFilter        (19f9881d8b3484fedb605d0216876898) C:\WINDOWS\system32\drivers\WmFilter.sys
13:21:47.0328 3348	WmFilter - ok
13:21:47.0343 3348	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:21:47.0421 3348	WmiAcpi - ok
13:21:47.0437 3348	WmVirHid        (7a51545a6409a25eedbdbd97d019e8cc) C:\WINDOWS\system32\drivers\WmVirHid.sys
13:21:47.0468 3348	WmVirHid - ok
13:21:47.0468 3348	WmXlCore        (1f083b3bc73017e60c3ca85cf4a70753) C:\WINDOWS\system32\drivers\WmXlCore.sys
13:21:47.0484 3348	WmXlCore - ok
13:21:47.0515 3348	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:21:47.0546 3348	WpdUsb - ok
13:21:47.0625 3348	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:21:47.0718 3348	WS2IFSL - ok
13:21:47.0750 3348	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:21:47.0781 3348	WudfPf - ok
13:21:47.0796 3348	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:21:47.0812 3348	WudfRd - ok
13:21:47.0843 3348	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:21:48.0000 3348	\Device\Harddisk0\DR0 - ok
13:21:48.0000 3348	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
13:21:48.0046 3348	\Device\Harddisk1\DR1 - ok
13:21:48.0046 3348	Boot (0x1200)   (c68d34be5dd1b83621ae3960b5517a1b) \Device\Harddisk0\DR0\Partition0
13:21:48.0046 3348	\Device\Harddisk0\DR0\Partition0 - ok
13:21:48.0046 3348	Boot (0x1200)   (d665c0c9469b691eb7741a5b366e7121) \Device\Harddisk1\DR1\Partition0
13:21:48.0046 3348	\Device\Harddisk1\DR1\Partition0 - ok
13:21:48.0046 3348	============================================================
13:21:48.0046 3348	Scan finished
13:21:48.0046 3348	============================================================
13:21:48.0156 3340	Detected object count: 17
13:21:48.0156 3340	Actual detected object count: 17
13:22:24.0703 3340	3SRTE ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	3SRTE ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0703 3340	giveio ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0703 3340	ibpcimpm ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	ibpcimpm ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0703 3340	RTIOdrvAPIC ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	RTIOdrvAPIC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0703 3340	RTIOdrvApplicom ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	RTIOdrvApplicom ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0703 3340	RTIOdrvAutomata ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	RTIOdrvAutomata ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0703 3340	RTIOdrvCP5613 ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	RTIOdrvCP5613 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0703 3340	RTIOdrvDAMP ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	RTIOdrvDAMP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0703 3340	RTIOdrvFC310x ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	RTIOdrvFC310x ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0703 3340	RTIOdrvHilscherDPM ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	RTIOdrvHilscherDPM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0703 3340	RTIOdrvHMS ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	RTIOdrvHMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0703 3340	RTIOdrvSJA ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	RTIOdrvSJA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0703 3340	sfdrv01 ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0703 3340	sfdrv01 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0718 3340	sfhlp02 ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0718 3340	sfhlp02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0718 3340	sfsync02 ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0718 3340	sfsync02 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0718 3340	speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0718 3340	speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:24.0718 3340	UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:24.0718 3340	UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 19.01.2012, 16:32

Alles ziemlich unauffällig. Hast du das Problem nur dem Firefox oder auch mit anderen Browser?

preusse · 19.01.2012, 17:51

Ich habe da eine weitere interessante Beobachtung gemacht.

Da ich nur den Firefox auf meinem Rechner habe, holte ich mir Chrome von chip.de, um deine Frage beantworten zu können.

Ich installierte Chrome und testete gleich mal google. Hier wurden keine Falschweiterleitungen durchgeführt. Bei Firefox blieb der Fehler bestehen.

Ich startet meinen Computer neu, um es gleich nochmal auszuprobieren. Doch jetzt war der Fehler auch in Chrome vorhanden. Verdammt, dachte ich und deinstallierte Chrome sofort.

und jetzt kommst...

Als ich direkt nach der Deinstallation von Chrome Firefox benutzte um zu googeln, war der Fehler weg!

Erst mit einem weiteren Neustart des Systems war der Fehler wieder vorhanden. Jedoch lässt sich das oben beschriebene Prozedere beliebig oft mit Erfolg wiederholen.

Ich hoffe, das hilft uns irgendwie weiter.

18.01.2012, 21:09	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Googlelinks führen zu nicht erwünschten Seiten Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt? Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind. __________________ __________________

19.01.2012, 12:16	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Googlelinks führen zu nicht erwünschten Seiten Von den Werkseinstellungen erwähnst du leider garnix __________________ Logfiles bitte immer in CODE-Tags posten

19.01.2012, 16:32	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Googlelinks führen zu nicht erwünschten Seiten Alles ziemlich unauffällig. Hast du das Problem nur dem Firefox oder auch mit anderen Browser? __________________ Logfiles bitte immer in CODE-Tags posten

Googlelinks führen zu nicht erwünschten Seiten

Log-Analyse und Auswertung: Googlelinks führen zu nicht erwünschten Seiten