Windows teilweise ohne Funktion, Rouge.FakeHDD, PUM.Hijack.StartMenu

lowi · 19.03.2012, 19:03

Guten Tag,
Habe heute beim Hochfahren meines Win7 Pro 32Bit einige Fehlermeldungen bekommen (So Meldungen wie Windows Delayed no access).
Zu guter letzt ging ein Fester auf das mich darauf hinwies das mein rechner (Disk, Ram, BootSector uvm.) Critical sei und ich die RepairPC Software kaufen solle.
Habe meherer male mit Malwarebytes (freie Version) das Systemüberprüft und bin nun dieses Programm(anscheinend) losgeworden. Hochfahren funktioniert und Internetzugriff ist auch OK.
Hatte den Avira drauf... Habe jetzt MSE
Im System sind ziemlich alle Dateien plötzlich ausgeblendet und es existiert plötzlich ein Ordner kees.SOEST im Users Ordner von Windows.
Im Startmenu sind zwar Ordner von Programmen zu sehen, jedoch sonst ist
alles weg (Dokumente, SysSteuerung, Drucker) nurnoch der Computer und die zwei drei Windows Progs, auch der Ordner zubehör ist weg, bei einem Rechtsklick auf Computer und dann Verwalten kommt die Fehlermeldung dass dieser link weg ist.

Habe mir die Rules durchgelesen und mal die Scans/Logs angehängt.
Hoffe ihr könnt mir helfen mein Windows zu reparieren...

[EDIT] Habe dieses Thema im Forum gefunden klingt wie mein Problem:
http://www.trojaner-board.de/111646-...k-problem.html
[/EDIT]

Erster Scan

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8289

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

19.03.2012 10:38:14
mbam-log-2012-03-19 (10-38-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 173066
Laufzeit: 6 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

2ter Scan

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
KFZ-Hummel :: KFZ-HUMMEL-PC [Administrator]

19.03.2012 13:01:43
mbam-log-2012-03-19 (13-01-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 194046
Laufzeit: 9 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\ldmtqETJLYi.exe (Rogue.FakeHDD) -> 3112 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ldmtqETJLYi.exe (Rogue.FakeHDD) -> Daten: C:\ProgramData\ldmtqETJLYi.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\ProgramData\ldmtqETJLYi.exe (Rogue.FakeHDD) -> Löschen bei Neustart.
C:\Users\KFZ-Hummel\AppData\Local\Temp\MoloEMcYWxtYwj.exe.tmp (Rogue.FakeHDD) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

3ter Scan

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
KFZ-Hummel :: KFZ-HUMMEL-PC [Administrator]

19.03.2012 15:02:57
mbam-log-2012-03-19 (15-02-57).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 194036
Laufzeit: 5 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

DDS Log

Code:

ATTFilter

.DDS Logfile:
DDS Logfile:

	Code: 

 ATTFilter

  
	DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.7601.17514  BrowserJavaVersion: 1.6.0_23
Run by KFZ-Hummel at 17:24:51 on 2012-03-19
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.2815.1911 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Windows\system32\crypserv.exe
c:\ElsaWin\bin\LcSvrAdm.exe
c:\ElsaWin\bin\LcSvrDba.exe
c:\ElsaWin\bin\LcSvrHis.exe
c:\ElsaWin\bin\LcSvrPas.exe
c:\ElsaWin\bin\LcSvrSaz.exe
C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
C:\Program Files\PTBSync\PTBSync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
D:\Program Files\SelectDoc\TBDBMS\tbmux32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\ElsaWin\bin\VSgate.exe
C:\PROGRA~1\ATRIS_~1\WORKSH~1.EXE
C:\Program Files\ATRis_Technik\jre\bin\java.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\conhost.exe
C:\Program Files\ATRis_Technik\sed.exe
C:\Windows\system32\SearchIndexer.exe
c:\ElsaWin\bin\LcSvrAuf.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [AshSnap] c:\program files\ashampoo snap 3\ashsnap.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Firefox] c:\program files\mozilla firefox\firefox.exe
mRun: [PTBSync] c:\program files\ptbsync\PTBSync.exe /Start
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\ malwarebytes anti-malware \mbam.exe" /runcleanupscript
mRun: [SedServer] "c:\program files\atris_technik\Sed.exe" server
StartupFolder: c:\users\kfz-hu~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\atriss~1.lnk - c:\atris_st\katcd\atris_st.exe
StartupFolder: c:\users\kfz-hu~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\netzma~1.lnk - c:\program files\netzmanager\netzmanager.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5D2DFF26-E8B0-43F6-9665-F5401428B568} : DhcpNameServer = 192.168.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: vw-wi - {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\elsawin\bin\wiprot.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\kfz-hummel\appdata\roaming\mozilla\firefox\profiles\p35xhquj.default\
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R2 LcSvrAdm;ELSA Administration Service;c:\elsawin\bin\LcSvrAdm.exe [2010-6-6 147456]
R2 LcSvrDba;ELSA DBA Server;c:\elsawin\bin\LcSvrDba.exe [2010-6-6 241664]
R2 LcSvrHis;ELSA Historie Server;c:\elsawin\bin\LcSvrHis.exe [2010-6-6 217088]
R2 LcSvrPAS;ELSA PASS Server;c:\elsawin\bin\LcSvrPas.exe [2010-6-6 368640]
R2 LcSvrSaz;ELSA APOSpro Server;c:\elsawin\bin\LcSvrSaz.exe [2010-6-6 258048]
R2 Netzmanager Service;Netzmanager Infrastruktur Informationssystem Dienst;c:\program files\netzmanager\nminfrais2\Netzmanager_Service.exe [2011-10-24 2565632]
R2 NSHE;Guardant Emulator Driver;c:\windows\system32\drivers\NSHE.SYS [2010-6-5 97792]
R2 SelectDoc DB;SelectDoc DB;d:\program files\selectdoc\tbdbms\tbmux32.exe [2011-11-25 401408]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-10-30 1021256]
R2 VSGate;ELSA Vaudis Service;c:\elsawin\bin\VSGate.exe [2010-6-6 81920]
R2 WinRing0_1_2_0;WinRing0 driver;c:\windows\system32\drivers\ptbring0.sys [2010-6-5 14416]
R2 WorkshopDBService;WorkshopDBService;c:\progra~1\atris_~1\worksh~1.exe -zglaxservice workshopdbservice --> c:\progra~1\atris_~1\WORKSH~1.EXE -zglaxservice WorkshopDBService [?]
R3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Driver;c:\windows\system32\drivers\avmcowan.sys [2009-7-13 64000]
R3 FPCIBASE;AVM FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [2009-7-13 559104]
R3 LcSvrAuf;ELSA Auftragsverwaltungs Service;c:\elsawin\bin\LcSvrAuf.exe [2010-6-6 1306624]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-6 136176]
S2 KMService;KMService;c:\windows\system32\srvany.exe [2010-11-11 8192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-6 136176]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RTLWUSB;802.11g USB2.0 WLAN Dongle;c:\windows\system32\drivers\RTL8187.sys [2010-6-5 169472]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TelekomNM3;Telekom Netzmanager Packet Filter Driver;c:\program files\netzmanager\nminfrais2\driver\TelekomNM3.sys [2010-9-16 35040]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-9 52224]
.
=============== Created Last 30 ================
.
2012-03-19 13:52:26	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2012-03-19 08:20:37	352256	---ha-w-	c:\programdata\z1dYe2Bc1FTAcm.exe
2012-03-16 08:03:54	6552120	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{ba1efb29-13c2-4a82-bf6f-088ff9978827}\mpengine.dll
2012-03-15 08:07:15	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-15 08:07:14	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 08:06:12	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-14 08:06:12	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-14 08:06:12	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:06:11	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-14 08:06:11	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-14 08:06:11	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M  ====================
.
2012-02-23 08:18:36	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-22 16:49:03	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-01-21 12:31:50	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:25:04,90 ===============

--- --- ---
--- --- ---

DDS Attach

Code:

ATTFilter

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 05.06.2010 14:25:05
System Uptime: 19.03.2012 17:20:03 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M2N68-AM Plus
Processor: AMD Athlon(tm) 7750 Dual-Core Processor | AM2 | 2712/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 100 GiB total, 33,836 GiB free.
D: is FIXED (NTFS) - 366 GiB total, 351,481 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP279: 15.03.2012 18:03:50 - Windows Update
RP280: 19.03.2012 13:17:18 - Wiederherstellungsvorgang
RP282: 19.03.2012 16:53:55 - Revo Uninstaller's restore point - Avira AntiVir Personal - Free Antivirus
.
==== Installed Programs ======================
.
.NET Framework Machine Code Access Security Policy
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.5 - Deutsch
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
Ashampoo Snap 3.40
ATRis STAHLGRUBER DVD Setup (01/2012)
ATRis_Technik
COPARTS Online
Crystal Reports for .NET Framework 2.0 (x86)
DHTML Editing Component
DVSE Updater
ElsaWin
Google Earth Plug-in
Google Update Helper
Hardlock Gerätetreiber
Java Auto Updater
Java(TM) 6 Update 23
Malwarebytes Anti-Malware Version 1.60.1.1000
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MiniTool Power Data Recovery
Mozilla Firefox 10.0.2 (x86 de)
Mozilla Thunderbird 10.0.2 (x86 de)
Netzmanager
NVIDIA Display Control Panel
NVIDIA Drivers
PTBSync (Atomuhr Synchronisation & Terminkalender)
PVSonyDll
Realtek High Definition Audio Driver
Revo Uninstaller 1.93
SelectDoc
Skype Click to Call
Skype™ 5.5
STAkis-S
TuneUp Utilities
TuneUp Utilities Language Pack (de-DE)
Turbo Lister 2
VLC media player 1.0.5
Webasto Arbeitsplatz
WinRAR
Zattoo4 4.0.5
.
==== End Of File ===========================

Gmer Log
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-19 18:50:14
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\000000af WDC_WD50 rev.05.0
Running: mo9rgnhs.exe; Driver: C:\Users\KFZ-HU~1\AppData\Local\Temp\afrcyuoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text                                                                                                                                 ntkrnlpa.exe!ZwSaveKey + 13D1                                                                                       82E93369 1 Byte  [06]
.text                                                                                                                                 ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82ECCD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text                                                                                                                                 C:\Windows\system32\drivers\hardlock.sys                                                                            section is writeable [0x82335400, 0x87EE2, 0xE8000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x823D9620]  C:\Windows\system32\drivers\hardlock.sys                                                                            entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x823D9620]
.protectÿÿÿÿhardlockunknown last code section [0x823D9400, 0x5126, 0xE0000020]                                                        C:\Windows\system32\drivers\hardlock.sys                                                                            unknown last code section [0x823D9400, 0x5126, 0xE0000020]
PAGE                                                                                                                                  peauth.sys                                                                                                          9B02BB9C 71 Bytes  CALL F4D05804 
?                                                                                                                                     C:\Users\KFZ-HU~1\AppData\Local\Temp\mbr.sys                                                                        Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice                                                                                                                        \Driver\volmgr \Device\HarddiskVolume3                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device                                                                                                                                \Driver\ACPI_HAL \Device\00000099                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice                                                                                                                        \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread                                                                                                                                System [4:2184]                                                                                                     ADC38F2E

---- Registry - GMER 1.0.15 ----

Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x72 0xFA 0x65 0x84 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x42 0xAD 0x93 0x15 ...
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg                                                                                                                                   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xC3 0x14 0xEE 0x3C ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x72 0xFA 0x65 0x84 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x42 0xAD 0x93 0x15 ...
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg                                                                                                                                   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xC3 0x14 0xEE 0x3C ...

---- EOF - GMER 1.0.15 ----

--- --- ---

cosinus · 20.03.2012, 17:13

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

lowi · 25.03.2012, 12:54

Sorry für die Ausszeit... (kurzfristig auf Montage) hab es gestern laufen lassen.
Sieht gut aus? 0 found

stand da. (mit vorherigem manuellem Update von MWB-Free)

Also ich habe immer noch das Problem dass immer wieder alles Versteckt wird und ich im Programmmenu (Win Symbol) nur Ordner sehe, jedoch keine Verknüpfungen. Dasselbe mit dem Desktop und Explorer(hier sind ebenfalls bestimmte Ordner Betroffen)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
KFZ-Hummel :: KFZ-HUMMEL-PC [Administrator]

24.03.2012 09:42:08
mbam-log-2012-03-24 (09-42-08).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 648632
Laufzeit: 1 Stunde(n), 53 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c65059799474d44e9f9735b8a372513e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-24 12:51:28
# local_time=2012-03-24 01:51:28 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 425937 84216712 0 0
# compatibility_mode=8192 67108863 100 0 10561 10561 0 0
# scanned=484455
# found=0
# cleaned=0
# scan_time=7967

EDIT: Ach ja, ansonsten läuft Windows und die Software (wenn ich die Versteckten Dateien anzeigen lasse) wie gewohnt.
Die Frage, ist der Virus weg? Muss ich nochwas machen? Wieso werden immer noch Symbole wieder versteckt und keine Ordneroptionen
(wie Sortierungen etc.) gespeichert?

cosinus · 25.03.2012, 15:41

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

lowi · 26.03.2012, 18:23

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.03.2012 19:07:27 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = D:\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 62,06% Memory free
5,50 Gb Paging File | 4,43 Gb Available in Paging File | 80,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 32,78 Gb Free Space | 32,78% Space Free | Partition Type: NTFS
Drive D: | 365,65 Gb Total Space | 292,75 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
 
Computer Name: KFZ-HUMMEL-PC | User Name: KFZ-Hummel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.26 19:04:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012.01.03 17:55:00 | 000,114,688 | ---- | M] (Acresso) -- C:\Programme\ATRis_Technik\WorkshopDBServer.exe
PRC - [2012.01.03 17:50:12 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\ATRis_Technik\jre\bin\java.exe
PRC - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.06.06 17:29:05 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Programme\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010.06.05 16:46:26 | 001,577,984 | ---- | M] (ElmüSoft) -- C:\Programme\PTBSync\PTBSync.exe
PRC - [2010.03.18 22:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2009.10.30 14:33:46 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.10.30 14:31:24 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.07.06 22:30:52 | 000,081,920 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\VSGate.exe
PRC - [2009.07.06 22:27:14 | 000,147,456 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\LcSvrAdm.exe
PRC - [2009.07.06 22:26:50 | 000,217,088 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\LcSvrHis.exe
PRC - [2009.07.06 22:25:52 | 000,258,048 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\LcSvrSaz.exe
PRC - [2009.07.06 22:23:52 | 001,306,624 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\LcSvrAuf.exe
PRC - [2009.07.06 22:21:28 | 000,368,640 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\LcSvrPas.exe
PRC - [2009.07.06 22:20:30 | 000,241,664 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\LcSvrDba.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.01.18 16:50:02 | 000,417,792 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2007.11.16 17:02:18 | 000,479,232 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007.11.16 17:02:18 | 000,401,408 | R--- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- D:\Program Files\SelectDoc\TBDBMS\tbmux32.exe -- (SelectDoc DB)
SRV - [2012.01.03 17:55:00 | 000,114,688 | ---- | M] (Acresso) [Auto | Running] -- C:\Programme\ATRis_Technik\WorkshopDBServer.exe -- (WorkshopDBService)
SRV - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.04.27 16:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.11 17:49:48 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2010.06.06 17:29:05 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Programme\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2010.06.06 10:56:28 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.06.05 16:46:26 | 001,577,984 | ---- | M] (ElmüSoft) [Auto | Running] -- C:\Program Files\PTBSync\PTBSync.exe -- (PTBSync)
SRV - [2010.03.18 22:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.30 14:31:24 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.10.30 14:27:34 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.06 22:30:52 | 000,081,920 | -H-- | M] (Volkswagen AG) [Auto | Running] -- c:\ElsaWin\bin\VSGate.exe -- (VSGate)
SRV - [2009.07.06 22:27:14 | 000,147,456 | -H-- | M] (Volkswagen AG) [Auto | Running] -- c:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2009.07.06 22:26:50 | 000,217,088 | -H-- | M] (Volkswagen AG) [Auto | Running] -- c:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2009.07.06 22:25:52 | 000,258,048 | -H-- | M] (Volkswagen AG) [Auto | Running] -- c:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2009.07.06 22:23:52 | 001,306,624 | -H-- | M] (Volkswagen AG) [On_Demand | Running] -- c:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2009.07.06 22:21:28 | 000,368,640 | -H-- | M] (Volkswagen AG) [Auto | Running] -- c:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2009.07.06 22:20:30 | 000,241,664 | -H-- | M] (Volkswagen AG) [Auto | Running] -- c:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2011.04.27 16:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.08.12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.05 16:46:26 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ptbring0.sys -- (WinRing0_1_2_0)
DRV - [2010.06.05 15:02:52 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.03.19 01:11:11 | 000,023,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:54 | 000,559,104 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE)
DRV - [2009.07.14 00:02:54 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008.11.23 11:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE)
DRV - [2006.04.12 08:43:50 | 000,169,472 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2005.01.13 09:28:02 | 000,039,040 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\an983.sys -- (AN983)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 09 6D 3A AE 04 CB 01  [binary data]
IE - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: easygtranslate@wrlf.com.br:2.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 10:01:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.24 09:58:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.10 10:13:06 | 000,000,000 | ---D | M]
 
[2010.09.04 09:41:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KFZ-Hummel\AppData\Roaming\mozilla\Extensions
[2010.09.04 09:41:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KFZ-Hummel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.20 15:27:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KFZ-Hummel\AppData\Roaming\mozilla\Firefox\Profiles\p35xhquj.default\extensions
[2011.01.17 11:00:06 | 000,000,000 | -H-D | M] (German Dictionary) -- C:\Users\KFZ-Hummel\AppData\Roaming\mozilla\Firefox\Profiles\p35xhquj.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.01.20 12:21:43 | 000,001,334 | -H-- | M] () -- C:\Users\KFZ-Hummel\AppData\Roaming\Mozilla\Firefox\Profiles\p35xhquj.default\searchplugins\iloadto.xml
[2012.03.23 13:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.29 09:02:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.23 13:24:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\KFZ-HUMMEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P35XHQUJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\KFZ-HUMMEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P35XHQUJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.03.20 10:01:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.23 13:23:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.03 10:00:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.03 10:00:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.03 10:00:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.03 10:00:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.03 10:00:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.03 10:00:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PTBSync] C:\Program Files\PTBSync\PTBSync.exe (ElmüSoft)
O4 - HKLM..\Run: [SedServer] C:\Program Files\ATRis_Technik\Sed.exe ()
O4 - HKU\S-1-5-21-1878925396-3002024494-660468303-1000..\Run: [AshSnap] C:\Programme\Ashampoo Snap 3\ashsnap.exe (ashampoo GmbH & Co. KG)
O4 - HKU\S-1-5-21-1878925396-3002024494-660468303-1000..\Run: [Firefox] C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\KFZ-Hummel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATRis STAHLGRUBER DVD.lnk = C:\ATRIS_ST\KatCd\atris_st.exe (DVSE GmbH\nCarl-Benz-Weg 1\nD-22941 Bargteheide\nTel.: +49 (0) 4532 201401\nFax.: +49 (0) 4532 501052\nEMail: info@dvse.de)
O4 - Startup: C:\Users\KFZ-Hummel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D2DFF26-E8B0-43F6-9665-F5401428B568}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d3b6d63b-70a2-11df-8416-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d3b6d63b-70a2-11df-8416-404e57434401}\Shell\AutoRun\command - "" = I:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 12:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MERTEN SCHALTER-MANAGER
[2012.03.24 12:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\MERTEN SCHALTER-MANAGER
[2012.03.24 10:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.23 13:24:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.03.23 13:24:05 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.03.23 13:24:05 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.03.23 13:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.03.20 13:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012.03.20 13:19:23 | 000,000,000 | ---D | C] -- C:\Users\KFZ-Hummel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.03.19 19:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.03.19 17:52:19 | 000,607,260 | -H-- | C] (Swearware) -- C:\Users\KFZ-Hummel\Desktop\dds.scr
[2012.03.19 17:52:13 | 000,607,260 | RH-- | C] (Swearware) -- C:\Users\KFZ-Hummel\Desktop\dds.com
[2012.03.19 15:52:26 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012.03.15 10:07:15 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.03.15 10:07:14 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012.03.14 10:06:12 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.03.14 10:06:12 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.03.14 10:06:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012.03.14 10:06:11 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.26 19:08:32 | 000,645,728 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.26 19:08:32 | 000,609,092 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.26 19:08:32 | 000,127,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.26 19:08:32 | 000,104,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.26 19:03:29 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.26 19:03:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.26 17:35:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.26 09:06:45 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 09:06:45 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.23 13:23:48 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012.03.23 13:23:48 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012.03.23 13:23:48 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012.03.23 13:23:47 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012.03.21 10:33:05 | 000,000,772 | ---- | M] () -- C:\Users\KFZ-Hummel\Desktop\Wuetschner Verkaufskladde.lnk
[2012.03.20 13:19:23 | 000,001,222 | ---- | M] () -- C:\Users\KFZ-Hummel\Desktop\Revo Uninstaller.lnk
[2012.03.20 10:02:08 | 000,000,456 | -H-- | M] () -- C:\ProgramData\daXg9vo6fXsgpX
[2012.03.20 10:00:27 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~daXg9vo6fXsgpX
[2012.03.20 10:00:27 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~daXg9vo6fXsgpXr
[2012.03.19 19:53:16 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.03.19 19:50:35 | 000,000,442 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.03.19 18:19:24 | 000,000,020 | -H-- | M] () -- C:\Users\KFZ-Hummel\defogger_reenable
[2012.03.19 17:52:35 | 000,302,592 | -H-- | M] () -- C:\Users\KFZ-Hummel\Desktop\mo9rgnhs.exe
[2012.03.19 17:52:21 | 000,607,260 | -H-- | M] (Swearware) -- C:\Users\KFZ-Hummel\Desktop\dds.scr
[2012.03.19 17:52:15 | 000,607,260 | RH-- | M] (Swearware) -- C:\Users\KFZ-Hummel\Desktop\dds.com
[2012.03.19 17:49:53 | 000,050,477 | -H-- | M] () -- C:\Users\KFZ-Hummel\Desktop\Defogger.exe
[2012.03.19 11:03:01 | 000,007,604 | -H-- | M] () -- C:\Users\KFZ-Hummel\AppData\Local\Resmon.ResmonCfg
[2012.03.19 10:30:45 | 000,000,440 | -H-- | M] () -- C:\ProgramData\z1dYe2Bc1FTAcm
[2012.03.19 10:27:27 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~z1dYe2Bc1FTAcm
[2012.03.19 10:27:27 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~z1dYe2Bc1FTAcmr
[2012.03.16 16:26:49 | 000,023,552 | -H-- | M] () -- C:\Users\KFZ-Hummel\AppData\Local\WebpageIcons.db
[2012.03.16 09:59:39 | 000,330,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.03.21 10:32:54 | 000,000,772 | ---- | C] () -- C:\Users\KFZ-Hummel\Desktop\Wuetschner Verkaufskladde.lnk
[2012.03.20 13:19:23 | 000,001,222 | ---- | C] () -- C:\Users\KFZ-Hummel\Desktop\Revo Uninstaller.lnk
[2012.03.20 10:00:27 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~daXg9vo6fXsgpX
[2012.03.20 10:00:27 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~daXg9vo6fXsgpXr
[2012.03.20 10:00:22 | 000,000,456 | -H-- | C] () -- C:\ProgramData\daXg9vo6fXsgpX
[2012.03.19 19:53:16 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.03.19 18:19:09 | 000,000,020 | -H-- | C] () -- C:\Users\KFZ-Hummel\defogger_reenable
[2012.03.19 17:52:34 | 000,302,592 | -H-- | C] () -- C:\Users\KFZ-Hummel\Desktop\mo9rgnhs.exe
[2012.03.19 17:49:51 | 000,050,477 | -H-- | C] () -- C:\Users\KFZ-Hummel\Desktop\Defogger.exe
[2012.03.19 10:20:45 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~z1dYe2Bc1FTAcm
[2012.03.19 10:20:45 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~z1dYe2Bc1FTAcmr
[2012.03.19 10:20:43 | 000,000,440 | -H-- | C] () -- C:\ProgramData\z1dYe2Bc1FTAcm
[2012.01.09 10:19:07 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.01.03 18:00:07 | 000,000,000 | -H-- | C] () -- C:\Users\KFZ-Hummel\AppData\Local\max.ini
[2012.01.03 17:20:04 | 000,000,295 | ---- | C] () -- C:\Windows\Atris_STG.INI
[2011.11.25 11:48:32 | 000,001,024 | ---- | C] () -- C:\Windows\System32\winprod.dll
[2011.01.17 17:15:07 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.11.11 17:50:37 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.11.09 17:15:57 | 000,007,604 | -H-- | C] () -- C:\Users\KFZ-Hummel\AppData\Local\Resmon.ResmonCfg
[2010.09.29 13:36:30 | 000,000,064 | ---- | C] () -- C:\Windows\Sys.ini
[2010.09.29 13:30:39 | 000,165,376 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2010.06.07 09:38:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.06 17:15:06 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.06.06 16:29:00 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini
[2010.06.06 12:39:49 | 000,023,552 | -H-- | C] () -- C:\Users\KFZ-Hummel\AppData\Local\WebpageIcons.db
[2010.06.05 17:24:49 | 000,000,148 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010.06.05 17:24:35 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010.06.05 17:24:35 | 000,023,360 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2010.06.05 17:24:35 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010.06.05 17:24:35 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010.06.05 16:59:04 | 000,001,692 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.05 16:59:04 | 000,000,374 | ---- | C] () -- C:\Windows\Atris_St.INI
[2010.06.05 16:59:04 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.06.05 15:14:54 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.06.05 15:14:54 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.04 11:21:03 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Adobe
[2011.07.02 09:55:26 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Brembo Desktop Calendar
[2010.06.05 15:19:34 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\DAEMON Tools Lite
[2010.08.06 14:20:03 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\dvdcss
[2010.09.03 14:50:28 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\DVSE GmbH
[2011.08.29 11:44:54 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\FRITZ!
[2011.07.26 08:58:16 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\go
[2010.06.05 14:25:18 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Identities
[2010.06.06 12:43:08 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Macromedia
[2011.07.01 17:06:14 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Media Center Programs
[2012.03.19 17:31:09 | 000,000,000 | --SD | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Microsoft
[2010.06.05 14:57:50 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Mozilla
[2011.01.14 17:44:10 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Opera
[2012.03.26 19:07:09 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Skype
[2011.06.16 08:59:59 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\skypePM
[2012.03.19 17:31:09 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Thunderbird
[2010.06.06 10:56:23 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\TuneUp Software
[2012.03.19 17:31:09 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\vlc
[2010.06.05 16:19:32 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.01.22 18:21:08 | 000,010,134 | RH-- | M] () -- C:\Users\KFZ-Hummel\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.05.02 09:02:01 | 000,188,152 | -H-- | M] () -- C:\Users\KFZ-Hummel\AppData\Roaming\Mozilla\Firefox\Profiles\p35xhquj.default\FlashGot.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2009.08.04 18:44:14 | 000,213,024 | -H-- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sataraid\nvstor32.sys
[2009.08.04 18:44:14 | 000,213,024 | -H-- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sataraid\nvstor32.sys
[2009.08.04 18:43:40 | 000,213,024 | -H-- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sata_ide\nvstor32.sys
[2009.08.04 18:43:40 | 000,213,024 | -H-- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sata_ide\nvstor32.sys
[2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\drivers\nvstor32.sys
[2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_40ee9c3d357e7b66\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\ Malwarebytes Anti-Malware \Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

lowi · 26.03.2012, 18:41

Sorry War Scan nich Quick Scan -_-
Hier QuickScanOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.03.2012 19:32:00 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = D:\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,75 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 55,13% Memory free
5,50 Gb Paging File | 4,33 Gb Available in Paging File | 78,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 32,86 Gb Free Space | 32,86% Space Free | Partition Type: NTFS
Drive D: | 365,65 Gb Total Space | 292,75 Gb Free Space | 80,06% Space Free | Partition Type: NTFS
 
Computer Name: KFZ-HUMMEL-PC | User Name: KFZ-Hummel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.26 19:04:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2012.03.20 10:01:51 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.01.03 17:55:00 | 000,114,688 | ---- | M] (Acresso) -- C:\Programme\ATRis_Technik\WorkshopDBServer.exe
PRC - [2012.01.03 17:50:12 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\ATRis_Technik\jre\bin\java.exe
PRC - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.06.06 17:29:05 | 000,072,704 | ---- | M] (Autodata Limited) -- C:\Programme\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
PRC - [2010.06.05 16:46:26 | 001,577,984 | ---- | M] (ElmüSoft) -- C:\Programme\PTBSync\PTBSync.exe
PRC - [2010.03.18 22:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
PRC - [2009.10.30 14:33:46 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.10.30 14:31:24 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.07.06 22:30:52 | 000,081,920 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\VSGate.exe
PRC - [2009.07.06 22:27:14 | 000,147,456 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\LcSvrAdm.exe
PRC - [2009.07.06 22:26:50 | 000,217,088 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\LcSvrHis.exe
PRC - [2009.07.06 22:25:52 | 000,258,048 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\LcSvrSaz.exe
PRC - [2009.07.06 22:23:52 | 001,306,624 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\LcSvrAuf.exe
PRC - [2009.07.06 22:21:28 | 000,368,640 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\LcSvrPas.exe
PRC - [2009.07.06 22:20:30 | 000,241,664 | -H-- | M] (Volkswagen AG) -- c:\ElsaWin\bin\LcSvrDba.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.20 10:01:50 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- D:\Program Files\SelectDoc\TBDBMS\tbmux32.exe -- (SelectDoc DB)
SRV - [2012.01.03 17:55:00 | 000,114,688 | ---- | M] (Acresso) [Auto | Running] -- C:\Programme\ATRis_Technik\WorkshopDBServer.exe -- (WorkshopDBService)
SRV - [2011.10.24 09:53:38 | 002,565,632 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe -- (Netzmanager Service)
SRV - [2011.04.27 16:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.06.06 17:29:05 | 000,072,704 | ---- | M] (Autodata Limited) [Auto | Running] -- C:\Programme\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe -- (Autodata Limited License Service)
SRV - [2010.06.06 10:56:28 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.06.05 16:46:26 | 001,577,984 | ---- | M] (ElmüSoft) [Auto | Running] -- C:\Program Files\PTBSync\PTBSync.exe -- (PTBSync)
SRV - [2010.03.18 22:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.30 14:31:24 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.10.30 14:27:34 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.06 22:30:52 | 000,081,920 | -H-- | M] (Volkswagen AG) [Auto | Running] -- c:\ElsaWin\bin\VSGate.exe -- (VSGate)
SRV - [2009.07.06 22:27:14 | 000,147,456 | -H-- | M] (Volkswagen AG) [Auto | Running] -- c:\ElsaWin\bin\LcSvrAdm.exe -- (LcSvrAdm)
SRV - [2009.07.06 22:26:50 | 000,217,088 | -H-- | M] (Volkswagen AG) [Auto | Running] -- c:\ElsaWin\bin\LcSvrHis.exe -- (LcSvrHis)
SRV - [2009.07.06 22:25:52 | 000,258,048 | -H-- | M] (Volkswagen AG) [Auto | Running] -- c:\ElsaWin\bin\LcSvrSaz.exe -- (LcSvrSaz)
SRV - [2009.07.06 22:23:52 | 001,306,624 | -H-- | M] (Volkswagen AG) [On_Demand | Running] -- c:\ElsaWin\bin\LcSvrAuf.exe -- (LcSvrAuf)
SRV - [2009.07.06 22:21:28 | 000,368,640 | -H-- | M] (Volkswagen AG) [Auto | Running] -- c:\ElsaWin\bin\LcSvrPas.exe -- (LcSvrPAS)
SRV - [2009.07.06 22:20:30 | 000,241,664 | -H-- | M] (Volkswagen AG) [Auto | Running] -- c:\ElsaWin\bin\LcSvrDba.exe -- (LcSvrDba)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2011.04.27 16:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.16 17:02:33 | 000,035,040 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys -- (TelekomNM3)
DRV - [2010.08.12 12:07:48 | 000,298,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2010.07.10 06:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.05 16:46:26 | 000,014,416 | ---- | M] (OpenLibSys.org) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ptbring0.sys -- (WinRing0_1_2_0)
DRV - [2010.06.05 15:02:52 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.03.19 01:11:11 | 000,023,360 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.07.14 00:02:54 | 000,559,104 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fpcibase.sys -- (FPCIBASE)
DRV - [2009.07.14 00:02:54 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008.11.23 11:23:06 | 000,097,792 | ---- | M] (T0r0 2008) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\NSHE.SYS -- (NSHE)
DRV - [2006.04.12 08:43:50 | 000,169,472 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2005.01.13 09:28:02 | 000,039,040 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\an983.sys -- (AN983)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 09 6D 3A AE 04 CB 01  [binary data]
IE - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: easygtranslate@wrlf.com.br:2.1
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.8
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 10:01:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.24 09:58:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.10 10:13:06 | 000,000,000 | ---D | M]
 
[2010.09.04 09:41:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KFZ-Hummel\AppData\Roaming\mozilla\Extensions
[2010.09.04 09:41:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KFZ-Hummel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.20 15:27:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\KFZ-Hummel\AppData\Roaming\mozilla\Firefox\Profiles\p35xhquj.default\extensions
[2011.01.17 11:00:06 | 000,000,000 | -H-D | M] (German Dictionary) -- C:\Users\KFZ-Hummel\AppData\Roaming\mozilla\Firefox\Profiles\p35xhquj.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.01.20 12:21:43 | 000,001,334 | -H-- | M] () -- C:\Users\KFZ-Hummel\AppData\Roaming\Mozilla\Firefox\Profiles\p35xhquj.default\searchplugins\iloadto.xml
[2012.03.23 13:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.29 09:02:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.23 13:24:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\KFZ-HUMMEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P35XHQUJ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\KFZ-HUMMEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\P35XHQUJ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.03.20 10:01:51 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.23 13:23:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.03 10:00:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.03 10:00:17 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.03 10:00:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.03 10:00:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.03 10:00:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.03 10:00:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PTBSync] C:\Program Files\PTBSync\PTBSync.exe (ElmüSoft)
O4 - HKLM..\Run: [SedServer] C:\Program Files\ATRis_Technik\Sed.exe ()
O4 - HKU\S-1-5-21-1878925396-3002024494-660468303-1000..\Run: [AshSnap] C:\Programme\Ashampoo Snap 3\ashsnap.exe (ashampoo GmbH & Co. KG)
O4 - HKU\S-1-5-21-1878925396-3002024494-660468303-1000..\Run: [Firefox] C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\KFZ-Hummel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATRis STAHLGRUBER DVD.lnk = C:\ATRIS_ST\KatCd\atris_st.exe (DVSE GmbH\nCarl-Benz-Weg 1\nD-22941 Bargteheide\nTel.: +49 (0) 4532 201401\nFax.: +49 (0) 4532 501052\nEMail: info@dvse.de)
O4 - Startup: C:\Users\KFZ-Hummel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = C:\Programme\Netzmanager\netzmanager.exe (Deutsche Telekom AG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1878925396-3002024494-660468303-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D2DFF26-E8B0-43F6-9665-F5401428B568}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d3b6d63b-70a2-11df-8416-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d3b6d63b-70a2-11df-8416-404e57434401}\Shell\AutoRun\command - "" = I:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.24 12:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MERTEN SCHALTER-MANAGER
[2012.03.24 12:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\MERTEN SCHALTER-MANAGER
[2012.03.24 10:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.23 13:23:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.03.20 13:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012.03.20 13:19:23 | 000,000,000 | ---D | C] -- C:\Users\KFZ-Hummel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012.03.19 19:52:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.03.19 17:52:19 | 000,607,260 | -H-- | C] (Swearware) -- C:\Users\KFZ-Hummel\Desktop\dds.scr
[2012.03.19 17:52:13 | 000,607,260 | RH-- | C] (Swearware) -- C:\Users\KFZ-Hummel\Desktop\dds.com
[2012.03.19 15:52:26 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.26 19:10:29 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 19:10:29 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.26 19:08:32 | 000,645,728 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.26 19:08:32 | 000,609,092 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.26 19:08:32 | 000,127,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.26 19:08:32 | 000,104,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.26 19:03:29 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.26 19:03:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.26 17:35:01 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.21 10:33:05 | 000,000,772 | ---- | M] () -- C:\Users\KFZ-Hummel\Desktop\Wuetschner Verkaufskladde.lnk
[2012.03.20 13:19:23 | 000,001,222 | ---- | M] () -- C:\Users\KFZ-Hummel\Desktop\Revo Uninstaller.lnk
[2012.03.20 10:02:08 | 000,000,456 | -H-- | M] () -- C:\ProgramData\daXg9vo6fXsgpX
[2012.03.20 10:00:27 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~daXg9vo6fXsgpX
[2012.03.20 10:00:27 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~daXg9vo6fXsgpXr
[2012.03.19 19:53:16 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.03.19 19:50:35 | 000,000,442 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012.03.19 18:19:24 | 000,000,020 | -H-- | M] () -- C:\Users\KFZ-Hummel\defogger_reenable
[2012.03.19 17:52:35 | 000,302,592 | -H-- | M] () -- C:\Users\KFZ-Hummel\Desktop\mo9rgnhs.exe
[2012.03.19 17:52:21 | 000,607,260 | -H-- | M] (Swearware) -- C:\Users\KFZ-Hummel\Desktop\dds.scr
[2012.03.19 17:52:15 | 000,607,260 | RH-- | M] (Swearware) -- C:\Users\KFZ-Hummel\Desktop\dds.com
[2012.03.19 17:49:53 | 000,050,477 | -H-- | M] () -- C:\Users\KFZ-Hummel\Desktop\Defogger.exe
[2012.03.19 11:03:01 | 000,007,604 | -H-- | M] () -- C:\Users\KFZ-Hummel\AppData\Local\Resmon.ResmonCfg
[2012.03.19 10:30:45 | 000,000,440 | -H-- | M] () -- C:\ProgramData\z1dYe2Bc1FTAcm
[2012.03.19 10:27:27 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~z1dYe2Bc1FTAcm
[2012.03.19 10:27:27 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~z1dYe2Bc1FTAcmr
[2012.03.16 16:26:49 | 000,023,552 | -H-- | M] () -- C:\Users\KFZ-Hummel\AppData\Local\WebpageIcons.db
[2012.03.16 09:59:39 | 000,330,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.03.21 10:32:54 | 000,000,772 | ---- | C] () -- C:\Users\KFZ-Hummel\Desktop\Wuetschner Verkaufskladde.lnk
[2012.03.20 13:19:23 | 000,001,222 | ---- | C] () -- C:\Users\KFZ-Hummel\Desktop\Revo Uninstaller.lnk
[2012.03.20 10:00:27 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~daXg9vo6fXsgpX
[2012.03.20 10:00:27 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~daXg9vo6fXsgpXr
[2012.03.20 10:00:22 | 000,000,456 | -H-- | C] () -- C:\ProgramData\daXg9vo6fXsgpX
[2012.03.19 19:53:16 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.03.19 18:19:09 | 000,000,020 | -H-- | C] () -- C:\Users\KFZ-Hummel\defogger_reenable
[2012.03.19 17:52:34 | 000,302,592 | -H-- | C] () -- C:\Users\KFZ-Hummel\Desktop\mo9rgnhs.exe
[2012.03.19 17:49:51 | 000,050,477 | -H-- | C] () -- C:\Users\KFZ-Hummel\Desktop\Defogger.exe
[2012.03.19 10:20:45 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~z1dYe2Bc1FTAcm
[2012.03.19 10:20:45 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~z1dYe2Bc1FTAcmr
[2012.03.19 10:20:43 | 000,000,440 | -H-- | C] () -- C:\ProgramData\z1dYe2Bc1FTAcm
[2012.01.09 10:19:07 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.01.03 18:00:07 | 000,000,000 | -H-- | C] () -- C:\Users\KFZ-Hummel\AppData\Local\max.ini
[2012.01.03 17:20:04 | 000,000,295 | ---- | C] () -- C:\Windows\Atris_STG.INI
[2011.11.25 11:48:32 | 000,001,024 | ---- | C] () -- C:\Windows\System32\winprod.dll
[2011.01.17 17:15:07 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010.11.11 17:50:37 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.11.09 17:15:57 | 000,007,604 | -H-- | C] () -- C:\Users\KFZ-Hummel\AppData\Local\Resmon.ResmonCfg
[2010.09.29 13:36:30 | 000,000,064 | ---- | C] () -- C:\Windows\Sys.ini
[2010.09.29 13:30:39 | 000,165,376 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2010.06.07 09:38:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.06 17:15:06 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.06.06 16:29:00 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini
[2010.06.06 12:39:49 | 000,023,552 | -H-- | C] () -- C:\Users\KFZ-Hummel\AppData\Local\WebpageIcons.db
[2010.06.05 17:24:49 | 000,000,148 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010.06.05 17:24:35 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010.06.05 17:24:35 | 000,023,360 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2010.06.05 17:24:35 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010.06.05 17:24:35 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010.06.05 16:59:04 | 000,001,692 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.05 16:59:04 | 000,000,374 | ---- | C] () -- C:\Windows\Atris_St.INI
[2010.06.05 16:59:04 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.06.05 15:14:54 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE
[2010.06.05 15:14:54 | 000,006,836 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
 
========== LOP Check ==========
 
[2011.07.02 09:55:26 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Brembo Desktop Calendar
[2010.06.05 15:19:34 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\DAEMON Tools Lite
[2010.09.03 14:50:28 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\DVSE GmbH
[2011.08.29 11:44:54 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\FRITZ!
[2011.07.26 08:58:16 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\go
[2011.01.14 17:44:10 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Opera
[2012.03.19 17:31:09 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Thunderbird
[2010.06.06 10:56:23 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\TuneUp Software
[2010.12.07 12:00:38 | 000,000,520 | ---- | M] () -- C:\Windows\Tasks\Automatische Wartung.job
[2011.12.19 09:59:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.04 11:21:03 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Adobe
[2011.07.02 09:55:26 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Brembo Desktop Calendar
[2010.06.05 15:19:34 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\DAEMON Tools Lite
[2010.08.06 14:20:03 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\dvdcss
[2010.09.03 14:50:28 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\DVSE GmbH
[2011.08.29 11:44:54 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\FRITZ!
[2011.07.26 08:58:16 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\go
[2010.06.05 14:25:18 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Identities
[2010.06.06 12:43:08 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Macromedia
[2011.07.01 17:06:14 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Media Center Programs
[2012.03.19 17:31:09 | 000,000,000 | --SD | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Microsoft
[2010.06.05 14:57:50 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Mozilla
[2011.01.14 17:44:10 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Opera
[2012.03.26 19:07:09 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Skype
[2011.06.16 08:59:59 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\skypePM
[2012.03.19 17:31:09 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\Thunderbird
[2010.06.06 10:56:23 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\TuneUp Software
[2012.03.19 17:31:09 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\vlc
[2010.06.05 16:19:32 | 000,000,000 | -H-D | M] -- C:\Users\KFZ-Hummel\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.01.22 18:21:08 | 000,010,134 | RH-- | M] () -- C:\Users\KFZ-Hummel\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.05.02 09:02:01 | 000,188,152 | -H-- | M] () -- C:\Users\KFZ-Hummel\AppData\Roaming\Mozilla\Firefox\Profiles\p35xhquj.default\FlashGot.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2009.08.04 18:44:14 | 000,213,024 | -H-- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sataraid\nvstor32.sys
[2009.08.04 18:44:14 | 000,213,024 | -H-- | M] (NVIDIA Corporation) MD5=269DE658DEAF032564E8B6430B5BD170 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sataraid\nvstor32.sys
[2009.08.04 18:43:40 | 000,213,024 | -H-- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\Win7\sata_ide\nvstor32.sys
[2009.08.04 18:43:40 | 000,213,024 | -H-- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\NVIDIA\nForceWinVista\15.49\English\IDE\WinVista\sata_ide\nvstor32.sys
[2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\drivers\nvstor32.sys
[2009.08.04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_40ee9c3d357e7b66\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\ Malwarebytes Anti-Malware \Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

--- --- ---

cosinus · 26.03.2012, 18:42

Zitat:

O4 - HKU\S-1-5-21-1878925396-3002024494-660468303-1000..\Run: [Firefox] C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

Wieso ist der FF im Autostart, muss das sein?
Ist das rein zufällig ein gewerblich genutzter Rechner? Ich hab da einige Programme gesehen, die man nun nicht gerade privat verwendet

Zitat:

Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Win7 Pro im privaten Umfeld ist auch eher eine Nummer zu groß

lowi · 26.03.2012, 18:42

Ist der "Firmen"Rechner meiner Eltern, die haben ein KFZ-Teile Handel
Das Win7 hab ich über die Uni gekauft

die haben welche verschenkt und welche verkauft, lieber der Uni geld geben als dem Finanzamt

cosinus · 26.03.2012, 18:49

Na klasse, deine Eltern wissen Bescheid was mit diesem Rechner ist?

Wenn dieser Rechner ein wichtiger Rechner in der Firma ist, dann sollte es ja auch sowas wie ein Backupkonzept bzw. Wiederherstellung im Notfall geben oder?

lowi · 26.03.2012, 18:55

Mmh... also die IT Beratung bin ich... sozusagen... wir haben auch keine Große Firma mit rechnernetz etc. hier gibts diesen Rechner und einen Zweiten auf dem ein DOS Fakturierungssoftware läuft.
Jedesmal wenn ein Backup fällig gewesen wäre kam ein neues Betriebssystem und somit neu aufsetzen... bis jetzt glück gehabt

Naja ich weiß nicht, wenn ihr mir sagt ich soll den Rechner neu machen weil es keinen Zweck hat, dann mache ich das, mit der Software hier habe ich kein Problem. Die ist vollständig vorhanden.
Ich hätte das evtl. jetzt gemacht. Wir haben leider sowas wie eine externe HDD oder so nicht.

EDIT:
Also ist dieser rechner deiner Meinung nach Sauber? Dann hole ich die wichtigen Daten runter und mache ihn neu, danach(oder davor) besorg ich mir ein anständigen Datenträger und mache eine Sicherung pro Woche. Weiß noch nicht wie genau, aber wohl mit manuellem auslösen.
Danke dir erstmal für deine geduld und das viele durchsuchen der Log's.

Mir ist noch etwas aufgefallen...
manchmal wenn man bei google etwas sucht, dann wird mann vorher auf eine URL geleitet:hxxp://brown.mydomxd.org.
da mein Vater Java deinstalliert hat, passiert danach nichts weiter.

cosinus · 26.03.2012, 19:58

Nein wo hab ich behauptet der Rechner wäre sauber? Ich hab nur meine Meinung gepostet und die etwas lasche Haltung kritisiert bei so einem doch wichtigen Rechner. Was wollt ihr denn ohne Backups mal machen wenn versehentlich Dateien gelöscht oder gar die Festplattte kaputtgegangen ist?

Ich würde solche "wichtigen" Rechner nach Möglichkeit lieber neu aufsetzen.

lowi · 26.03.2012, 20:53

Gut, Danke.
So etwas wollte ich hören.

EDIT: BTW, nicht jeder hat schon das Papierlose Büro

EDIT²: Was wäre wenn der Rechner nicht so Wichtig wäre? Ich meine den Aufwand den wir hier betrieben haben war schon, relativ groß

cosinus · 27.03.2012, 10:11

Zitat:

(TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
(TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

Wieso muss man das System mit TuneUp belasten? Das Teil ist schon fast als Snakeoil einzustufen

Und erst recht sollte man unbedingt die Finger von der Registrycleaning-Funktion lassen!

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d3b6d63b-70a2-11df-8416-404e57434401}\Shell - "" = AutoRun
O33 - MountPoints2\{d3b6d63b-70a2-11df-8416-404e57434401}\Shell\AutoRun\command - "" = I:\autorun.exe
[2012.03.20 10:02:08 | 000,000,456 | -H-- | M] () -- C:\ProgramData\daXg9vo6fXsgpX
[2012.03.20 10:00:27 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~daXg9vo6fXsgpX
[2012.03.20 10:00:27 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~daXg9vo6fXsgpXr
[2012.03.19 10:30:45 | 000,000,440 | -H-- | M] () -- C:\ProgramData\z1dYe2Bc1FTAcm
[2012.03.19 10:27:27 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~z1dYe2Bc1FTAcm
[2012.03.19 10:27:27 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~z1dYe2Bc1FTAcmr
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

lowi · 07.04.2012, 09:06

Morgen... Sorry für die Untreue zu euch...

Also ich habe das OTL laufen lassen,
Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b6d63b-70a2-11df-8416-404e57434401}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b6d63b-70a2-11df-8416-404e57434401}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3b6d63b-70a2-11df-8416-404e57434401}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3b6d63b-70a2-11df-8416-404e57434401}\ not found.
File I:\autorun.exe not found.
C:\ProgramData\daXg9vo6fXsgpX moved successfully.
C:\ProgramData\~daXg9vo6fXsgpX moved successfully.
C:\ProgramData\~daXg9vo6fXsgpXr moved successfully.
C:\ProgramData\z1dYe2Bc1FTAcm moved successfully.
C:\ProgramData\~z1dYe2Bc1FTAcm moved successfully.
C:\ProgramData\~z1dYe2Bc1FTAcmr moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: KFZ-Hummel
->Temp folder emptied: 1046458119 bytes
->Temporary Internet Files folder emptied: 62380696 bytes
->FireFox cache emptied: 197805723 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 8054 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 477970 bytes
RecycleBin emptied: 26005486 bytes
 
Total Files Cleaned = 1.271,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04072012_095623

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\hsperfdata_KFZ-HUMMEL-PC$\2156 not found!

Registry entries deleted on Reboot...

Beim Autostart vom Fuchs hat er mir einen Fehler gebracht dass die Tabs nicht geöffnet werden können. Es wird Versucht sie in einem neuen Fenster
zu öffnen. Weiter ist nichts passiert.
Fuchs von Hand gestartet, ging ohne Probleme.

So, was stellt Ihr jetzt fest

EDIT: Wenn ich über Google weiterleite (Also über die Suchergebnisse) dann läd er vorher häufig eine andere URL :O
Bsp.: Ich suche Telekom ISDN Universal werde auf hilfe.telekom.de geleitet, vorher jedoch über lycris.de (manchmal direkt, manchmal
nur unten in der Lade leiste und dann als Anzeige auf Telekom.de)

BTW: TuneUp == SnakeOil??? Was ?? Bis jetzt hat diese ganze Aufräum-Geschichte eigentlich immer schön funktioniert, merkbar an der Geschwindigkeit :O

cosinus · 07.04.2012, 17:57

TuneUp ist schrott, erst lesen => TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de
Ich würde kein Geld für sowas ausgeben

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

26.03.2012, 18:49	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows teilweise ohne Funktion, Rouge.FakeHDD, PUM.Hijack.StartMenu Na klasse, deine Eltern wissen Bescheid was mit diesem Rechner ist? Wenn dieser Rechner ein wichtiger Rechner in der Firma ist, dann sollte es ja auch sowas wie ein Backupkonzept bzw. Wiederherstellung im Notfall geben oder? __________________ Logfiles bitte immer in CODE-Tags posten

Windows teilweise ohne Funktion, Rouge.FakeHDD, PUM.Hijack.StartMenu

Plagegeister aller Art und deren Bekämpfung: Windows teilweise ohne Funktion, Rouge.FakeHDD, PUM.Hijack.StartMenu