Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)

Wittenberg · 03.06.2012, 15:47

Hallo!

Ich habe folgendes Problem:

Avira meldet ständig zwei Trojaner, nämlich

TR/ATRAPS.GEN2 (Quelle: 'C:\Windows\Installer\{82f33d23-dd60-2c75-7961-fff8bd55fa5e}\U\800000cb.@')

und

TR/Sirefef.AG.35 (Quelle:'C:\Windows\Installer\{82f33d23-dd60-2c75-7961-fff8bd55fa5e}\U\80000000.@')

Beide lassen sich nicht entfernen.

Ich habe bereits den Lösungsansatz in folgendem Thread verfolgt:

http://www.trojaner-board.de/115847-...f-ag-35-a.html

Berichte von malwarebytes, OTL und GMER liegen bereits vor; defogger wurde ohne Fehlermeldung ausgeführt.

Bitte beachten: Es sind allenfalls PC-Grundkenntnisse vorhanden.

Danke für eure Hilfe im Voraus.

Viele Grüße

Malwarebytes Report_120603

Zitat:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.03.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
*** :: ***-PC [Administrator]

Schutz: Aktiviert

03.06.2012 14:21:05
mbam-log-2012-06-03 (14-21-05).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 190184
Laufzeit: 7 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\Installer\{82f33d23-dd60-2c75-7961-fff8bd55fa5e}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{82f33d23-dd60-2c75-7961-fff8bd55fa5e}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{82f33d23-dd60-2c75-7961-fff8bd55fa5e}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL logfile

Zitat:

OTL logfile created on: 03.06.2012 14:41:38 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,22% Memory free
4,22 Gb Paging File | 2,87 Gb Available in Paging File | 68,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 24,81 Gb Free Space | 33,42% Space Free | Partition Type: NTFS
Drive E: | 73,36 Gb Total Space | 73,27 Gb Free Space | 99,88% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.03 14:02:33 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2012.06.01 00:49:25 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012.05.25 19:05:49 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.04.21 17:02:30 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2008.09.18 22:14:32 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Programme\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
PRC - [2008.01.19 09:33:37 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Mail\WinMail.exe
PRC - [2008.01.19 09:33:30 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.01.19 09:33:12 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe
PRC - [2008.01.19 09:33:04 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007.07.26 16:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007.07.20 20:45:16 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2007.07.06 11:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.27 12:28:40 | 000,436,088 | ---- | M] () -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2007.06.19 15:28:32 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2007.06.18 10:51:10 | 001,507,328 | ---- | M] (Interactive Digital Media) -- C:\Programme\IDM\Desktop SMS\DesktopSMS.exe
PRC - [2007.05.04 13:05:08 | 000,571,024 | ---- | M] (Toshiba) -- C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe
PRC - [2007.04.24 16:00:10 | 000,225,280 | ---- | M] (ATK0100) -- C:\Programme\ATK Hotkey\HControl.exe
PRC - [2007.03.22 17:09:28 | 002,420,736 | ---- | M] () -- C:\Programme\ATK Hotkey\ATKOSD.exe
PRC - [2007.03.01 08:01:00 | 000,180,736 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
PRC - [2007.02.05 18:13:14 | 000,094,208 | ---- | M] () -- C:\Programme\ATK Hotkey\ASLDRSrv.exe
PRC - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

========== Modules (No Company Name) ==========

MOD - [2012.06.01 04:10:09 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2012.06.01 04:07:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2012.06.01 04:05:51 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2012.06.01 04:05:22 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2012.06.01 04:05:07 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2012.06.01 04:03:38 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2012.06.01 04:03:21 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2012.05.25 16:26:22 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008.09.18 22:14:34 | 000,364,544 | ---- | M] () -- C:\Programme\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll
MOD - [2007.06.27 12:28:40 | 000,436,088 | ---- | M] () -- C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
MOD - [2007.05.31 10:01:22 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007.01.18 09:30:00 | 000,094,208 | ---- | M] () -- C:\Programme\IDM\Desktop SMS\oehook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2012.06.01 00:49:26 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.25 18:36:47 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2012.05.25 16:24:00 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.01.19 09:34:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\mprdim.dll -- (RemoteAccess)
SRV - [2008.01.19 09:34:44 | 000,053,760 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\Mcx2Svc.dll -- (Mcx2Svc)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.07.26 16:20:02 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Programme\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007.02.05 18:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Programme\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006.11.14 20:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.08.23 16:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006.05.25 19:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys -- (EraserUtilDrv11210)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2008.01.19 07:49:16 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sermouse.sys -- (sermouse)
DRV - [2008.01.19 07:28:08 | 000,226,816 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\udfs.sys -- (udfs)
DRV - [2007.07.30 11:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.07.26 16:18:04 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tos_sps32.sys -- (tos_sps32)
DRV - [2007.07.13 16:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007.06.18 18:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.02.24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10N.sys -- (KR10N)
DRV - [2007.01.18 16:40:56 | 000,219,392 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\KR10I.sys -- (KR10I)
DRV - [2006.12.14 15:11:58 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iaStorV.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\isapnp.sys -- (isapnp)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,080,488 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msdsm.sys -- (msdsm)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,078,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\mpio.sys -- (mpio)
DRV - [2006.11.02 11:50:16 | 000,076,392 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sbp2port.sys -- (sbp2port)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\HpCISSs.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\Mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:49 | 000,027,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\i2omp.sys -- (i2omp)
DRV - [2006.11.02 11:49:44 | 000,023,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\msahci.sys -- (msahci)
DRV - [2006.11.02 11:49:38 | 000,019,560 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wd.sys -- (Wd)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:26 | 000,015,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdide.sys -- (amdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 11:49:20 | 000,013,416 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\pciide.sys -- (pciide)
DRV - [2006.11.02 11:03:00 | 000,242,688 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rdpdr.sys -- (rdpdr)
DRV - [2006.11.02 10:55:23 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\bthmodem.sys -- (BTHMODEM)
DRV - [2006.11.02 10:55:22 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidbth.sys -- (HidBth)
DRV - [2006.11.02 10:55:16 | 000,062,080 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ohci1394.sys -- (ohci1394)
DRV - [2006.11.02 10:55:09 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbcir.sys -- (usbcir) eHome Infrared Receiver (USBCIR)
DRV - [2006.11.02 10:55:08 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\circlass.sys -- (circlass)
DRV - [2006.11.02 10:55:05 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\usbohci.sys -- (usbohci)
DRV - [2006.11.02 10:55:01 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\hidir.sys -- (HidIr)
DRV - [2006.11.02 10:52:52 | 000,020,608 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wacompen.sys -- (WacomPen)
DRV - [2006.11.02 10:51:40 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sfloppy.sys -- (sfloppy)
DRV - [2006.11.02 10:51:38 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sffdisk.sys -- (sffdisk)
DRV - [2006.11.02 10:51:33 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\fdc.sys -- (fdc)
DRV - [2006.11.02 10:51:32 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\flpydisk.sys -- (flpydisk)
DRV - [2006.11.02 10:51:30 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2006.11.02 10:51:30 | 000,079,360 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\parport.sys -- (Parport)
DRV - [2006.11.02 10:51:12 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\kbdhid.sys -- (kbdhid)
DRV - [2006.11.02 10:42:03 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\IPMIDrv.sys -- (IPMIDRV)
DRV - [2006.11.02 10:35:03 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2006.11.02 10:30:19 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\viac7.sys -- (ViaC7)
DRV - [2006.11.02 10:30:18 | 000,040,960 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk8.sys -- (AmdK8)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\crusoe.sys -- (Crusoe)
DRV - [2006.11.02 10:30:18 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\amdk7.sys -- (AmdK7)
DRV - [2006.11.02 10:30:18 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\processr.sys -- (Processor)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.10.18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {613A6B30-9D4B-4C99-A89E-9167B218C72D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{613A6B30-9D4B-4C99-A89E-9167B218C72D}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\TOSCDSPD.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - hxxp://rover.ebay.com/rover/1/707-44556-9400-3/4 File not found
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - hxxp://www.amazon.de/exec/obidos/redirect-home?tag=Toshibadebholink-21&site=home File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7066DB2-D39A-48CF-8661-3E2955DEA498}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Toshiba\Wallpapers\Wallpaper1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012.06.01 03:04:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012.06.01 01:26:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.06.01 01:26:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.01 01:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.01 01:26:29 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.01 01:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.31 20:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.05.31 10:19:40 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2012.05.31 00:34:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2012.05.31 00:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.31 00:28:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.05.31 00:27:50 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.31 00:27:50 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.31 00:27:50 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.05.31 00:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.05.30 21:29:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Pixela
[2012.05.30 21:27:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PIXELA
[2012.05.30 21:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIXELA
[2012.05.30 21:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2012.05.29 20:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.05.29 20:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.05.28 22:24:17 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\{82f33d23-dd60-2c75-7961-fff8bd55fa5e}
[2012.05.25 23:03:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Updater5
[2012.05.25 22:54:40 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2012.05.25 21:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2012.05.25 21:14:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX Downloads
[2012.05.25 21:14:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_Video_easy_HD
[2012.05.25 21:02:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Bücher
[2012.05.25 21:02:12 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Eigene Dateien
[2012.05.25 20:55:42 | 000,000,000 | ---D | C] -- C:\Users\***\e-Book-Reader
[2012.05.25 20:52:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2012.05.25 20:21:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.05.25 19:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012.05.25 19:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012.05.25 19:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012.05.25 19:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012.05.25 19:36:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2012.05.25 19:35:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.05.25 19:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012.05.25 19:35:10 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.05.25 18:12:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Symantec
[2012.05.25 18:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveUpdate Notice
[2012.05.25 15:47:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Amazon
[2012.05.25 15:44:38 | 000,083,760 | ---- | C] (Amazon.com, Inc.) -- C:\Windows\System32\stkMonitor.dll
[2012.05.25 15:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012.05.25 02:59:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\calibre
[2012.05.25 02:58:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2012.05.25 02:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.05.25 02:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012.05.25 02:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2012.05.25 02:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.05.25 02:41:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2012.05.25 02:41:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2012.05.25 02:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Creativity Suite
[2012.05.25 02:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2012.05.25 02:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.05.25 02:25:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012.05.25 02:24:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.05.25 02:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.05.25 02:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.05.25 02:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.05.25 02:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.05.25 02:23:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012.05.25 02:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012.05.25 02:21:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2012.05.25 02:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012.05.25 02:18:24 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.05.25 02:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.05.25 02:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012.05.25 02:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
[2012.05.25 02:10:45 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2012.05.25 02:05:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.05.25 02:01:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.05.25 01:51:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.05.25 01:48:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.25 00:38:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Toshiba
[2012.05.25 00:38:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2012.05.25 00:38:05 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.05.25 00:38:05 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2012.05.25 00:38:05 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.05.25 00:37:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2012.05.25 00:37:54 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2012.05.25 00:37:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2012.05.25 00:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ToshibaEurope
[2012.05.25 00:35:25 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.05.25 00:35:25 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2012.05.25 00:35:25 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2012.05.25 00:35:25 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2012.05.25 00:35:25 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2012.05.25 00:35:25 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.05.25 00:35:25 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2012.05.25 00:35:25 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2012.05.25 00:35:25 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2012.05.25 00:35:25 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2012.05.25 00:35:25 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2012.05.25 00:35:25 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2012.05.25 00:35:25 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2012.05.25 00:35:25 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2012.05.25 00:35:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2012.05.25 00:35:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2012.05.25 00:35:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2012.05.25 00:31:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.05.25 00:31:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.05.25 00:31:24 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.05.25 00:31:24 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.05.25 00:31:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.05.25 00:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.05.25 00:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.05.25 00:31:24 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.05.25 00:31:24 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.05.25 00:31:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.05.25 00:31:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.05.25 00:31:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.05.25 00:28:27 | 000,737,280 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012.05.25 00:28:27 | 000,737,280 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys
[2012.05.25 00:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2012.05.25 00:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012.05.25 00:23:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.03 14:41:07 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.03 14:41:07 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.03 14:41:07 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.03 14:41:07 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.03 14:35:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 14:35:47 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.03 14:35:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.03 14:35:34 | 2138,300,416 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.03 14:20:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.03 13:57:51 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.06.01 23:57:40 | 000,002,631 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.06.01 04:01:23 | 000,368,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.01 01:26:31 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.31 12:32:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.05.31 09:40:29 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2012.05.31 09:40:24 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2012.05.31 00:28:40 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.30 22:58:04 | 000,000,518 | ---- | M] () -- C:\Users\***\Desktop\Eigene Dateien.lnk
[2012.05.30 22:37:16 | 000,029,696 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.30 21:24:58 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\ImageMixer 3 SE Ver.4.lnk
[2012.05.30 21:24:58 | 000,000,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
[2012.05.28 21:27:21 | 000,000,803 | ---- | M] () -- C:\Users\***\Desktop\Nikon Bedienungsanleitung.lnk
[2012.05.28 21:26:30 | 000,000,838 | ---- | M] () -- C:\Users\***\Desktop\Camcorder Bedienungsanleitung.lnk
[2012.05.25 22:50:35 | 000,083,760 | ---- | M] (Amazon.com, Inc.) -- C:\Windows\System32\stkMonitor.dll
[2012.05.25 22:34:26 | 000,000,513 | ---- | M] () -- C:\Users\***\Desktop\Eigene Bücher.lnk
[2012.05.25 20:59:47 | 000,000,016 | ---- | M] () -- C:\Windows\System32\coh.cache
[2012.05.25 20:12:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\UMDF\Msft_User_WpdFs_01_00_00.Wdf
[2012.05.25 20:09:47 | 000,002,707 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.05.25 19:47:02 | 000,000,000 | ---- | M] () -- C:\Windows\WinInit.ini
[2012.05.25 19:26:38 | 000,001,594 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.05.25 18:31:03 | 032,702,464 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012.05.25 18:31:03 | 000,327,680 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2012.05.25 18:31:03 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2012.05.25 18:03:48 | 000,000,363 | ---- | M] () -- C:\Users\***\Desktop\Downloads.lnk
[2012.05.25 17:25:28 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2012.05.25 17:15:52 | 002,501,921 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2012.05.25 17:15:50 | 000,015,181 | ---- | M] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2012.05.25 02:59:04 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.05.25 02:58:33 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.25 02:36:26 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\EPSON File Manager.lnk
[2012.05.25 02:25:36 | 000,001,669 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.25 02:24:33 | 000,002,091 | ---- | M] () -- C:\Users\Public\Desktop\EPSON_DX4400 Handbuch.lnk
[2012.05.25 02:10:53 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.05.25 02:10:27 | 000,000,027 | ---- | M] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2012.05.25 02:05:02 | 000,000,887 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video easy HD.lnk
[2012.05.25 00:58:52 | 000,000,104 | ---- | M] () -- C:\Users\***\Desktop\Windows Mail.lnk
[2012.05.25 00:46:19 | 000,000,948 | ---- | M] () -- C:\Users\***\Desktop\Internet Explorer.lnk
[2012.05.25 00:28:06 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L40_05662-GR_PSL48E-01000.MRK
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.03 13:57:51 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.06.01 03:22:40 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012.06.01 03:22:40 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012.06.01 03:22:37 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012.06.01 03:02:01 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012.06.01 03:02:01 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012.06.01 03:02:01 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012.06.01 01:26:31 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.31 12:32:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012.05.31 00:28:40 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.30 22:58:04 | 000,000,518 | ---- | C] () -- C:\Users\***\Desktop\Eigene Dateien.lnk
[2012.05.30 21:24:58 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\ImageMixer 3 SE Ver.4.lnk
[2012.05.30 21:24:58 | 000,000,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk
[2012.05.28 22:24:21 | 000,206,830 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012.05.28 22:23:50 | 000,132,148 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012.05.28 22:23:01 | 000,175,508 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012.05.28 22:22:41 | 000,289,467 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012.05.28 22:22:34 | 000,261,163 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012.05.28 22:22:11 | 000,080,047 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012.05.28 22:20:35 | 000,009,987 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012.05.28 22:19:52 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2012.05.28 22:19:50 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2012.05.28 22:19:44 | 000,000,150 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2012.05.28 22:19:39 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2012.05.28 22:19:38 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2012.05.28 21:27:21 | 000,000,803 | ---- | C] () -- C:\Users\***\Desktop\Nikon Bedienungsanleitung.lnk
[2012.05.28 21:26:30 | 000,000,838 | ---- | C] () -- C:\Users\***\Desktop\Camcorder Bedienungsanleitung.lnk
[2012.05.25 22:34:26 | 000,000,513 | ---- | C] () -- C:\Users\***\Desktop\Eigene Bücher.lnk
[2012.05.25 20:12:30 | 000,029,696 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.25 20:09:47 | 000,002,707 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.05.25 20:09:39 | 000,002,631 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2012.05.25 19:59:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\coh.cache
[2012.05.25 19:47:02 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2012.05.25 19:26:38 | 000,001,594 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2012.05.25 18:03:48 | 000,000,363 | ---- | C] () -- C:\Users\***\Desktop\Downloads.lnk
[2012.05.25 17:25:28 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2012.05.25 17:15:51 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012.05.25 17:15:50 | 000,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2012.05.25 16:27:00 | 000,327,680 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2012.05.25 16:27:00 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2012.05.25 16:26:59 | 032,702,464 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2012.05.25 02:59:04 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2012.05.25 02:58:33 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.05.25 02:36:26 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\EPSON File Manager.lnk
[2012.05.25 02:25:36 | 000,001,669 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.05.25 02:25:04 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2012.05.25 02:25:03 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2012.05.25 02:25:03 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2012.05.25 02:25:03 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2012.05.25 02:25:03 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2012.05.25 02:25:03 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2012.05.25 02:25:03 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2012.05.25 02:25:03 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2012.05.25 02:25:03 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2012.05.25 02:25:03 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2012.05.25 02:25:03 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2012.05.25 02:25:03 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2012.05.25 02:25:03 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2012.05.25 02:25:03 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2012.05.25 02:25:03 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2012.05.25 02:25:02 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2012.05.25 02:25:02 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2012.05.25 02:25:02 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2012.05.25 02:25:02 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2012.05.25 02:25:02 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2012.05.25 02:25:02 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2012.05.25 02:25:02 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2012.05.25 02:25:02 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2012.05.25 02:25:02 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2012.05.25 02:25:02 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2012.05.25 02:25:02 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2012.05.25 02:25:02 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2012.05.25 02:25:02 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2012.05.25 02:25:02 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2012.05.25 02:25:02 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2012.05.25 02:25:02 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2012.05.25 02:25:02 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2012.05.25 02:24:33 | 000,002,091 | ---- | C] () -- C:\Users\Public\Desktop\EPSON_DX4400 Handbuch.lnk
[2012.05.25 02:24:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.25 02:21:35 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.05.25 02:10:53 | 000,000,770 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012.05.25 02:10:27 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2012.05.25 02:05:02 | 000,000,887 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video easy HD.lnk
[2012.05.25 00:58:52 | 000,000,104 | ---- | C] () -- C:\Users\***\Desktop\Windows Mail.lnk
[2012.05.25 00:46:19 | 000,000,948 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer.lnk
[2012.05.25 00:38:07 | 000,000,954 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.05.25 00:38:05 | 000,000,949 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.05.25 00:37:54 | 000,000,920 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.05.25 00:28:28 | 000,089,991 | ---- | C] () -- C:\Windows\System32\netathr.inf
[2012.05.25 00:28:28 | 000,030,578 | ---- | C] () -- C:\Windows\System32\athrext.cat
[2012.05.25 00:28:06 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\TOSHIBA_Satellite L40_05662-GR_PSL48E-01000.MRK
[2012.05.25 00:23:06 | 2138,300,416 | -HS- | C] () -- C:\hiberfil.sys

========== LOP Check ==========

[2012.05.25 03:00:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\calibre
[2012.05.25 02:05:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.06.03 14:34:50 | 000,020,190 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile

Zitat:

OTL Extras logfile created on: 03.06.2012 14:41:38 - Run 1
OTL by OldTimer - Version 3.2.45.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 0,92 Gb Available Physical Memory | 46,22% Memory free
4,22 Gb Paging File | 2,87 Gb Available in Paging File | 68,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,22 Gb Total Space | 24,81 Gb Free Space | 33,42% Space Free | Partition Type: NTFS
Drive E: | 73,36 Gb Total Space | 73,27 Gb Free Space | 99,88% Space Free | Partition Type: NTFS

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2C544254-39F2-4ACA-B779-ABF7297C96CF}" = Accessibility
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{31758AE2-D16E-4E1E-A448-945EF61B48A8}" = calibre
"{320D4FBD-53F7-476B-A4AF-E26A02645918}" = MAGIX Video easy HD
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Vista x86 Ver.3.33.03
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDBF6D3-08D7-4B78-8C6C-FD9CC66CB369}" = MAGIX Speed burnR (MSI)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E520B22-546E-4AD3-8958-7D1EB8587AB1}" = Music Transfer Utility Ver.1
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAE4E520-4695-4A96-8661-B62FA5FB669E}" = ImageMixer 3 SE Ver.4 Transfer Utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF478E4A-AC94-4847-8036-1DB8EC19355A}" = MAGIX Screenshare
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"MAGIX_MSI_Video_easy_2" = MAGIX Video easy HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SendToKindle" = Amazon Send to Kindle
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 2.0.1
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30.05.2012 16:20:11 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =

Error - 30.05.2012 16:46:15 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm VideoEasy_u.exe, Version 2.0.2.0 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über
das Problem zu suchen. Prozess-ID: 1190 Anfangszeit: 01cd3ea48509ce34 Zeitpunkt der
Beendigung: 111

Error - 30.05.2012 17:16:18 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6661.5000 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1008 Anfangszeit: 01cd3ea96062c5a4 Zeitpunkt
der Beendigung: 0

Error - 30.05.2012 18:19:50 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6661.5000 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: ad8 Anfangszeit: 01cd3eb21ad1581d Zeitpunkt
der Beendigung: 8

Error - 30.05.2012 18:22:25 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6661.5000 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1710 Anfangszeit: 01cd3eb2986431dd Zeitpunkt
der Beendigung: 37

Error - 30.05.2012 18:27:50 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =

Error - 31.05.2012 03:12:56 | Computer Name = ***-PC | Source = VSS | ID = 12289
Description =

Error - 31.05.2012 03:12:57 | Computer Name = ***-PC | Source = VSS | ID = 8194
Description =

Error - 31.05.2012 03:58:03 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =

Error - 31.05.2012 04:29:49 | Computer Name = ***-PC | Source = WerSvc | ID = 5007
Description =

[ System Events ]
Error - 25.05.2012 16:48:26 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.05.2012 16:48:26 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.05.2012 16:48:26 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.05.2012 16:48:26 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.05.2012 16:48:26 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.05.2012 16:48:26 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.05.2012 16:48:26 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.05.2012 16:48:26 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.05.2012 16:48:26 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.05.2012 16:48:26 | Computer Name = ***-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

< End of report >

gmer

Zitat:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-03 16:20:49
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.DL03
Running: 6j9f94ss.exe; Driver: C:\Users\***\AppData\Local\Temp\kxlirpog.sys

---- System - GMER 1.0.15 ----

SSDT 8A74835E ZwCreateSection
SSDT 8A748368 ZwRequestWaitReplyPort
SSDT 8A748363 ZwSetContextThread
SSDT 8A74836D ZwSetSecurityObject
SSDT 8A748372 ZwSystemDebugControl
SSDT 8A7482FF ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 448 81D04A6C 4 Bytes [5E, 83, 74, 8A]
.text ntkrnlpa.exe!KeSetTimerEx + 76C 81D04D90 4 Bytes [68, 83, 74, 8A]
.text ntkrnlpa.exe!KeSetTimerEx + 7A0 81D04DC4 4 Bytes [63, 83, 74, 8A]
.text ntkrnlpa.exe!KeSetTimerEx + 804 81D04E28 4 Bytes [6D, 83, 74, 8A]
.text ntkrnlpa.exe!KeSetTimerEx + 854 81D04E78 4 Bytes [FF, 82, 74, 8A]
? System32\drivers\slqgbniv.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x88157000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x881A0000, 0x510, 0x40000040]

---- User code sections - GMER 1.0.15 ----

? C:\Windows\system32\services.exe[684] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Psychotic · 04.06.2012, 08:17

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

...und ganz wichtig:
Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).

Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.

Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Wittenberg · 04.06.2012, 10:03

Hallo Marius!

Erstmal vor ab vielen Dank, dass Du mir helfen willst.
Habe Combofix von Link1 runtergeladen, Avira ausgeschaltet (dachte ich zumindest) und dann Combofix.exe ausgeführt. Dann kam die Meldung Avira Desktop sei noch aktiv (antivirus, antispyware) - habe daraufhin Avira deinstalliert (ich hoffe, das war kein Fehler). Habe nach Neustart Combofix.exe nochmal ausgeführt, bekomme aber nicht die Combofix.exe.
Sorry, wenn ich Mist gebaut habe.

Psychotic · 04.06.2012, 10:04

Zitat:

ich hoffe, das war kein Fehler

Nein, das war kein Fehler!

Zitat:

Habe nach Neustart Combofix.exe nochmal ausgeführt, bekomme aber nicht die Combofix.exe.

WAS bekommst du nicht?
Bitte schildere dein Problem so gut es geht!

Wittenberg · 04.06.2012, 10:22

Hallo Marius,

ich kann die Datei "C:\Combofix.txt, die ich Dir posten soll, nirgends finden.

Psychotic · 04.06.2012, 10:26

lösche die vorhande Combofix.exe und lade dir eine neue herunter. Führe dann Combofix erneut gemäß Anleitung aus.

Wittenberg · 04.06.2012, 10:44

Danke! Habe Combofix.exe erneut runtergeladen und ausgeführt.

Während der Ausführung kommt die Meldung

Fehler beim Überschreiben der Datei:
"C:\32788R22FWJFW\License\iexplorer.exe"

Was soll ich tun:
Abbrechen? Wiederholen? Ignorieren?
Und was, falls weitere solche Meldungen kommen?

Psychotic · 04.06.2012, 10:58

Hast du combofix per Rechtsklick-->als Administrator ausführen gestartet?

Wittenberg · 04.06.2012, 11:00

Nein, ganz normal mit linker Maustaste

Psychotic · 04.06.2012, 11:01

Na, dann guck mal, was in meinem Eröffnungsposting als letzter Punkt vor der Combofix-Anweisung geschrieben steht und handle entsprechend!

Wittenberg · 04.06.2012, 11:23

Sorry, das hab ich glatt übersehen, tut mir wirklich leid.
Soll ich auf Abbrechen gehen Combofix dann nochmal als Administrator ausführen?

Psychotic · 04.06.2012, 11:51

Ganz genau!

Wittenberg · 04.06.2012, 11:57

Danke für die Rückantwort.
Habe Combofix jetzt als Administrator ausgeführt; hakt aber an derselben Stelle wieder (gleiche Fehlermeldung).

Psychotic · 04.06.2012, 12:54

Benenne Combofix.exe in uinstall.exe um (bzw combofix in uninstall, je nachdem, ob du die Dateiendungen angezeigt bekommst).

Führe die Datei uninstall aus - Combofix wird entfernt.

Starte dann die combofix-Anleitung ein weiteres Mal

Wittenberg · 04.06.2012, 19:49

Hallo Marius,
habe Combofix.exe in Uninstall.exe umbenannt und letzteres dann ausgeführt, anschl. Combofix von Link 1 neu gedownloaded u. auf dem Desktop gespeichert, dann das "neue" Combifix.exe als Administrator ausgeführt. Ist auch prima durchgelaufen, aber die gewünschte Combofix.txt ist nirgendwo zu finden.
Was soll ich tun? Danke für Deine Geduld.

04.06.2012, 10:26	#6
Psychotic /// Malwareteam	Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) lösche die vorhande Combofix.exe und lade dir eine neue herunter. Führe dann Combofix erneut gemäß Anleitung aus. __________________ --> Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)

04.06.2012, 10:58	#8
Psychotic /// Malwareteam	Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) Hast du combofix per Rechtsklick-->als Administrator ausführen gestartet? __________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

04.06.2012, 11:51	#12
Psychotic /// Malwareteam	Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012) Ganz genau! __________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)

Log-Analyse und Auswertung: Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 (03.06.2012)