Akm 50€ Trojaner Problem Desktop lässt sich nicht aufrufen

cosinus · 10.07.2012, 22:06

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Stezido · 11.07.2012, 13:39

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11.07.2012 14:25:48 - Run 2
OTL by OldTimer - Version 3.2.53.1     Folder = H:\Dokumente und Einstellungen\Stefan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,36 Gb Available Physical Memory | 67,95% Memory free
3,85 Gb Paging File | 3,27 Gb Available in Paging File | 84,94% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Programme
Drive H: | 465,75 Gb Total Space | 126,68 Gb Free Space | 27,20% Space Free | Partition Type: NTFS
Drive I: | 125,48 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: TU-EBBA3B93496A | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.11 14:11:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Stefan\Desktop\OTL.exe
PRC - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- H:\Programme\LogMeIn Hamachi\hamachi-2.exe
PRC - [2012.05.26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
PRC - [2012.05.08 15:26:20 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- H:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 15:26:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- H:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 15:26:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- H:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 15:26:20 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- H:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.11.27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- H:\Programme\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- H:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.05.25 20:53:50 | 002,155,848 | ---- | M] () -- H:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- H:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008.12.28 11:58:55 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- H:\WINDOWS\ALCFDRTM.EXE
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- H:\WINDOWS\explorer.exe
PRC - [2002.10.14 16:22:04 | 000,049,152 | ---- | M] (Lexmark International, Inc.) -- H:\Programme\Lexmark X74-X75\lxbbbmon.exe
PRC - [2002.10.14 16:12:34 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- H:\Programme\Lexmark X74-X75\lxbbbmgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.09 18:11:10 | 002,042,848 | ---- | M] () -- H:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.05.08 15:26:21 | 000,398,288 | ---- | M] () -- H:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.02.19 23:07:48 | 008,527,008 | ---- | M] () -- H:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2010.07.04 23:32:36 | 000,004,608 | ---- | M] () -- H:\Programme\Unlocker\UnlockerHook.dll
MOD - [2010.05.25 20:53:50 | 002,155,848 | ---- | M] () -- H:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe
MOD - [2010.03.31 23:30:12 | 000,473,704 | ---- | M] () -- H:\Programme\NVIDIA Corporation\nView\nvShell.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- H:\WINDOWS\system32\msdmo.dll
MOD - [2006.09.14 01:20:24 | 000,126,464 | ---- | M] () -- H:\Programme\WinRAR\RarExt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.10 19:51:16 | 004,419,392 | ---- | M] () [Auto | Running] -- h:\programme\gemeinsame dateien\akamai/netsession_win_4f7fccd.dll -- (Akamai)
SRV - [2012.07.09 18:11:10 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- H:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.27 12:29:22 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- H:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.05.08 15:26:20 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- H:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.08 15:26:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- H:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- H:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.12.14 19:01:00 | 004,041,064 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- H:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- H:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.05.25 20:53:50 | 002,155,848 | ---- | M] () [Auto | Running] -- H:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- H:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\Programme\Garena\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOKUME~1\Stefan\LOKALE~1\Temp\ALZ2FA2.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- H:\DOKUME~1\Stefan\LOKALE~1\Temp\AMDPCI.sys -- (AMDPCI)
DRV - [2012.05.21 18:34:39 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.05.08 15:26:21 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 15:26:21 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- H:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- H:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.03 19:26:55 | 000,170,080 | ---- | M] (Acronis) [Kernel | Boot | Running] -- H:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- H:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- H:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- H:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- H:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007.09.11 18:23:22 | 004,614,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.30 11:21:00 | 000,264,832 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2001.08.17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- H:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - H:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFB_de
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - prefs.js..network.proxy.no_proxies_on: "*.local,127.0.0.1:9421,"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: H:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: H:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: H:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: H:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: h:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: H:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: H:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: h:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: H:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: H:\Programme\Mozilla Firefox\components [2012.07.09 18:11:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: H:\Programme\Mozilla Firefox\plugins
 
[2012.02.19 22:28:29 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Extensions
[2010.07.03 14:48:02 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\extensions
[2010.07.03 14:48:02 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2012.05.22 19:43:05 | 000,000,000 | ---D | M] (No name found) -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\kazkypbg.default\extensions
[2012.05.22 19:38:21 | 000,000,000 | ---D | M] (No name found) -- H:\Programme\Mozilla Firefox\extensions
[2012.05.31 16:42:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- H:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.09 18:11:12 | 000,085,472 | ---- | M] (Mozilla Foundation) -- H:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:18:25 | 000,002,252 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:18:25 | 000,002,040 | ---- | M] () -- H:\Programme\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2001.08.23 14:00:00 | 000,000,820 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - H:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - H:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - H:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] H:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] H:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [amd_dc_opt] H:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] H:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] H:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BabylonToolbar] "H:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Lexmark X74-X75] H:\Programme\Lexmark X74-X75\lxbbbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] H:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] H:\Programme\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Smart File Advisor] H:\Programme\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [SunJavaUpdateSched] H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrayServer] H:\Programme\MAGIX\Video_deluxe_16_Plus_Sonderedition\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [UnlockerAssistant] H:\Programme\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-1482476501-1979792683-682003330-1003..\Run: [Akamai NetSession Interface] H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-1482476501-1979792683-682003330-1003..\Run: [DAEMON Tools Lite] H:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: H:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\pkg_0ll.exe.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O8 - Extra context menu item: Add to Google Photos Screensa&ver - H:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7AFADA4-2865-4BFA-8571-20D726B06874}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - H:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - H:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (H:\WINDOWS\system32\userinit.exe) - H:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O31 - SafeBoot: AlternateShell - H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Temp\pkg_0ll.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.11.22 09:47:02 | 000,000,056 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3a152141-a350-11e1-9379-003018a36b83}\Shell - "" = AutoRun
O33 - MountPoints2\{3a152141-a350-11e1-9379-003018a36b83}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a152141-a350-11e1-9379-003018a36b83}\Shell\AutoRun\command - "" = I:\PuertoRicoSetup.exe -- [2005.10.24 08:27:42 | 077,405,351 | R--- | M] ()
O33 - MountPoints2\{63f5be0e-e4ed-11de-8eb9-003018a36b83}\Shell - "" = AutoRun
O33 - MountPoints2\{63f5be0e-e4ed-11de-8eb9-003018a36b83}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{63f5be0e-e4ed-11de-8eb9-003018a36b83}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{fd3406a6-ecff-11dd-8db6-003018a36b83}\Shell - "" = AutoRun
O33 - MountPoints2\{fd3406a6-ecff-11dd-8db6-003018a36b83}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd3406a6-ecff-11dd-8db6-003018a36b83}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: Skype - hkey= - key= - H:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.)
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - H:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - H:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - H:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection H:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - H:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - h:\WINDOWS\system32\Rundll32.exe h:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - H:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - H:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - H:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "H:\WINDOWS\system32\rundll32.exe" "H:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - H:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - H:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - H:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - H:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - H:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - H:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - H:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - H:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - H:\WINDOWS\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - H:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - H:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - H:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - H:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.11 14:20:13 | 000,595,968 | ---- | C] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Stefan\Desktop\OTL.exe
[2012.07.11 13:10:45 | 000,000,000 | ---D | C] -- H:\WINDOWS\LastGood
[2012.07.09 17:57:58 | 000,000,000 | ---D | C] -- H:\Programme\LogMeIn Hamachi
[2012.07.09 17:57:58 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\LogMeIn Hamachi
[2012.07.09 14:02:04 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Malwarebytes
[2012.06.20 22:24:37 | 000,000,000 | ---D | C] -- H:\Programme\ESET
[2012.06.20 22:22:51 | 002,322,184 | ---- | C] (ESET) -- H:\Dokumente und Einstellungen\Stefan\Desktop\esetsmartinstaller_enu.exe
[2012.06.14 20:17:07 | 000,000,000 | -HSD | C] -- H:\WINDOWS\CSC
[2012.06.12 12:55:38 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.12 12:55:31 | 000,000,000 | ---D | C] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.12 12:55:30 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- H:\WINDOWS\System32\drivers\mbam.sys
[2012.06.12 12:55:30 | 000,000,000 | ---D | C] -- H:\Programme\Malwarebytes' Anti-Malware
[2012.06.11 23:38:19 | 000,000,000 | -HSD | C] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
[5 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.11 14:25:00 | 000,001,090 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.11 14:11:25 | 000,595,968 | ---- | M] (OldTimer Tools) -- H:\Dokumente und Einstellungen\Stefan\Desktop\OTL.exe
[2012.07.11 13:08:31 | 000,002,206 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2012.07.11 13:08:31 | 000,001,086 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.11 13:05:33 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2012.07.10 19:54:06 | 000,002,243 | ---- | M] () -- H:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.07.10 15:20:06 | 000,376,856 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.10 13:10:20 | 000,480,796 | ---- | M] () -- H:\WINDOWS\System32\perfh007.dat
[2012.07.10 13:10:20 | 000,459,490 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2012.07.10 13:10:20 | 000,093,770 | ---- | M] () -- H:\WINDOWS\System32\perfc007.dat
[2012.07.10 13:10:20 | 000,078,686 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2012.07.10 13:03:43 | 000,001,374 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[2012.07.10 12:58:47 | 000,618,655 | ---- | M] () -- H:\Dokumente und Einstellungen\Stefan\Desktop\adwcleaner.exe
[2012.07.09 20:43:39 | 000,000,813 | ---- | M] () -- H:\Dokumente und Einstellungen\Stefan\Desktop\Minecraft_Server (2).lnk
[2012.07.09 20:38:34 | 000,000,716 | ---- | M] () -- H:\Dokumente und Einstellungen\Stefan\Desktop\MinecraftSP (2).lnk
[2012.07.09 17:57:59 | 000,000,665 | ---- | M] () -- H:\Dokumente und Einstellungen\All Users\Desktop\LogMeIn Hamachi.lnk
[2012.06.21 19:41:02 | 000,000,664 | ---- | M] () -- H:\WINDOWS\System32\d3d9caps.dat
[2012.06.20 22:08:12 | 002,322,184 | ---- | M] (ESET) -- H:\Dokumente und Einstellungen\Stefan\Desktop\esetsmartinstaller_enu.exe
[2012.06.14 20:16:16 | 000,000,813 | ---- | M] () -- H:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\pkg_0ll.exe.lnk
[2012.06.12 12:55:38 | 000,000,756 | ---- | M] () -- H:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[6 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
[5 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.10 12:58:47 | 000,618,655 | ---- | C] () -- H:\Dokumente und Einstellungen\Stefan\Desktop\adwcleaner.exe
[2012.07.09 20:43:39 | 000,000,813 | ---- | C] () -- H:\Dokumente und Einstellungen\Stefan\Desktop\Minecraft_Server (2).lnk
[2012.07.09 20:38:34 | 000,000,716 | ---- | C] () -- H:\Dokumente und Einstellungen\Stefan\Desktop\MinecraftSP (2).lnk
[2012.06.14 20:19:42 | 000,000,664 | ---- | C] () -- H:\WINDOWS\System32\d3d9caps.dat
[2012.06.12 12:55:38 | 000,000,756 | ---- | C] () -- H:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.12 11:14:41 | 000,000,813 | ---- | C] () -- H:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\pkg_0ll.exe.lnk
[2012.05.23 13:05:18 | 000,011,867 | ---- | C] () -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\TheHunterSettings_live.bin
[2012.05.22 23:56:51 | 000,000,048 | ---- | C] () -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\TheHunterSettings_live.cfg
[2012.04.13 20:55:20 | 000,000,604 | -H-- | C] () -- H:\Programme\STLL Notifier
[2012.02.16 20:09:30 | 000,003,072 | ---- | C] () -- H:\WINDOWS\System32\iacenc.dll
[2012.02.02 14:36:31 | 000,051,186 | ---- | C] () -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\room_v3.dat
[2012.01.19 10:00:02 | 000,273,344 | ---- | C] () -- H:\WINDOWS\System32\nvdrsdb1.bin
[2012.01.19 10:00:02 | 000,273,344 | ---- | C] () -- H:\WINDOWS\System32\nvdrsdb0.bin
[2012.01.19 10:00:02 | 000,000,001 | ---- | C] () -- H:\WINDOWS\System32\nvdrssel.bin
[2012.01.19 09:59:31 | 002,128,778 | ---- | C] () -- H:\WINDOWS\System32\nvdata.data
[2012.01.02 22:49:49 | 000,000,218 | ---- | C] () -- H:\Dokumente und Einstellungen\Stefan\.recently-used.xbel
[2011.07.14 17:35:30 | 000,000,139 | ---- | C] () -- H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.06.19 23:09:21 | 000,000,046 | ---- | C] () -- H:\WINDOWS\mxcdr.INI
[2011.05.17 20:04:26 | 000,000,301 | ---- | C] () -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\rftg
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- H:\WINDOWS\System32\xlive.dll.cat
[2011.02.17 18:28:14 | 000,000,325 | ---- | C] () -- H:\WINDOWS\LEXSTAT.INI
[2011.02.17 18:21:59 | 000,000,184 | ---- | C] () -- H:\WINDOWS\System32\lxbbcoin.ini
[2010.11.25 00:14:16 | 000,000,000 | ---- | C] () -- H:\WINDOWS\b-mpeg-mp4-converter.INI
[2010.08.08 17:51:03 | 000,089,168 | -H-- | C] () -- H:\WINDOWS\System32\mlfcache.dat
[2010.07.15 19:15:34 | 000,027,648 | ---- | C] () -- H:\WINDOWS\System32\AVSredirect.dll
[2009.12.19 14:29:15 | 000,000,380 | ---- | C] () -- H:\Dokumente und Einstellungen\Stefan\SciTE.session
[2009.06.13 15:06:21 | 000,125,440 | ---- | C] () -- H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.13 11:36:06 | 035,950,872 | R--- | C] () -- H:\Programme\PhysX_8.10.13_SystemSoftware.exe
 
========== LOP Check ==========
 
[2010.11.03 19:28:06 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2010.09.28 17:56:49 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3
[2012.01.03 14:02:16 | 000,000,000 | -H-D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012.05.21 18:36:32 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.11.16 21:24:02 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Firefly Studios
[2012.05.22 19:19:56 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hunter
[2011.10.20 12:48:48 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011.05.07 16:34:34 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2012.06.11 23:39:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.11.03 19:32:15 | 000,000,000 | -HSD | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012.06.11 23:38:19 | 000,000,000 | -HSD | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.12.27 00:03:37 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.11.14 16:42:53 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012.07.09 18:05:11 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2011.12.17 15:18:23 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\.minecraft
[2010.07.20 21:26:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\AUTOSICH
[2009.02.17 20:51:36 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\BitCometLite
[2012.05.05 20:32:28 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Code Force Limited
[2012.05.21 18:36:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\DAEMON Tools Lite
[2012.01.07 14:41:28 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\DVDVideoSoft
[2011.03.27 23:25:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.11.12 16:46:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Firefly Studios
[2012.02.11 00:15:18 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\GetRightToGo
[2010.09.30 20:28:01 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\GHISLER
[2012.05.16 18:50:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\gtk-2.0
[2010.05.12 16:20:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\LolClient
[2010.04.23 16:14:35 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2012.05.24 13:41:24 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\LolClient2
[2011.10.20 13:31:55 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\MAGIX
[2011.05.07 16:34:34 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\NCH Swift Sound
[2012.02.19 22:43:11 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Opera
[2010.01.28 23:55:57 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Playrix Entertainment
[2008.12.28 11:49:04 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\TMP
[2012.06.05 21:55:30 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\TS3Client
[2012.06.11 23:39:32 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\TuneUp Software
[2011.10.01 11:53:07 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Unity
[2008.12.31 13:17:38 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\uTorrent
[2011.05.18 21:54:01 | 000,000,276 | ---- | M] () -- H:\WINDOWS\Tasks\wavepadShakeIcon.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2010.02.05 18:46:31 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.17 15:18:23 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\.minecraft
[2012.04.24 11:51:20 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Adobe
[2010.08.09 00:30:37 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Apple Computer
[2010.07.20 21:26:41 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\AUTOSICH
[2011.10.17 10:09:02 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Avira
[2011.04.02 11:46:47 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\AVS4YOU
[2009.02.17 20:51:36 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\BitCometLite
[2012.05.05 20:32:28 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Code Force Limited
[2012.05.21 18:36:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\DAEMON Tools Lite
[2010.01.30 12:57:06 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\DivX
[2012.01.07 14:41:28 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\DVDVideoSoft
[2011.03.27 23:25:33 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.11.12 16:46:15 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Firefly Studios
[2012.02.11 00:15:18 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\GetRightToGo
[2010.09.30 20:28:01 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\GHISLER
[2009.10.13 18:42:16 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Google
[2012.05.16 18:50:13 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\gtk-2.0
[2009.03.26 18:45:00 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Help
[2008.12.24 20:45:23 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Identities
[2009.12.29 21:43:06 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\InstallShield
[2010.05.12 16:20:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\LolClient
[2010.04.23 16:14:35 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2012.05.24 13:41:24 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\LolClient2
[2008.12.31 12:41:27 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Macromedia
[2011.10.20 13:31:55 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\MAGIX
[2012.07.09 14:02:04 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Malwarebytes
[2011.07.14 17:35:08 | 000,000,000 | --SD | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Microsoft
[2009.04.04 18:17:57 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Microsoft Games
[2012.02.19 22:28:29 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla
[2011.05.07 16:34:34 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\NCH Swift Sound
[2012.01.28 23:10:52 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\NVIDIA
[2012.02.19 22:43:11 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Opera
[2010.01.28 23:55:57 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Playrix Entertainment
[2012.04.13 20:55:24 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sibelius Software
[2012.07.10 21:28:35 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Skype
[2012.01.05 12:29:22 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\skypePM
[2012.03.22 19:23:40 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sony Corporation
[2011.05.25 15:15:03 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun
[2008.12.28 11:49:04 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\TMP
[2012.06.05 21:55:30 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\TS3Client
[2012.06.11 23:39:32 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\TuneUp Software
[2011.12.19 01:00:58 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\U3
[2011.10.01 11:53:07 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Unity
[2008.12.31 13:17:38 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\uTorrent
[2011.10.16 16:36:51 | 000,000,000 | ---D | M] -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\vlc
 
< %APPDATA%\*.exe /s >
[2010.04.23 14:54:29 | 000,038,208 | ---- | M] () -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.06.18 10:59:17 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2011.07.14 23:18:27 | 000,002,238 | R--- | M] () -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Microsoft\Installer\{F8CC09A4-CD72-4634-A55D-70F95AE23E5B}\_18be6784.exe
[2011.07.14 23:18:27 | 000,002,238 | R--- | M] () -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Microsoft\Installer\{F8CC09A4-CD72-4634-A55D-70F95AE23E5B}\_294823.exe
[2007.08.02 10:21:00 | 015,953,276 | ---- | M] (Marvell                                                     ) -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\TMP\SetupYukonWin_5X6N.exe
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.12.24 23:50:30 | 112,284,744 | ---- | M] (NVIDIA Corporation                                          ) -- H:\180.48_geforce_winxp_32bit_international_whql.exe
[2010.03.27 12:46:01 | 042,341,360 | ---- | M] () -- H:\avira_antivir_personal_de.exe
[2010.01.28 19:11:25 | 027,066,664 | ---- | M] (Microsoft Corporation) -- H:\PowerPointViewer.exe
 
< MD5 for: AGP440.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.12.28 14:28:25 | 023,898,261 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.12.28 14:28:25 | 023,898,261 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- H:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 02:10:00 | 018,782,319 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.12.28 14:28:25 | 023,898,261 | ---- | M] () .cab file -- H:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.12.28 14:28:25 | 023,898,261 | ---- | M] () .cab file -- H:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\system32\drivers\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- H:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- H:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- H:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- H:\WINDOWS\system32\eventlog.dll
[2004.08.04 01:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- H:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- H:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- H:\WINDOWS\system32\netlogon.dll
[2004.08.04 01:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- H:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- H:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- H:\WINDOWS\system32\scecli.dll
[2004.08.04 01:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- H:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 01:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- H:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- H:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- H:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- H:\WINDOWS\system32\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- H:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- H:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- H:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- H:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- H:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- H:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.12.24 19:41:57 | 000,094,208 | ---- | M] () -- H:\WINDOWS\System32\config\default.sav
[2008.12.24 19:41:57 | 000,663,552 | ---- | M] () -- H:\WINDOWS\System32\config\software.sav
[2008.12.24 19:41:57 | 000,450,560 | ---- | M] () -- H:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[5 H:\WINDOWS\system32\*.tmp files -> H:\WINDOWS\system32\*.tmp -> ]

< End of report >

--- --- ---

cosinus · 11.07.2012, 14:34

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
IE - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - H:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
FF - prefs.js..browser.startup.homepage: "www.google.at"
FF - prefs.js..network.proxy.no_proxies_on: "*.local,127.0.0.1:9421,"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
[2010.07.03 14:48:02 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - H:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - H:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - H:\Programme\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [BabylonToolbar] "H:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I File not found
O4 - Startup: H:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\pkg_0ll.exe.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1979792683-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  = 
O31 - SafeBoot: AlternateShell - H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Temp\pkg_0ll.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.11.22 09:47:02 | 000,000,056 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3a152141-a350-11e1-9379-003018a36b83}\Shell - "" = AutoRun
O33 - MountPoints2\{3a152141-a350-11e1-9379-003018a36b83}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3a152141-a350-11e1-9379-003018a36b83}\Shell\AutoRun\command - "" = I:\PuertoRicoSetup.exe -- [2005.10.24 08:27:42 | 077,405,351 | R--- | M] ()
O33 - MountPoints2\{63f5be0e-e4ed-11de-8eb9-003018a36b83}\Shell - "" = AutoRun
O33 - MountPoints2\{63f5be0e-e4ed-11de-8eb9-003018a36b83}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{63f5be0e-e4ed-11de-8eb9-003018a36b83}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{fd3406a6-ecff-11dd-8db6-003018a36b83}\Shell - "" = AutoRun
O33 - MountPoints2\{fd3406a6-ecff-11dd-8db6-003018a36b83}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd3406a6-ecff-11dd-8db6-003018a36b83}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
:Files
H:\Programme\SFT_de3
H:\Programme\BabylonToolbar
H:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\pkg_0ll.exe.lnk
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\rftg
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache
H:\AeriaGames\installer_macdrive_8_0_6_52_Deutsch.exe
H:\AeriaGames\SoftonicDownloader*
H:\AeriaGames\PSX\SoftonicDownloader*
H:\AeriaGames\PSX2\bios\SoftonicDownloader*
H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Temp\pkg_0ll.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Stezido · 11.07.2012, 15:23

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-1482476501-1979792683-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1482476501-1979792683-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ deleted successfully.
H:\Programme\SFT_de3\prxtbSFT0.dll moved successfully.
Prefs.js: "www.google.at" removed from browser.startup.homepage
Prefs.js: "*.local,127.0.0.1:9421," removed from network.proxy.no_proxies_on
Prefs.js: 0 removed from network.proxy.type
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff88a983-649d-4207-9336-9b999280b436}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found.
File H:\Programme\SFT_de3\prxtbSFT0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ff88a983-649d-4207-9336-9b999280b436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff88a983-649d-4207-9336-9b999280b436}\ not found.
File H:\Programme\SFT_de3\prxtbSFT0.dll not found.
Registry value HKEY_USERS\S-1-5-21-1482476501-1979792683-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FF88A983-649D-4207-9336-9B999280B436} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF88A983-649D-4207-9336-9B999280B436}\ not found.
File H:\Programme\SFT_de3\prxtbSFT0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BabylonToolbar deleted successfully.
H:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\pkg_0ll.exe.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewContextMenu deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1482476501-1979792683-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1482476501-1979792683-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. I:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a152141-a350-11e1-9379-003018a36b83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a152141-a350-11e1-9379-003018a36b83}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a152141-a350-11e1-9379-003018a36b83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a152141-a350-11e1-9379-003018a36b83}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a152141-a350-11e1-9379-003018a36b83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a152141-a350-11e1-9379-003018a36b83}\ not found.
File move failed. I:\PuertoRicoSetup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63f5be0e-e4ed-11de-8eb9-003018a36b83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63f5be0e-e4ed-11de-8eb9-003018a36b83}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63f5be0e-e4ed-11de-8eb9-003018a36b83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63f5be0e-e4ed-11de-8eb9-003018a36b83}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{63f5be0e-e4ed-11de-8eb9-003018a36b83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{63f5be0e-e4ed-11de-8eb9-003018a36b83}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd3406a6-ecff-11dd-8db6-003018a36b83}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd3406a6-ecff-11dd-8db6-003018a36b83}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd3406a6-ecff-11dd-8db6-003018a36b83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd3406a6-ecff-11dd-8db6-003018a36b83}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd3406a6-ecff-11dd-8db6-003018a36b83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd3406a6-ecff-11dd-8db6-003018a36b83}\ not found.
File I:\LaunchU3.exe -a not found.
========== FILES ==========
H:\Programme\SFT_de3 folder moved successfully.
File\Folder H:\Programme\BabylonToolbar not found.
File\Folder H:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\pkg_0ll.exe.lnk not found.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\rftg moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache\6.0 folder moved successfully.
H:\Dokumente und Einstellungen\Stefan\Anwendungsdaten\Sun\Java\Deployment\cache folder moved successfully.
H:\AeriaGames\installer_macdrive_8_0_6_52_Deutsch.exe moved successfully.
File\Folder H:\AeriaGames\SoftonicDownloader* not found.
File\Folder H:\AeriaGames\PSX\SoftonicDownloader* not found.
File\Folder H:\AeriaGames\PSX2\bios\SoftonicDownloader* not found.
File\Folder H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Temp\pkg_0ll.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 5908019 bytes
->Flash cache emptied: 41044 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 3213648 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3274587 bytes
 
User: Stefan
->Temp folder emptied: 115696513 bytes
->Temporary Internet Files folder emptied: 446198827 bytes
->FireFox cache emptied: 61903038 bytes
->Opera cache emptied: 18061571 bytes
->Flash cache emptied: 3179592 bytes
 
User: UpdatusUser
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 2836 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2224445 bytes
%systemroot%\System32 .tmp files removed: 4525568 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2557845 bytes
RecycleBin emptied: 3855928672 bytes
 
Total Files Cleaned = 4.313,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: LocalService
 
User: NetworkService
 
User: Stefan
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
H:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07112012_161629

Files\Folders moved on Reboot...
File\Folder I:\autorun.inf not found!
File\Folder I:\PuertoRicoSetup.exe not found!
File\Folder H:\WINDOWS\temp\Perflib_Perfdata_518.dat not found!

PendingFileRenameOperations files...
File I:\autorun.inf not found!
File I:\PuertoRicoSetup.exe not found!
File H:\WINDOWS\temp\Perflib_Perfdata_518.dat not found!

Registry entries deleted on Reboot...

cosinus · 11.07.2012, 21:37

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Stezido · 12.07.2012, 18:46

Code:

ATTFilter

19:44:34.0218 2360	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
19:44:34.0296 2360	============================================================
19:44:34.0296 2360	Current date / time: 2012/07/12 19:44:34.0296
19:44:34.0296 2360	SystemInfo:
19:44:34.0296 2360	
19:44:34.0296 2360	OS Version: 5.1.2600 ServicePack: 3.0
19:44:34.0296 2360	Product type: Workstation
19:44:34.0296 2360	ComputerName: TU-EBBA3B93496A
19:44:34.0296 2360	UserName: Stefan
19:44:34.0296 2360	Windows directory: H:\WINDOWS
19:44:34.0296 2360	System windows directory: H:\WINDOWS
19:44:34.0296 2360	Processor architecture: Intel x86
19:44:34.0296 2360	Number of processors: 2
19:44:34.0296 2360	Page size: 0x1000
19:44:34.0296 2360	Boot type: Normal boot
19:44:34.0296 2360	============================================================
19:44:36.0156 2360	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:44:36.0171 2360	============================================================
19:44:36.0171 2360	\Device\Harddisk0\DR0:
19:44:36.0171 2360	MBR partitions:
19:44:36.0171 2360	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
19:44:36.0171 2360	============================================================
19:44:36.0234 2360	H: <-> \Device\Harddisk0\DR0\Partition0
19:44:36.0234 2360	============================================================
19:44:36.0234 2360	Initialize success
19:44:36.0234 2360	============================================================
19:45:27.0468 0268	============================================================
19:45:27.0468 0268	Scan started
19:45:27.0468 0268	Mode: Manual; SigCheck; TDLFS; 
19:45:27.0468 0268	============================================================
19:45:27.0687 0268	Abiosdsk - ok
19:45:27.0687 0268	abp480n5 - ok
19:45:27.0734 0268	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) H:\WINDOWS\system32\DRIVERS\ACPI.sys
19:45:29.0468 0268	ACPI - ok
19:45:29.0515 0268	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) H:\WINDOWS\system32\drivers\ACPIEC.sys
19:45:29.0609 0268	ACPIEC - ok
19:45:29.0609 0268	adpu160m - ok
19:45:29.0656 0268	aec             (8bed39e3c35d6a489438b8141717a557) H:\WINDOWS\system32\drivers\aec.sys
19:45:29.0750 0268	aec - ok
19:45:29.0796 0268	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) H:\WINDOWS\System32\drivers\afd.sys
19:45:29.0859 0268	AFD - ok
19:45:29.0859 0268	Aha154x - ok
19:45:29.0875 0268	aic78u2 - ok
19:45:29.0875 0268	aic78xx - ok
19:45:30.0109 0268	Akamai          (29584f02a43e427c4227e3b1d9ff1b22) h:\programme\gemeinsame dateien\akamai/netsession_win_4f7fccd.dll
19:45:30.0109 0268	Suspicious file (Hidden): h:\programme\gemeinsame dateien\akamai/netsession_win_4f7fccd.dll. md5: 29584f02a43e427c4227e3b1d9ff1b22
19:45:30.0109 0268	Akamai ( HiddenFile.Multi.Generic ) - warning
19:45:30.0109 0268	Akamai - detected HiddenFile.Multi.Generic (1)
19:45:30.0187 0268	Alerter         (738d80cc01d7bc7584be917b7f544394) H:\WINDOWS\system32\alrsvc.dll
19:45:30.0296 0268	Alerter - ok
19:45:30.0312 0268	ALG             (190cd73d4984f94d823f9444980513e5) H:\WINDOWS\System32\alg.exe
19:45:30.0359 0268	ALG - ok
19:45:30.0359 0268	AliIde - ok
19:45:30.0375 0268	AmdLLD          (ad8fa28d8ed0d0a689a0559085ce0f18) H:\WINDOWS\system32\DRIVERS\AmdLLD.sys
19:45:30.0406 0268	AmdLLD - ok
19:45:30.0500 0268	AMDPCI - ok
19:45:30.0515 0268	amsint - ok
19:45:30.0562 0268	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) H:\Programme\Avira\AntiVir Desktop\sched.exe
19:45:30.0562 0268	AntiVirSchedulerService - ok
19:45:30.0578 0268	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) H:\Programme\Avira\AntiVir Desktop\avguard.exe
19:45:30.0593 0268	AntiVirService - ok
19:45:30.0625 0268	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:45:30.0640 0268	Apple Mobile Device - ok
19:45:30.0671 0268	AppMgmt         (d45960be52c3c610d361977057f98c54) H:\WINDOWS\System32\appmgmts.dll
19:45:30.0703 0268	AppMgmt - ok
19:45:30.0718 0268	asc - ok
19:45:30.0718 0268	asc3350p - ok
19:45:30.0718 0268	asc3550 - ok
19:45:30.0859 0268	aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:45:30.0875 0268	aspnet_state - ok
19:45:30.0906 0268	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) H:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:45:31.0031 0268	AsyncMac - ok
19:45:31.0046 0268	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) H:\WINDOWS\system32\DRIVERS\atapi.sys
19:45:31.0156 0268	atapi - ok
19:45:31.0156 0268	Atdisk - ok
19:45:31.0171 0268	Atmarpc         (9916c1225104ba14794209cfa8012159) H:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:45:31.0281 0268	Atmarpc - ok
19:45:31.0296 0268	AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) H:\WINDOWS\System32\audiosrv.dll
19:45:31.0390 0268	AudioSrv - ok
19:45:31.0437 0268	audstub         (d9f724aa26c010a217c97606b160ed68) H:\WINDOWS\system32\DRIVERS\audstub.sys
19:45:31.0515 0268	audstub - ok
19:45:31.0531 0268	avgntflt        (d5541f0afb767e85fc412fc609d96a74) H:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:45:31.0546 0268	avgntflt - ok
19:45:31.0562 0268	avipbb          (7d967a682d4694df7fa57d63a2db01fe) H:\WINDOWS\system32\DRIVERS\avipbb.sys
19:45:31.0578 0268	avipbb - ok
19:45:31.0593 0268	avkmgr          (271cfd1a989209b1964e24d969552bf7) H:\WINDOWS\system32\DRIVERS\avkmgr.sys
19:45:31.0593 0268	avkmgr - ok
19:45:31.0640 0268	Beep            (da1f27d85e0d1525f6621372e7b685e9) H:\WINDOWS\system32\drivers\Beep.sys
19:45:31.0734 0268	Beep - ok
19:45:31.0765 0268	BITS            (d6f603772a789bb3228f310d650b8bd1) H:\WINDOWS\system32\qmgr.dll
19:45:31.0968 0268	BITS - ok
19:45:32.0015 0268	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) H:\Programme\Bonjour\mDNSResponder.exe
19:45:32.0046 0268	Bonjour Service - ok
19:45:32.0078 0268	Browser         (b42057f06bbb98b31876c0b3f2b54e33) H:\WINDOWS\System32\browser.dll
19:45:32.0171 0268	Browser - ok
19:45:32.0187 0268	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) H:\WINDOWS\system32\drivers\cbidf2k.sys
19:45:32.0281 0268	cbidf2k - ok
19:45:32.0281 0268	cd20xrnt - ok
19:45:32.0296 0268	Cdaudio         (c1b486a7658353d33a10cc15211a873b) H:\WINDOWS\system32\drivers\Cdaudio.sys
19:45:32.0406 0268	Cdaudio - ok
19:45:32.0437 0268	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) H:\WINDOWS\system32\drivers\Cdfs.sys
19:45:32.0531 0268	Cdfs - ok
19:45:32.0546 0268	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) H:\WINDOWS\system32\DRIVERS\cdrom.sys
19:45:32.0656 0268	Cdrom - ok
19:45:32.0656 0268	Changer - ok
19:45:32.0671 0268	CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) H:\WINDOWS\system32\cisvc.exe
19:45:32.0781 0268	CiSvc - ok
19:45:32.0796 0268	ClipSrv         (778a30ed3c134eb7e406afc407e9997d) H:\WINDOWS\system32\clipsrv.exe
19:45:32.0906 0268	ClipSrv - ok
19:45:33.0000 0268	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:45:33.0015 0268	clr_optimization_v2.0.50727_32 - ok
19:45:33.0015 0268	CmdIde - ok
19:45:33.0015 0268	COMSysApp - ok
19:45:33.0031 0268	Cpqarray - ok
19:45:33.0078 0268	CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) H:\WINDOWS\System32\cryptsvc.dll
19:45:33.0171 0268	CryptSvc - ok
19:45:33.0171 0268	dac2w2k - ok
19:45:33.0187 0268	dac960nt - ok
19:45:33.0234 0268	DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) H:\WINDOWS\system32\rpcss.dll
19:45:33.0265 0268	DcomLaunch - ok
19:45:33.0296 0268	Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) H:\WINDOWS\System32\dhcpcsvc.dll
19:45:33.0390 0268	Dhcp - ok
19:45:33.0406 0268	Disk            (044452051f3e02e7963599fc8f4f3e25) H:\WINDOWS\system32\DRIVERS\disk.sys
19:45:33.0531 0268	Disk - ok
19:45:33.0531 0268	dmadmin - ok
19:45:33.0562 0268	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) H:\WINDOWS\system32\drivers\dmboot.sys
19:45:33.0718 0268	dmboot - ok
19:45:33.0750 0268	dmio            (53720ab12b48719d00e327da470a619a) H:\WINDOWS\system32\drivers\dmio.sys
19:45:33.0890 0268	dmio - ok
19:45:33.0906 0268	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) H:\WINDOWS\system32\drivers\dmload.sys
19:45:34.0015 0268	dmload - ok
19:45:34.0031 0268	dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) H:\WINDOWS\System32\dmserver.dll
19:45:34.0156 0268	dmserver - ok
19:45:34.0156 0268	DMusic          (8a208dfcf89792a484e76c40e5f50b45) H:\WINDOWS\system32\drivers\DMusic.sys
19:45:34.0265 0268	DMusic - ok
19:45:34.0312 0268	Dnscache        (407f3227ac618fd1ca54b335b083de07) H:\WINDOWS\System32\dnsrslvr.dll
19:45:34.0375 0268	Dnscache - ok
19:45:34.0421 0268	Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) H:\WINDOWS\System32\dot3svc.dll
19:45:34.0500 0268	Dot3svc - ok
19:45:34.0515 0268	dpti2o - ok
19:45:34.0531 0268	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) H:\WINDOWS\system32\drivers\drmkaud.sys
19:45:34.0640 0268	drmkaud - ok
19:45:34.0687 0268	dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) H:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
19:45:34.0703 0268	dtsoftbus01 - ok
19:45:34.0703 0268	EagleXNt - ok
19:45:34.0718 0268	EapHost         (4e4f2fddab0a0736d7671134dcce91fb) H:\WINDOWS\System32\eapsvc.dll
19:45:34.0828 0268	EapHost - ok
19:45:34.0843 0268	ERSvc           (877c18558d70587aa7823a1a308ac96b) H:\WINDOWS\System32\ersvc.dll
19:45:34.0937 0268	ERSvc - ok
19:45:34.0984 0268	Eventlog        (a3edbe9053889fb24ab22492472b39dc) H:\WINDOWS\system32\services.exe
19:45:35.0000 0268	Eventlog - ok
19:45:35.0046 0268	EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) H:\WINDOWS\system32\es.dll
19:45:35.0109 0268	EventSystem - ok
19:45:35.0187 0268	Fabs - ok
19:45:35.0218 0268	Fastfat         (38d332a6d56af32635675f132548343e) H:\WINDOWS\system32\drivers\Fastfat.sys
19:45:35.0312 0268	Fastfat - ok
19:45:35.0343 0268	FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) H:\WINDOWS\System32\shsvcs.dll
19:45:35.0406 0268	FastUserSwitchingCompatibility - ok
19:45:35.0437 0268	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) H:\WINDOWS\system32\DRIVERS\fdc.sys
19:45:35.0531 0268	Fdc - ok
19:45:35.0531 0268	Fips            (b0678a548587c5f1967b0d70bacad6c1) H:\WINDOWS\system32\drivers\Fips.sys
19:45:35.0656 0268	Fips - ok
19:45:35.0890 0268	FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) H:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
19:45:36.0093 0268	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
19:45:36.0093 0268	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
19:45:36.0187 0268	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) H:\WINDOWS\system32\drivers\Flpydisk.sys
19:45:36.0281 0268	Flpydisk - ok
19:45:36.0296 0268	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) H:\WINDOWS\system32\drivers\fltmgr.sys
19:45:36.0406 0268	FltMgr - ok
19:45:36.0531 0268	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:45:36.0531 0268	FontCache3.0.0.0 - ok
19:45:36.0578 0268	fssfltr         (c6ee3a87fe609d3e1db9dbd072a248de) H:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:45:36.0578 0268	fssfltr - ok
19:45:36.0687 0268	fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) H:\Programme\Windows Live\Family Safety\fsssvc.exe
19:45:36.0718 0268	fsssvc - ok
19:45:36.0734 0268	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) H:\WINDOWS\system32\drivers\Fs_Rec.sys
19:45:36.0843 0268	Fs_Rec - ok
19:45:36.0859 0268	Ftdisk          (8f1955ce42e1484714b542f341647778) H:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:45:36.0968 0268	Ftdisk - ok
19:45:37.0062 0268	GarenaPEngine - ok
19:45:37.0093 0268	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) H:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:45:37.0125 0268	GEARAspiWDM - ok
19:45:37.0125 0268	GGSAFERDriver - ok
19:45:37.0156 0268	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) H:\WINDOWS\system32\DRIVERS\msgpc.sys
19:45:37.0265 0268	Gpc - ok
19:45:37.0359 0268	gupdate         (f02a533f517eb38333cb12a9e8963773) H:\Programme\Google\Update\GoogleUpdate.exe
19:45:37.0359 0268	gupdate - ok
19:45:37.0375 0268	gupdatem        (f02a533f517eb38333cb12a9e8963773) H:\Programme\Google\Update\GoogleUpdate.exe
19:45:37.0375 0268	gupdatem - ok
19:45:37.0421 0268	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) H:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
19:45:37.0437 0268	gusvc - ok
19:45:37.0468 0268	hamachi         (833051c6c6c42117191935f734cfbd97) H:\WINDOWS\system32\DRIVERS\hamachi.sys
19:45:37.0468 0268	hamachi - ok
19:45:37.0546 0268	Hamachi2Svc     (f31d7f8a7699575dbb3b3a3ab4aa6216) H:\Programme\LogMeIn Hamachi\hamachi-2.exe
19:45:37.0593 0268	Hamachi2Svc - ok
19:45:37.0687 0268	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) H:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:45:37.0781 0268	HDAudBus - ok
19:45:37.0843 0268	helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) H:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:45:37.0953 0268	helpsvc - ok
19:45:37.0968 0268	HidServ         (b35da85e60c0103f2e4104532da2f12b) H:\WINDOWS\System32\hidserv.dll
19:45:38.0062 0268	HidServ - ok
19:45:38.0093 0268	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) H:\WINDOWS\system32\DRIVERS\hidusb.sys
19:45:38.0187 0268	HidUsb - ok
19:45:38.0218 0268	hkmsvc          (ed29f14101523a6e0e808107405d452c) H:\WINDOWS\System32\kmsvc.dll
19:45:38.0328 0268	hkmsvc - ok
19:45:38.0328 0268	hpn - ok
19:45:38.0375 0268	HTTP            (f80a415ef82cd06ffaf0d971528ead38) H:\WINDOWS\system32\Drivers\HTTP.sys
19:45:38.0421 0268	HTTP - ok
19:45:38.0437 0268	HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) H:\WINDOWS\System32\w3ssl.dll
19:45:38.0515 0268	HTTPFilter - ok
19:45:38.0531 0268	i2omgmt - ok
19:45:38.0531 0268	i2omp - ok
19:45:38.0531 0268	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) H:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:45:38.0625 0268	i8042prt - ok
19:45:38.0718 0268	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) H:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
19:45:38.0734 0268	IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:45:38.0734 0268	IDriverT - detected UnsignedFile.Multi.Generic (1)
19:45:38.0921 0268	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:45:39.0000 0268	idsvc - ok
19:45:39.0031 0268	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) H:\WINDOWS\system32\DRIVERS\imapi.sys
19:45:39.0125 0268	Imapi - ok
19:45:39.0140 0268	ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) H:\WINDOWS\system32\imapi.exe
19:45:39.0218 0268	ImapiService - ok
19:45:39.0234 0268	ini910u - ok
19:45:39.0406 0268	IntcAzAudAddService (274ff777c369cc8f05a4b4f9a243335b) H:\WINDOWS\system32\drivers\RtkHDAud.sys
19:45:39.0546 0268	IntcAzAudAddService - ok
19:45:39.0609 0268	IntelIde - ok
19:45:39.0609 0268	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) H:\WINDOWS\system32\drivers\ip6fw.sys
19:45:39.0703 0268	Ip6Fw - ok
19:45:39.0734 0268	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) H:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:45:39.0828 0268	IpFilterDriver - ok
19:45:39.0828 0268	IpInIp          (b87ab476dcf76e72010632b5550955f5) H:\WINDOWS\system32\DRIVERS\ipinip.sys
19:45:39.0953 0268	IpInIp - ok
19:45:39.0968 0268	IpNat           (cc748ea12c6effde940ee98098bf96bb) H:\WINDOWS\system32\DRIVERS\ipnat.sys
19:45:40.0062 0268	IpNat - ok
19:45:40.0125 0268	iPod Service    (49918803b661367023bf325cf602afdc) H:\Programme\iPod\bin\iPodService.exe
19:45:40.0171 0268	iPod Service - ok
19:45:40.0218 0268	IPSec           (23c74d75e36e7158768dd63d92789a91) H:\WINDOWS\system32\DRIVERS\ipsec.sys
19:45:40.0328 0268	IPSec - ok
19:45:40.0343 0268	irda            (aca5e7b54409f9cb5eed97ed0c81120e) H:\WINDOWS\system32\DRIVERS\irda.sys
19:45:40.0390 0268	irda - ok
19:45:40.0390 0268	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) H:\WINDOWS\system32\DRIVERS\irenum.sys
19:45:40.0437 0268	IRENUM - ok
19:45:40.0453 0268	Irmon           (2efe1db1ec58a26b0c14bfda122e246f) H:\WINDOWS\System32\irmon.dll
19:45:40.0500 0268	Irmon - ok
19:45:40.0515 0268	irsir           (0501f0b9ab08425f8c0eacbdcc04aa32) H:\WINDOWS\system32\DRIVERS\irsir.sys
19:45:40.0546 0268	irsir - ok
19:45:40.0578 0268	isapnp          (6dfb88f64135c525433e87648bda30de) H:\WINDOWS\system32\DRIVERS\isapnp.sys
19:45:40.0671 0268	isapnp - ok
19:45:40.0765 0268	JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) H:\Programme\Java\jre6\bin\jqs.exe
19:45:40.0765 0268	JavaQuickStarterService - ok
19:45:40.0781 0268	Kbdclass        (1704d8c4c8807b889e43c649b478a452) H:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:45:40.0875 0268	Kbdclass - ok
19:45:40.0906 0268	kmixer          (692bcf44383d056aed41b045a323d378) H:\WINDOWS\system32\drivers\kmixer.sys
19:45:40.0984 0268	kmixer - ok
19:45:41.0015 0268	KSecDD          (b467646c54cc746128904e1654c750c1) H:\WINDOWS\system32\drivers\KSecDD.sys
19:45:41.0093 0268	KSecDD - ok
19:45:41.0140 0268	lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) H:\WINDOWS\System32\srvsvc.dll
19:45:41.0187 0268	lanmanserver - ok
19:45:41.0218 0268	lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) H:\WINDOWS\System32\wkssvc.dll
19:45:41.0250 0268	lanmanworkstation - ok
19:45:41.0250 0268	lbrtfdc - ok
19:45:41.0296 0268	LexBceS         (32362d0c789458eea21ecc1b3534a901) H:\WINDOWS\system32\LEXBCES.EXE
19:45:41.0328 0268	LexBceS - ok
19:45:41.0343 0268	LmHosts         (636714b7d43c8d0c80449123fd266920) H:\WINDOWS\System32\lmhsvc.dll
19:45:41.0453 0268	LmHosts - ok
19:45:41.0468 0268	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) H:\WINDOWS\system32\drivers\mbam.sys
19:45:41.0484 0268	MBAMProtector - ok
19:45:41.0515 0268	MBAMService     (ba400ed640bca1eae5c727ae17c10207) H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
19:45:41.0546 0268	MBAMService - ok
19:45:41.0578 0268	Messenger       (b7550a7107281d170ce85524b1488c98) H:\WINDOWS\System32\msgsvc.dll
19:45:41.0656 0268	Messenger - ok
19:45:41.0828 0268	Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) H:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
19:45:41.0828 0268	Microsoft Office Groove Audit Service - ok
19:45:41.0875 0268	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) H:\WINDOWS\system32\drivers\mnmdd.sys
19:45:41.0953 0268	mnmdd - ok
19:45:41.0984 0268	mnmsrvc         (c2f1d365fd96791b037ee504868065d3) H:\WINDOWS\system32\mnmsrvc.exe
19:45:42.0093 0268	mnmsrvc - ok
19:45:42.0109 0268	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) H:\WINDOWS\system32\drivers\Modem.sys
19:45:42.0187 0268	Modem - ok
19:45:42.0187 0268	Mouclass        (b24ce8005deab254c0251e15cb71d802) H:\WINDOWS\system32\DRIVERS\mouclass.sys
19:45:42.0265 0268	Mouclass - ok
19:45:42.0296 0268	mouhid          (66a6f73c74e1791464160a7065ce711a) H:\WINDOWS\system32\DRIVERS\mouhid.sys
19:45:42.0390 0268	mouhid - ok
19:45:42.0406 0268	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) H:\WINDOWS\system32\drivers\MountMgr.sys
19:45:42.0484 0268	MountMgr - ok
19:45:42.0531 0268	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) H:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
19:45:42.0546 0268	MozillaMaintenance - ok
19:45:42.0546 0268	mraid35x - ok
19:45:42.0562 0268	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) H:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:45:42.0656 0268	MRxDAV - ok
19:45:42.0718 0268	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:45:42.0781 0268	MRxSmb - ok
19:45:42.0796 0268	MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) H:\WINDOWS\system32\msdtc.exe
19:45:42.0921 0268	MSDTC - ok
19:45:42.0921 0268	Msfs            (c941ea2454ba8350021d774daf0f1027) H:\WINDOWS\system32\drivers\Msfs.sys
19:45:43.0015 0268	Msfs - ok
19:45:43.0015 0268	MSIServer - ok
19:45:43.0031 0268	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) H:\WINDOWS\system32\drivers\MSKSSRV.sys
19:45:43.0109 0268	MSKSSRV - ok
19:45:43.0125 0268	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) H:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:45:43.0203 0268	MSPCLOCK - ok
19:45:43.0234 0268	MSPQM           (bad59648ba099da4a17680b39730cb3d) H:\WINDOWS\system32\drivers\MSPQM.sys
19:45:43.0312 0268	MSPQM - ok
19:45:43.0343 0268	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) H:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:45:43.0437 0268	mssmbios - ok
19:45:43.0453 0268	Mup             (de6a75f5c270e756c5508d94b6cf68f5) H:\WINDOWS\system32\drivers\Mup.sys
19:45:43.0484 0268	Mup - ok
19:45:43.0500 0268	napagent        (46bb15ae2ac7d025d6d2567b876817bd) H:\WINDOWS\System32\qagentrt.dll
19:45:43.0593 0268	napagent - ok
19:45:43.0609 0268	NDIS            (1df7f42665c94b825322fae71721130d) H:\WINDOWS\system32\drivers\NDIS.sys
19:45:43.0703 0268	NDIS - ok
19:45:43.0718 0268	NdisTapi        (0109c4f3850dfbab279542515386ae22) H:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:45:43.0734 0268	NdisTapi - ok
19:45:43.0765 0268	Ndisuio         (f927a4434c5028758a842943ef1a3849) H:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:45:43.0843 0268	Ndisuio - ok
19:45:43.0859 0268	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) H:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:45:43.0937 0268	NdisWan - ok
19:45:43.0968 0268	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) H:\WINDOWS\system32\drivers\NDProxy.sys
19:45:43.0984 0268	NDProxy - ok
19:45:44.0000 0268	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) H:\WINDOWS\system32\DRIVERS\netbios.sys
19:45:44.0078 0268	NetBIOS - ok
19:45:44.0109 0268	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) H:\WINDOWS\system32\DRIVERS\netbt.sys
19:45:44.0187 0268	NetBT - ok
19:45:44.0203 0268	NetDDE          (8ace4251bffd09ce75679fe940e996cc) H:\WINDOWS\system32\netdde.exe
19:45:44.0296 0268	NetDDE - ok
19:45:44.0296 0268	NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) H:\WINDOWS\system32\netdde.exe
19:45:44.0375 0268	NetDDEdsdm - ok
19:45:44.0390 0268	Netlogon        (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
19:45:44.0468 0268	Netlogon - ok
19:45:44.0500 0268	Netman          (e6d88f1f6745bf00b57e7855a2ab696c) H:\WINDOWS\System32\netman.dll
19:45:44.0578 0268	Netman - ok
19:45:44.0687 0268	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:45:44.0703 0268	NetTcpPortSharing - ok
19:45:44.0734 0268	Nla             (f1b67b6b0751ae0e6e964b02821206a3) H:\WINDOWS\System32\mswsock.dll
19:45:44.0750 0268	Nla - ok
19:45:44.0765 0268	nm              (1e421a6bcf2203cc61b821ada9de878b) H:\WINDOWS\system32\DRIVERS\NMnt.sys
19:45:44.0843 0268	nm - ok
19:45:44.0890 0268	Npfs            (3182d64ae053d6fb034f44b6def8034a) H:\WINDOWS\system32\drivers\Npfs.sys
19:45:45.0000 0268	Npfs - ok
19:45:45.0031 0268	npggsvc - ok
19:45:45.0062 0268	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) H:\WINDOWS\system32\drivers\Ntfs.sys
19:45:45.0187 0268	Ntfs - ok
19:45:45.0187 0268	NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
19:45:45.0265 0268	NtLmSsp - ok
19:45:45.0296 0268	NtmsSvc         (56af4064996fa5bac9c449b1514b4770) H:\WINDOWS\system32\ntmssvc.dll
19:45:45.0390 0268	NtmsSvc - ok
19:45:45.0421 0268	Null            (73c1e1f395918bc2c6dd67af7591a3ad) H:\WINDOWS\system32\drivers\Null.sys
19:45:45.0500 0268	Null - ok
19:45:45.0984 0268	nv              (6733e80a193fc36f41c24142b0c45c0e) H:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:45:46.0546 0268	nv ( UnsignedFile.Multi.Generic ) - warning
19:45:46.0546 0268	nv - detected UnsignedFile.Multi.Generic (1)
19:45:46.0640 0268	NVSvc           (c0204c1a7a2d2433d48f49e4ecc09ab6) H:\WINDOWS\system32\nvsvc32.exe
19:45:46.0656 0268	NVSvc - ok
19:45:46.0687 0268	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) H:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:45:46.0781 0268	NwlnkFlt - ok
19:45:46.0796 0268	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) H:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:45:46.0937 0268	NwlnkFwd - ok
19:45:47.0046 0268	odserv          (785f487a64950f3cb8e9f16253ba3b7b) H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
19:45:47.0078 0268	odserv - ok
19:45:47.0203 0268	OS Selector     (2037add28254eeb404f3375f7aef7802) H:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe
19:45:47.0296 0268	OS Selector - ok
19:45:47.0343 0268	ose             (5a432a042dae460abe7199b758e8606c) H:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
19:45:47.0359 0268	ose - ok
19:45:47.0406 0268	Parport         (f84785660305b9b903fb3bca8ba29837) H:\WINDOWS\system32\drivers\Parport.sys
19:45:47.0500 0268	Parport - ok
19:45:47.0500 0268	PartMgr         (beb3ba25197665d82ec7065b724171c6) H:\WINDOWS\system32\drivers\PartMgr.sys
19:45:47.0578 0268	PartMgr - ok
19:45:47.0609 0268	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) H:\WINDOWS\system32\drivers\ParVdm.sys
19:45:47.0687 0268	ParVdm - ok
19:45:47.0687 0268	PCI             (387e8dedc343aa2d1efbc30580273acd) H:\WINDOWS\system32\DRIVERS\pci.sys
19:45:47.0781 0268	PCI - ok
19:45:47.0781 0268	PCIDump - ok
19:45:47.0796 0268	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) H:\WINDOWS\system32\DRIVERS\pciide.sys
19:45:47.0875 0268	PCIIde - ok
19:45:47.0890 0268	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) H:\WINDOWS\system32\drivers\Pcmcia.sys
19:45:47.0968 0268	Pcmcia - ok
19:45:47.0968 0268	PDCOMP - ok
19:45:47.0968 0268	PDFRAME - ok
19:45:47.0984 0268	PDRELI - ok
19:45:47.0984 0268	PDRFRAME - ok
19:45:47.0984 0268	perc2 - ok
19:45:47.0984 0268	perc2hib - ok
19:45:48.0046 0268	PlugPlay        (a3edbe9053889fb24ab22492472b39dc) H:\WINDOWS\system32\services.exe
19:45:48.0046 0268	PlugPlay - ok
19:45:48.0140 0268	PMBDeviceInfoProvider (63694c307273062a2167ae4ce80730ef) H:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe
19:45:48.0203 0268	PMBDeviceInfoProvider - ok
19:45:48.0203 0268	PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
19:45:48.0281 0268	PolicyAgent - ok
19:45:48.0296 0268	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) H:\WINDOWS\system32\DRIVERS\raspptp.sys
19:45:48.0375 0268	PptpMiniport - ok
19:45:48.0390 0268	Processor       (2cb55427c58679f49ad600fccba76360) H:\WINDOWS\system32\DRIVERS\processr.sys
19:45:48.0484 0268	Processor - ok
19:45:48.0484 0268	ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
19:45:48.0578 0268	ProtectedStorage - ok
19:45:48.0578 0268	PSched          (09298ec810b07e5d582cb3a3f9255424) H:\WINDOWS\system32\DRIVERS\psched.sys
19:45:48.0671 0268	PSched - ok
19:45:48.0687 0268	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) H:\WINDOWS\system32\DRIVERS\ptilink.sys
19:45:48.0765 0268	Ptilink - ok
19:45:48.0781 0268	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) H:\WINDOWS\system32\Drivers\PxHelp20.sys
19:45:48.0796 0268	PxHelp20 - ok
19:45:48.0796 0268	ql1080 - ok
19:45:48.0796 0268	Ql10wnt - ok
19:45:48.0796 0268	ql12160 - ok
19:45:48.0812 0268	ql1240 - ok
19:45:48.0812 0268	ql1280 - ok
19:45:48.0843 0268	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) H:\WINDOWS\system32\DRIVERS\rasacd.sys
19:45:48.0921 0268	RasAcd - ok
19:45:48.0984 0268	RasAuto         (f5ba6caccdb66c8f048e867563203246) H:\WINDOWS\System32\rasauto.dll
19:45:49.0062 0268	RasAuto - ok
19:45:49.0093 0268	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) H:\WINDOWS\system32\DRIVERS\rasirda.sys
19:45:49.0140 0268	Rasirda - ok
19:45:49.0140 0268	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:45:49.0218 0268	Rasl2tp - ok
19:45:49.0234 0268	RasMan          (f9a7b66ea345726edb5862a46b1eccd5) H:\WINDOWS\System32\rasmans.dll
19:45:49.0328 0268	RasMan - ok
19:45:49.0328 0268	RasPppoe        (5bc962f2654137c9909c3d4603587dee) H:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:45:49.0406 0268	RasPppoe - ok
19:45:49.0406 0268	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) H:\WINDOWS\system32\DRIVERS\raspti.sys
19:45:49.0500 0268	Raspti - ok
19:45:49.0515 0268	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) H:\WINDOWS\system32\DRIVERS\rdbss.sys
19:45:49.0609 0268	Rdbss - ok
19:45:49.0609 0268	RDPCDD          (4912d5b403614ce99c28420f75353332) H:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:45:49.0687 0268	RDPCDD - ok
19:45:49.0718 0268	rdpdr           (15cabd0f7c00c47c70124907916af3f1) H:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:45:49.0812 0268	rdpdr - ok
19:45:49.0843 0268	RDPWD           (6589db6e5969f8eee594cf71171c5028) H:\WINDOWS\system32\drivers\RDPWD.sys
19:45:49.0906 0268	RDPWD - ok
19:45:49.0921 0268	RDSessMgr       (263af18af0f3db99f574c95f284ccec9) H:\WINDOWS\system32\sessmgr.exe
19:45:50.0031 0268	RDSessMgr - ok
19:45:50.0062 0268	redbook         (ed761d453856f795a7fe056e42c36365) H:\WINDOWS\system32\DRIVERS\redbook.sys
19:45:50.0140 0268	redbook - ok
19:45:50.0156 0268	RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) H:\WINDOWS\System32\mprdim.dll
19:45:50.0250 0268	RemoteAccess - ok
19:45:50.0265 0268	RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) H:\WINDOWS\system32\regsvc.dll
19:45:50.0343 0268	RemoteRegistry - ok
19:45:50.0359 0268	RpcLocator      (2a02e21867497df20b8fc95631395169) H:\WINDOWS\system32\locator.exe
19:45:50.0437 0268	RpcLocator - ok
19:45:50.0468 0268	RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) H:\WINDOWS\system32\rpcss.dll
19:45:50.0484 0268	RpcSs - ok
19:45:50.0531 0268	RSVP            (4bdd71b4b521521499dfd14735c4f398) H:\WINDOWS\system32\rsvp.exe
19:45:50.0609 0268	RSVP - ok
19:45:50.0609 0268	SamSs           (afb8261b56cba0d86aeb6df682af9785) H:\WINDOWS\system32\lsass.exe
19:45:50.0687 0268	SamSs - ok
19:45:50.0703 0268	SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) H:\WINDOWS\System32\SCardSvr.exe
19:45:50.0812 0268	SCardSvr - ok
19:45:50.0875 0268	Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) H:\WINDOWS\system32\schedsvc.dll
19:45:50.0968 0268	Schedule - ok
19:45:51.0000 0268	Secdrv          (90a3935d05b494a5a39d37e71f09a677) H:\WINDOWS\system32\DRIVERS\secdrv.sys
19:45:51.0031 0268	Secdrv - ok
19:45:51.0046 0268	seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) H:\WINDOWS\System32\seclogon.dll
19:45:51.0140 0268	seclogon - ok
19:45:51.0156 0268	SENS            (2aac9b6ed9eddffb721d6452e34d67e3) H:\WINDOWS\system32\sens.dll
19:45:51.0250 0268	SENS - ok
19:45:51.0265 0268	Serenum         (0f29512ccd6bead730039fb4bd2c85ce) H:\WINDOWS\system32\DRIVERS\serenum.sys
19:45:51.0343 0268	Serenum - ok
19:45:51.0390 0268	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) H:\WINDOWS\system32\DRIVERS\serial.sys
19:45:51.0468 0268	Serial - ok
19:45:51.0484 0268	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) H:\WINDOWS\system32\drivers\Sfloppy.sys
19:45:51.0562 0268	Sfloppy - ok
19:45:51.0578 0268	SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) H:\WINDOWS\System32\ipnathlp.dll
19:45:51.0656 0268	SharedAccess - ok
19:45:51.0687 0268	ShellHWDetection (2db7d303c36ddd055215052f118e8e75) H:\WINDOWS\System32\shsvcs.dll
19:45:51.0703 0268	ShellHWDetection - ok
19:45:51.0718 0268	Simbad - ok
19:45:51.0890 0268	SkypeUpdate     (579ba0a911ff5ea70cb604cd3b744b0a) H:\Programme\Skype\Updater\Updater.exe
19:45:51.0906 0268	SkypeUpdate - ok
19:45:51.0937 0268	snapman         (c6dafc9af23d54ca0e222b215d5e8378) H:\WINDOWS\system32\DRIVERS\snapman.sys
19:45:51.0953 0268	snapman - ok
19:45:51.0953 0268	Sparrow - ok
19:45:51.0984 0268	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) H:\WINDOWS\system32\drivers\splitter.sys
19:45:52.0046 0268	splitter - ok
19:45:52.0093 0268	Spooler         (60784f891563fb1b767f70117fc2428f) H:\WINDOWS\system32\spoolsv.exe
19:45:52.0125 0268	Spooler - ok
19:45:52.0156 0268	sr              (50fa898f8c032796d3b1b9951bb5a90f) H:\WINDOWS\system32\DRIVERS\sr.sys
19:45:52.0187 0268	sr - ok
19:45:52.0218 0268	srservice       (fe77a85495065f3ad59c5c65b6c54182) H:\WINDOWS\system32\srsvc.dll
19:45:52.0281 0268	srservice - ok
19:45:52.0328 0268	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) H:\WINDOWS\system32\DRIVERS\srv.sys
19:45:52.0359 0268	Srv - ok
19:45:52.0390 0268	SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) H:\WINDOWS\System32\ssdpsrv.dll
19:45:52.0421 0268	SSDPSRV - ok
19:45:52.0468 0268	ssmdrv          (a36ee93698802cd899f98bfd553d8185) H:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:45:52.0468 0268	ssmdrv - ok
19:45:52.0484 0268	stisvc          (bc2c5985611c5356b24aeb370953ded9) H:\WINDOWS\system32\wiaservc.dll
19:45:52.0593 0268	stisvc - ok
19:45:52.0625 0268	swenum          (3941d127aef12e93addf6fe6ee027e0f) H:\WINDOWS\system32\DRIVERS\swenum.sys
19:45:52.0703 0268	swenum - ok
19:45:52.0750 0268	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) H:\WINDOWS\system32\drivers\swmidi.sys
19:45:52.0828 0268	swmidi - ok
19:45:52.0828 0268	SwPrv - ok
19:45:52.0843 0268	symc810 - ok
19:45:52.0843 0268	symc8xx - ok
19:45:52.0843 0268	sym_hi - ok
19:45:52.0859 0268	sym_u3 - ok
19:45:52.0875 0268	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) H:\WINDOWS\system32\drivers\sysaudio.sys
19:45:52.0968 0268	sysaudio - ok
19:45:52.0984 0268	SysmonLog       (2903fffa2523926d6219428040dce6b9) H:\WINDOWS\system32\smlogsvc.exe
19:45:53.0062 0268	SysmonLog - ok
19:45:53.0078 0268	TapiSrv         (05903cac4b98908d55ea5774775b382e) H:\WINDOWS\System32\tapisrv.dll
19:45:53.0156 0268	TapiSrv - ok
19:45:53.0203 0268	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) H:\WINDOWS\system32\DRIVERS\tcpip.sys
19:45:53.0234 0268	Tcpip - ok
19:45:53.0281 0268	TDPIPE          (6471a66807f5e104e4885f5b67349397) H:\WINDOWS\system32\drivers\TDPIPE.sys
19:45:53.0343 0268	TDPIPE - ok
19:45:53.0375 0268	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) H:\WINDOWS\system32\drivers\TDTCP.sys
19:45:53.0437 0268	TDTCP - ok
19:45:53.0468 0268	TermDD          (88155247177638048422893737429d9e) H:\WINDOWS\system32\DRIVERS\termdd.sys
19:45:53.0546 0268	TermDD - ok
19:45:53.0593 0268	TermService     (b7de02c863d8f5a005a7bf375375a6a4) H:\WINDOWS\System32\termsrv.dll
19:45:53.0671 0268	TermService - ok
19:45:53.0687 0268	Themes          (2db7d303c36ddd055215052f118e8e75) H:\WINDOWS\System32\shsvcs.dll
19:45:53.0703 0268	Themes - ok
19:45:53.0734 0268	TlntSvr         (03681a1ce77f51586903869a5ab1deab) H:\WINDOWS\system32\tlntsvr.exe
19:45:53.0781 0268	TlntSvr - ok
19:45:53.0796 0268	TosIde - ok
19:45:53.0812 0268	TrkWks          (626504572b175867f30f3215c04b3e2f) H:\WINDOWS\system32\trkwks.dll
19:45:53.0921 0268	TrkWks - ok
19:45:53.0921 0268	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) H:\WINDOWS\system32\drivers\Udfs.sys
19:45:54.0000 0268	Udfs - ok
19:45:54.0015 0268	ultra - ok
19:45:54.0062 0268	UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) H:\Programme\Unlocker\UnlockerDriver5.sys
19:45:54.0078 0268	UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
19:45:54.0078 0268	UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
19:45:54.0109 0268	Update          (402ddc88356b1bac0ee3dd1580c76a31) H:\WINDOWS\system32\DRIVERS\update.sys
19:45:54.0203 0268	Update - ok
19:45:54.0234 0268	upnphost        (1dfd8975d8c89214b98d9387c1125b49) H:\WINDOWS\System32\upnphost.dll
19:45:54.0296 0268	upnphost - ok
19:45:54.0312 0268	UPS             (9b11e6118958e63e1fef129466e2bda7) H:\WINDOWS\System32\ups.exe
19:45:54.0390 0268	UPS - ok
19:45:54.0453 0268	USBAAPL         (83cafcb53201bbac04d822f32438e244) H:\WINDOWS\system32\Drivers\usbaapl.sys
19:45:54.0484 0268	USBAAPL - ok
19:45:54.0500 0268	usbaudio        (e919708db44ed8543a7c017953148330) H:\WINDOWS\system32\drivers\usbaudio.sys
19:45:54.0609 0268	usbaudio - ok
19:45:54.0625 0268	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) H:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:45:54.0734 0268	usbccgp - ok
19:45:54.0734 0268	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) H:\WINDOWS\system32\DRIVERS\usbehci.sys
19:45:54.0812 0268	usbehci - ok
19:45:54.0843 0268	usbhub          (1ab3cdde553b6e064d2e754efe20285c) H:\WINDOWS\system32\DRIVERS\usbhub.sys
19:45:54.0921 0268	usbhub - ok
19:45:54.0953 0268	usbohci         (0daecce65366ea32b162f85f07c6753b) H:\WINDOWS\system32\DRIVERS\usbohci.sys
19:45:55.0046 0268	usbohci - ok
19:45:55.0078 0268	usbprint        (a717c8721046828520c9edf31288fc00) H:\WINDOWS\system32\DRIVERS\usbprint.sys
19:45:55.0187 0268	usbprint - ok
19:45:55.0218 0268	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) H:\WINDOWS\system32\DRIVERS\usbscan.sys
19:45:55.0312 0268	usbscan - ok
19:45:55.0312 0268	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:45:55.0390 0268	usbstor - ok
19:45:55.0421 0268	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) H:\WINDOWS\System32\drivers\vga.sys
19:45:55.0500 0268	VgaSave - ok
19:45:55.0500 0268	ViaIde - ok
19:45:55.0546 0268	VolSnap         (a5a712f4e880874a477af790b5186e1d) H:\WINDOWS\system32\drivers\VolSnap.sys
19:45:55.0625 0268	VolSnap - ok
19:45:55.0656 0268	VSS             (68f106273be29e7b7ef8266977268e78) H:\WINDOWS\System32\vssvc.exe
19:45:55.0703 0268	VSS - ok
19:45:55.0718 0268	W32Time         (7b353059e665f8b7ad2bbeaef597cf45) H:\WINDOWS\system32\w32time.dll
19:45:55.0796 0268	W32Time - ok
19:45:55.0812 0268	Wanarp          (e20b95baedb550f32dd489265c1da1f6) H:\WINDOWS\system32\DRIVERS\wanarp.sys
19:45:55.0890 0268	Wanarp - ok
19:45:55.0890 0268	WDICA - ok
19:45:55.0906 0268	wdmaud          (6768acf64b18196494413695f0c3a00f) H:\WINDOWS\system32\drivers\wdmaud.sys
19:45:55.0984 0268	wdmaud - ok
19:45:56.0015 0268	WebClient       (81727c9873e3905a2ffc1ebd07265002) H:\WINDOWS\System32\webclnt.dll
19:45:56.0093 0268	WebClient - ok
19:45:56.0171 0268	winmgmt         (6f3f3973d97714cc5f906a19fe883729) H:\WINDOWS\system32\wbem\WMIsvc.dll
19:45:56.0265 0268	winmgmt - ok
19:45:56.0406 0268	wlidsvc         (5144ae67d60ec653f97ddf3feed29e77) H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:45:56.0484 0268	wlidsvc - ok
19:45:56.0625 0268	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) H:\WINDOWS\system32\MsPMSNSv.dll
19:45:56.0687 0268	WmdmPmSN - ok
19:45:56.0734 0268	Wmi             (ffa4d901d46d07a5bab2d8307fbb51a6) H:\WINDOWS\System32\advapi32.dll
19:45:56.0765 0268	Wmi - ok
19:45:56.0812 0268	WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) H:\WINDOWS\system32\DRIVERS\wmiacpi.sys
19:45:56.0890 0268	WmiAcpi - ok
19:45:56.0906 0268	WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) H:\WINDOWS\system32\wbem\wmiapsrv.exe
19:45:57.0000 0268	WmiApSrv - ok
19:45:57.0109 0268	WMPNetworkSvc   (bf05650bb7df5e9ebdd25974e22403bb) H:\Programme\Windows Media Player\WMPNetwk.exe
19:45:57.0171 0268	WMPNetworkSvc - ok
19:45:57.0234 0268	wscsvc          (300b3e84faf1a5c1f791c159ba28035d) H:\WINDOWS\system32\wscsvc.dll
19:45:57.0328 0268	wscsvc - ok
19:45:57.0359 0268	wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) H:\WINDOWS\system32\wuauserv.dll
19:45:57.0484 0268	wuauserv - ok
19:45:57.0515 0268	WudfPf          (f15feafffbb3644ccc80c5da584e6311) H:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:45:57.0562 0268	WudfPf - ok
19:45:57.0562 0268	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) H:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:45:57.0593 0268	WudfRd - ok
19:45:57.0625 0268	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) H:\WINDOWS\System32\WUDFSvc.dll
19:45:57.0640 0268	WudfSvc - ok
19:45:57.0671 0268	WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) H:\WINDOWS\System32\wzcsvc.dll
19:45:57.0765 0268	WZCSVC - ok
19:45:57.0828 0268	xmlprov         (0ada34871a2e1cd2caafed1237a47750) H:\WINDOWS\System32\xmlprov.dll
19:45:57.0937 0268	xmlprov - ok
19:45:58.0031 0268	yukonwxp        (b8c2a64c5090f23e4f158961dfe0df86) H:\WINDOWS\system32\DRIVERS\yk51x86.sys
19:45:58.0078 0268	yukonwxp - ok
19:45:58.0093 0268	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
19:45:58.0468 0268	\Device\Harddisk0\DR0 - ok
19:45:58.0468 0268	Boot (0x1200)   (6650189bde258d116e5f3b9571c0d508) \Device\Harddisk0\DR0\Partition0
19:45:58.0468 0268	\Device\Harddisk0\DR0\Partition0 - ok
19:45:58.0468 0268	============================================================
19:45:58.0468 0268	Scan finished
19:45:58.0468 0268	============================================================
19:45:58.0593 1952	Detected object count: 5
19:45:58.0593 1952	Actual detected object count: 5
19:46:05.0593 1952	Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:46:05.0593 1952	Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
19:46:05.0593 1952	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:05.0593 1952	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:46:05.0593 1952	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:05.0593 1952	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:46:05.0593 1952	nv ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:05.0593 1952	nv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:46:05.0593 1952	UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:46:05.0593 1952	UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 12.07.2012, 19:40

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Stezido · 12.07.2012, 21:43

Code:

ATTFilter

ComboFix 12-07-12.02 - Stefan 12.07.2012  22:34:08.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.43.1031.18.2047.1417 [GMT 2:00]
ausgeführt von:: h:\dokumente und einstellungen\Stefan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
h:\dokumente und einstellungen\Stefan\WINDOWS
H:\Thumbs.db
h:\windows\jestertb.dll
h:\windows\pkunzip.pif
h:\windows\pkzip.pif
h:\windows\system32\Cache
h:\windows\system32\Cache\1c6e89dd5f6d269a.fb
h:\windows\system32\Cache\272512937d9e61a4.fb
h:\windows\system32\Cache\287204568329e189.fb
h:\windows\system32\Cache\28bc8f716fd76a47.fb
h:\windows\system32\Cache\2c53092c95605355.fb
h:\windows\system32\Cache\3917078cb68ec657.fb
h:\windows\system32\Cache\4bbbf784a9d8dc26.fb
h:\windows\system32\Cache\590ba23ce359fd0c.fb
h:\windows\system32\Cache\610289e025a3ee9a.fb
h:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
h:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
h:\windows\system32\Cache\a8556537add6dfc5.fb
h:\windows\system32\Cache\ad10a52aff5e038d.fb
h:\windows\system32\Cache\c4d28dca2e7648be.fb
h:\windows\system32\Cache\d201ef9910cd39de.fb
h:\windows\system32\Cache\d2e94710a5708128.fb
h:\windows\system32\Cache\d79b9dfe81484ec4.fb
h:\windows\system32\Cache\e0de16f883bea794.fb
h:\windows\system32\dllcache\dlimport.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-12 bis 2012-07-12  ))))))))))))))))))))))))))))))
.
.
2074-05-07 16:38 . 2006-11-21 18:48	203576	------w-	h:\programme\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-07-12 18:00 . 2012-07-12 18:00	--------	d-----w-	H:\Trojanerboard
2012-07-11 14:16 . 2012-07-11 14:16	--------	d-----w-	H:\_OTL
2012-07-09 16:11 . 2012-07-09 16:11	770384	----a-w-	h:\programme\Mozilla Firefox\msvcr100.dll
2012-07-09 16:11 . 2012-07-09 16:11	421200	----a-w-	h:\programme\Mozilla Firefox\msvcp100.dll
2012-07-09 16:05 . 2012-05-11 14:40	521728	-c----w-	h:\windows\system32\dllcache\jsdbgui.dll
2012-07-09 15:57 . 2012-07-09 15:57	--------	d-----w-	h:\programme\LogMeIn Hamachi
2012-07-09 12:02 . 2012-07-09 12:02	--------	d-----w-	h:\dokumente und einstellungen\Stefan\Anwendungsdaten\Malwarebytes
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	h:\windows\system32\msxml4.dll
2012-06-20 20:24 . 2012-06-20 20:24	--------	d-----w-	h:\programme\ESET
2012-06-13 21:22 . 2012-06-13 21:22	--------	d-----w-	h:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 13:55 . 2004-08-03 23:46	1866240	----a-w-	h:\windows\system32\win32k.sys
2012-06-05 15:49 . 2008-04-14 02:22	1372672	------w-	h:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2004-08-03 23:57	1172480	----a-w-	h:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-03 23:57	152576	----a-w-	h:\windows\system32\schannel.dll
2012-06-02 13:19 . 2008-12-24 17:37	329240	----a-w-	h:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2008-12-24 17:37	210968	----a-w-	h:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2008-12-24 17:37	219160	----a-w-	h:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2008-10-16 13:08	15896	----a-w-	h:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-10-16 13:07	18456	----a-w-	h:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2008-12-24 17:37	53784	----a-w-	h:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2008-12-24 17:37	35864	----a-w-	h:\windows\system32\wups.dll
2012-06-02 13:19 . 2008-10-16 13:09	45080	----a-w-	h:\windows\system32\wups2.dll
2012-06-02 13:19 . 2008-10-16 13:08	15896	----a-w-	h:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2004-08-03 23:57	97304	----a-w-	h:\windows\system32\cdm.dll
2012-06-02 13:19 . 2008-10-16 13:08	23576	----a-w-	h:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2008-12-24 17:37	577048	----a-w-	h:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2008-12-24 17:37	1933848	----a-w-	h:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2009-09-21 07:16	275696	----a-w-	h:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2009-09-21 07:16	214256	----a-w-	h:\windows\system32\muweb.dll
2012-06-02 13:18 . 2009-09-21 07:16	18160	----a-w-	h:\windows\system32\mucltui.dll.mui
2012-05-31 13:19 . 2004-08-03 23:57	604672	----a-w-	h:\windows\system32\crypt32.dll
2012-05-23 11:05 . 2012-05-23 11:05	11867	----a-w-	h:\dokumente und einstellungen\Stefan\Anwendungsdaten\TheHunterSettings_live.bin
2012-05-21 16:34 . 2012-05-21 16:34	242240	----a-w-	h:\windows\system32\drivers\dtsoftbus01.sys
2012-05-16 15:07 . 2004-08-03 23:57	916992	----a-w-	h:\windows\system32\wininet.dll
2012-05-11 14:40 . 2004-08-03 23:58	1469440	------w-	h:\windows\system32\inetcpl.cpl
2012-05-11 14:40 . 2004-08-03 23:57	43520	----a-w-	h:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2004-08-03 23:42	385024	----a-w-	h:\windows\system32\html.iec
2012-05-08 13:26 . 2011-10-17 08:08	83392	----a-w-	h:\windows\system32\drivers\avgntflt.sys
2012-05-08 13:26 . 2011-10-17 08:08	137928	----a-w-	h:\windows\system32\drivers\avipbb.sys
2012-05-05 03:14 . 2004-08-04 00:50	2029056	----a-w-	h:\windows\system32\ntkrnlpa.exe
2012-05-05 03:14 . 2004-08-03 23:50	2150912	----a-w-	h:\windows\system32\ntoskrnl.exe
2012-05-02 13:46 . 2008-12-24 17:35	139656	----a-w-	h:\windows\system32\drivers\rdpwd.sys
2008-10-13 09:36 . 2008-10-13 09:36	35950872	----a-r-	h:\programme\PhysX_8.10.13_SystemSoftware.exe
2012-07-09 16:11 . 2012-02-19 20:27	85472	----a-w-	h:\programme\mozilla firefox\components\browsercomps.dll
2006-05-03 09:06	163328	--sh--r-	h:\windows\system32\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	h:\windows\system32\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	h:\windows\system32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="h:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-06 39408]
"Akamai NetSession Interface"="h:\dokumente und einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" [2012-05-26 4327744]
"DAEMON Tools Lite"="h:\programme\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="h:\programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-11 16844800]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"GrooveMonitor"="h:\programme\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Lexmark X74-X75"="h:\programme\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"Smart File Advisor"="h:\programme\Smart File Advisor\sfa.exe" [2011-04-04 280824]
"SunJavaUpdateSched"="h:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"avgnt"="h:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"TrayServer"="h:\progra~1\MAGIX\VIDEO_~1\TrayServer.exe" [2008-08-07 90112]
"APSDaemon"="h:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"PMBVolumeWatcher"="h:\programme\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]
"UnlockerAssistant"="h:\programme\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"Adobe ARM"="h:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"LogMeIn Hamachi Ui"="h:\programme\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-05-03 06:36	17355912	----a-r-	h:\programme\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="h:\programme\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="h:\programme\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="h:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"h:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"h:\\Programme\\Garena\\Garena.exe"=
"h:\\WINDOWS\\system32\\dpvsetup.exe"=
"h:\\Programme\\FireFly Studios\\Stronghold Crusader\\Stronghold_Crusader_Extreme.exe"=
"h:\\Programme\\FireFly Studios\\Stronghold Crusader\\Stronghold Crusader.exe"=
"h:\\WINDOWS\\system32\\dplaysvr.exe"=
"h:\\Programme\\Microsoft Games\\Rise of Nations\\rise.exe"=
"h:\\totalcmd\\TOTALCMD.EXE"=
"h:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"h:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"h:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"h:\\Programme\\League of Legends\\lol.launcher.exe"=
"h:\\Dokumente und Einstellungen\\Stefan\\Lokale Einstellungen\\Anwendungsdaten\\Akamai\\netsession_win.exe"=
"h:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"h:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"h:\\Programme\\Bonjour\\mDNSResponder.exe"=
"h:\\Programme\\Opera\\opera.exe"=
"h:\\Programme\\iTunes\\iTunes.exe"=
"h:\\Matrix Games\\Distant Worlds\\update.exe"=
"h:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"11019:TCP"= 11019:TCP:BitCometLite 11019 TCP
"11019:UDP"= 11019:UDP:BitCometLite 11019 UDP
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"8395:TCP"= 8395:TCP:League of Legends Launcher
"8395:UDP"= 8395:UDP:League of Legends Launcher
"6934:TCP"= 6934:TCP:League of Legends Launcher
"6934:UDP"= 6934:UDP:League of Legends Launcher
"6922:TCP"= 6922:TCP:League of Legends Launcher
"6922:UDP"= 6922:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6965:TCP"= 6965:TCP:League of Legends Launcher
"6965:UDP"= 6965:UDP:League of Legends Launcher
"6901:TCP"= 6901:TCP:League of Legends Launcher
"6901:UDP"= 6901:UDP:League of Legends Launcher
"6985:TCP"= 6985:TCP:League of Legends Launcher
"6985:UDP"= 6985:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6908:TCP"= 6908:TCP:League of Legends Launcher
"6908:UDP"= 6908:UDP:League of Legends Launcher
"1055:TCP"= 1055:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R1 avkmgr;avkmgr;h:\windows\system32\drivers\avkmgr.sys [17.10.2011 10:08 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;h:\windows\system32\drivers\dtsoftbus01.sys [21.05.2012 18:34 242240]
R2 Akamai;Akamai NetSession Interface;h:\windows\System32\svchost.exe -k Akamai [04.08.2004 01:58 14336]
R2 AntiVirSchedulerService;Avira Planer;h:\programme\Avira\AntiVir Desktop\sched.exe [17.10.2011 10:08 86224]
R2 Fabs;FABS - Helping agent for MAGIX media database;h:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [27.08.2009 17:09 1253376]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;h:\programme\LogMeIn Hamachi\hamachi-2.exe [27.06.2012 12:29 1385896]
R2 MBAMService;MBAMService;h:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [12.06.2012 12:55 654408]
R2 OS Selector;Acronis OS Selector Activator;h:\programme\Acronis\DiskDirector\OSS\reinstall_svc.exe [25.05.2010 20:53 2155848]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;h:\programme\Sony\PMB\PMBDeviceInfoProvider.exe [27.11.2010 01:55 398176]
R3 MBAMProtector;MBAMProtector;h:\windows\system32\drivers\mbam.sys [12.06.2012 12:55 22344]
S2 gupdate;Google Update-Dienst (gupdate);h:\programme\Google\Update\GoogleUpdate.exe [20.08.2011 16:45 136176]
S2 SkypeUpdate;Skype Updater;h:\programme\Skype\Updater\Updater.exe [03.05.2012 08:31 158856]
S3 EagleXNt;EagleXNt;\??\h:\windows\system32\drivers\EagleXNt.sys --> h:\windows\system32\drivers\EagleXNt.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;h:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [07.08.2008 11:10 3276800]
S3 GarenaPEngine;GarenaPEngine;\??\h:\dokume~1\Stefan\LOKALE~1\Temp\ALZ2FA2.tmp --> h:\dokume~1\Stefan\LOKALE~1\Temp\ALZ2FA2.tmp [?]
S3 GGSAFERDriver;GGSAFER Driver;\??\h:\programme\Garena\safedrv.sys --> h:\programme\Garena\safedrv.sys [?]
S3 gupdatem;Google Update-Dienst (gupdatem);h:\programme\Google\Update\GoogleUpdate.exe [20.08.2011 16:45 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;h:\programme\Mozilla Maintenance Service\maintenanceservice.exe [22.05.2012 19:38 113120]
S3 npggsvc;nProtect GameGuard Service;h:\windows\system32\GameMon.des -service --> h:\windows\system32\GameMon.des -service [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 24577545
*Deregistered* - 24577545
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-08 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2012-07-12 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\programme\Google\Update\GoogleUpdate.exe [2011-08-20 14:45]
.
2012-07-12 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\programme\Google\Update\GoogleUpdate.exe [2011-08-20 14:45]
.
2011-05-18 h:\windows\Tasks\wavepadShakeIcon.job
- h:\programme\NCH Swift Sound\WavePad\wavepad.exe [2011-05-07 14:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - h:\dokumente und einstellungen\Stefan\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - h:\dokumente und einstellungen\Stefan\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - h:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - h:\dokumente und einstellungen\Stefan\Anwendungsdaten\Mozilla\Firefox\Profiles\kazkypbg.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Little Bombers Returns - c:\littlebombersreturns\Uninstall.exe
AddRemove-SFT_de3 Toolbar - h:\programme\SFT_de3\uninstall.exe
AddRemove-softonic-de3 Toolbar - h:\programme\softonic-de3\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-12 22:38
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="h:\programme\gemeinsame dateien\akamai/netsession_win_4f7fccd.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\h:\dokume~1\Stefan\LOKALE~1\Temp\ALZ2FA2.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="h:\windows\system32\GameMon.des -service"
.
Zeit der Fertigstellung: 2012-07-12  22:40:21
ComboFix-quarantined-files.txt  2012-07-12 20:40
.
Vor Suchlauf: 46 Verzeichnis(se), 138.093.555.712 Bytes frei
Nach Suchlauf: 48 Verzeichnis(se), 138.399.850.496 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B90726F34BD4BDD7F42BD061BBD3C5B8

cosinus · 13.07.2012, 11:14

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Stezido · 16.07.2012, 13:48

folgendes beinhaltet die Osam.txt

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:46:03 on 16.07.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - H:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe
"wavepadShakeIcon.job" - "NCH Software" - H:\Programme\NCH Swift Sound\WavePad\wavepad.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - H:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - H:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - H:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvcpl.cpl
"PhysX.cpl" - "NVIDIA Corporation" - H:\WINDOWS\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal - Free Antivirus " - "Avira Operations GmbH & Co. KG" - H:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - H:\PROGRA~1\MI1933~1\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - H:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AMDPCI" (AMDPCI) - ? - H:\DOKUME~1\Stefan\LOKALE~1\Temp\AMDPCI.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - H:\DOKUME~1\Stefan\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - H:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DAEMON Tools Virtual Bus Driver" (dtsoftbus01) - "DT Soft Ltd" - H:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys
"EagleXNt" (EagleXNt) - ? - H:\WINDOWS\system32\drivers\EagleXNt.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - H:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
"GarenaPEngine" (GarenaPEngine) - ? - H:\DOKUME~1\Stefan\LOKALE~1\Temp\ALZ2FA2.tmp  (File not found)
"GGSAFER Driver" (GGSAFERDriver) - ? - H:\Programme\Garena\safedrv.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - H:\WINDOWS\System32\DRIVERS\hamachi.sys
"i2omgmt" (i2omgmt) - ? - H:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - H:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - H:\WINDOWS\system32\drivers\mbam.sys
"nv" (nv) - "NVIDIA Corporation" - H:\WINDOWS\System32\DRIVERS\nv4_mini.sys
"PCIDump" (PCIDump) - ? - H:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - H:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - H:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - H:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - H:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - H:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - H:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"WDICA" (WDICA) - ? - H:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - h:\WINDOWS\system32\Rundll32.exe h:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - H:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - H:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - H:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - H:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - H:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - H:\Programme\7-Zip\7-zip.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - H:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - H:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - H:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - h:\WINDOWS\system32\mscoree.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - H:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - H:\PROGRA~1\MI1933~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - H:\PROGRA~1\MI1933~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - H:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - H:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - H:\Programme\NVIDIA Corporation\nView\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - H:\PROGRA~1\MI1933~1\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - H:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - h:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - h:\WINDOWS\system32\dfshim.dll
{e57ce731-33e8-4c51-8354-bb4de9d215d1} "Universelle Plug & Play-Geräte" - ? -   (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - H:\Programme\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - H:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - H:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - H:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - H:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - H:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - H:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - H:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - H:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - H:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - H:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Google Toolbar" - "Google Inc." - H:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{99FE5072-78AA-4FEE-89BA-69A5FA55343F} "IGDTester Class" - "Microsoft Corporation" - H:\WINDOWS\Downloaded Program Files\igdtoolx.dll / hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - H:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - H:\WINDOWS\system32\Macromed\Flash\Flash10w.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - H:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - H:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - H:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - H:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Google Toolbar" - "Google Inc." - H:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - H:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - H:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - H:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - H:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - H:\Programme\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - H:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - H:\Dokumente und Einstellungen\Stefan\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Akamai NetSession Interface" - "Akamai Technologies, Inc" - "H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe"
"DAEMON Tools Lite" - "DT Soft Ltd" - "H:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
"swg" - "Google Inc." - "H:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "H:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"amd_dc_opt" - "AMD" - H:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe
"APSDaemon" - "Apple Inc." - "H:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "H:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "H:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"Lexmark X74-X75" - "Lexmark International, Inc." - "H:\Programme\Lexmark X74-X75\lxbbbmgr.exe"
"LogMeIn Hamachi Ui" - "LogMeIn Inc." - "H:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
"PMBVolumeWatcher" - "Sony Corporation" - H:\Programme\Sony\PMB\PMBVolumeWatcher.exe
"Smart File Advisor" - "Filefacts.net" - "H:\Programme\Smart File Advisor\sfa.exe" /checkassoc
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TrayServer" - "MAGIX AG" - H:\PROGRA~1\MAGIX\VIDEO_~1\TrayServer.exe
"UnlockerAssistant" - ? - "H:\Programme\Unlocker\UnlockerAssistant.exe"  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - H:\WINDOWS\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Acronis OS Selector Activator" (OS Selector) - ? - H:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe  (File found, but it contains no detailed information)
"Akamai NetSession Interface" (Akamai) - "Akamai Technologies, Inc" - h:\programme\gemeinsame dateien\akamai\netsession_win_4f7fccd.dll
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Automatic Updates" (wuauserv) - ? - C:\WINDOWS\system32\wuauserv.dll  (File not found)
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - H:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - H:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - H:\Programme\Bonjour\mDNSResponder.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - H:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - H:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
"Google Software Updater" (gusvc) - "Google" - H:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - H:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - H:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - H:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - H:\Programme\Java\jre6\bin\jqs.exe
"LogMeIn Hamachi Tunneling Engine" (Hamachi2Svc) - "LogMeIn Inc." - H:\Programme\LogMeIn Hamachi\hamachi-2.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - H:\Programme\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - H:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - H:\WINDOWS\system32\GameMon.des
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - H:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PMBDeviceInfoProvider" (PMBDeviceInfoProvider) - "Sony Corporation" - H:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - H:\Programme\Skype\Updater\Updater.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - H:\Programme\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "Google Inc." - H:\WINDOWS\system32\GPhotos.scr
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - H:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - H:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

folgendes beinhaltet dieaswMBR.txt

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-16 13:47:50
-----------------------------
13:47:50.984    OS Version: Windows 5.1.2600 Service Pack 3
13:47:50.984    Number of processors: 2 586 0x6B02
13:47:50.984    ComputerName: TU-EBBA3B93496A  UserName: Stefan
13:47:51.765    Initialize success
13:55:35.781    AVAST engine defs: 12071600
13:57:24.359    Service scanning
13:57:38.390    Modules scanning
13:57:41.281    Disk 0 trace - called modules:
13:57:41.312    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
13:57:41.312    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a632ab8]
13:57:41.328    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a5f63b8]
13:57:41.328    5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-7[0x8a5f5d98]
13:57:42.234    AVAST engine scan H:\WINDOWS
13:57:51.156    AVAST engine scan H:\WINDOWS\system32
14:00:56.203    AVAST engine scan H:\WINDOWS\system32\drivers
14:01:16.421    AVAST engine scan H:\Dokumente und Einstellungen\Stefan
14:12:10.281    AVAST engine scan H:\Dokumente und Einstellungen\All Users
14:21:43.312    Scan finished successfully
14:45:54.062    The log file has been saved successfully to "H:\Dokumente und Einstellungen\Stefan\Desktop\aswMBR.txt"

cosinus · 16.07.2012, 16:34

Was ist mit GMER?
Und bei aswMBR ist weas schiefgegangen, musst du nochmal machen

Stezido · 16.07.2012, 20:01

aswMBR.txt nummer 2 ist genau dieselbe wie die erste

und gmer.txt werd ich nochmal über die nacht probieren ob es funzt

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-17 05:18:15
Windows 5.1.2600 Service Pack 3 
Running: iqiicuu5.exe; Driver: H:\DOKUME~1\Stefan\LOKALE~1\Temp\kwrdqkod.sys


---- System - GMER 1.0.15 ----

SSDT            B8753326                                     ZwCreateKey
SSDT            B875331C                                     ZwCreateThread
SSDT            B875332B                                     ZwDeleteKey
SSDT            B8753335                                     ZwDeleteValueKey
SSDT            B875333A                                     ZwLoadKey
SSDT            B8753308                                     ZwOpenProcess
SSDT            B875330D                                     ZwOpenThread
SSDT            B8753344                                     ZwReplaceKey
SSDT            B875333F                                     ZwRestoreKey
SSDT            B8753330                                     ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text           H:\WINDOWS\system32\DRIVERS\nv4_mini.sys     section is writeable [0xB0B683A0, 0x8A1A15, 0xE8000020]
?               H:\DOKUME~1\Stefan\LOKALE~1\Temp\aswMBR.sys  Das System kann die angegebene Datei nicht finden. !

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Tcp                    fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1       snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \FileSystem\Fastfat \Fat                     fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Das wäre aswMBR nochmal, also 2.versuch:

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-16 19:00:49
-----------------------------
19:00:49.691    OS Version: Windows 5.1.2600 Service Pack 3
19:00:49.691    Number of processors: 2 586 0x6B02
19:00:49.691    ComputerName: TU-EBBA3B93496A  UserName: Stefan
19:00:50.722    Initialize success
19:01:03.254    AVAST engine defs: 12071600
19:11:16.035    Service scanning
19:11:36.347    Modules scanning
19:11:50.941    Disk 0 trace - called modules:
19:11:50.957    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
19:11:50.957    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a632ab8]
19:11:50.957    3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a5f63b8]
19:11:50.957    5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-7[0x8a5f5d98]
19:11:51.722    AVAST engine scan H:\WINDOWS
19:12:30.222    AVAST engine scan H:\WINDOWS\system32
19:19:49.129    AVAST engine scan H:\WINDOWS\system32\drivers
19:20:45.035    AVAST engine scan H:\Dokumente und Einstellungen\Stefan
19:44:57.472    AVAST engine scan H:\Dokumente und Einstellungen\All Users
20:02:27.535    Scan finished successfully
20:57:35.332    The log file has been saved successfully to "H:\Dokumente und Einstellungen\Stefan\Desktop\aswMBR.txt"
20:57:50.488    The log file has been saved successfully to "H:\Dokumente und Einstellungen\Stefan\Desktop\aswMBR.txt"
20:58:07.550    The log file has been saved successfully to "H:\Trojanerboard\aswMBR.txt"

cosinus · 17.07.2012, 10:55

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Stezido · 18.07.2012, 12:17

Code:

ATTFilter

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Professional
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x000005f8

Kernel Drivers (total 125):
  0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
  0x806E6000 \WINDOWS\system32\hal.dll
  0xB85A8000 \WINDOWS\system32\KDCOM.DLL
  0xB84B8000 \WINDOWS\system32\BOOTVID.dll
  0xB7F78000 ACPI.sys
  0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB7F67000 pci.sys
  0xB80A8000 isapnp.sys
  0xB8670000 pciide.sys
  0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xB80B8000 MountMgr.sys
  0xB7F48000 ftdisk.sys
  0xB85AC000 dmload.sys
  0xB7F22000 dmio.sys
  0xB8330000 PartMgr.sys
  0xB80C8000 VolSnap.sys
  0xB7F0A000 atapi.sys
  0xB80D8000 disk.sys
  0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB7EEA000 fltmgr.sys
  0xB7ED8000 sr.sys
  0xB80F8000 PxHelp20.sys
  0xB7EC1000 KSecDD.sys
  0xB7E34000 Ntfs.sys
  0xB7E07000 NDIS.sys
  0xB7DDF000 snapman.sys
  0xB7DC5000 Mup.sys
  0xB8218000 \SystemRoot\system32\DRIVERS\processr.sys
  0xB1DA1000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
  0xB115E000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB114A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB1109000 \SystemRoot\system32\DRIVERS\yk51x86.sys
  0xB8438000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0xB10E5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xB8440000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xB8238000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xB8248000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xB8258000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB10C2000 \SystemRoot\system32\DRIVERS\ks.sys
  0xB8448000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xB109A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xB8450000 \SystemRoot\system32\DRIVERS\fdc.sys
  0xB8268000 \SystemRoot\system32\DRIVERS\serial.sys
  0xB1D99000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xB8458000 \SystemRoot\system32\DRIVERS\irsir.sys
  0xB1D95000 \SystemRoot\system32\DRIVERS\irenum.sys
  0xB8278000 \SystemRoot\system32\DRIVERS\i8042prt.sys
  0xB8460000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xB8468000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xB87FB000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xB8470000 \SystemRoot\system32\DRIVERS\rasirda.sys
  0xB8478000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB8288000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xB1D89000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB1083000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xB8298000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xB82A8000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xB1072000 \SystemRoot\system32\DRIVERS\psched.sys
  0xB82B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xB8480000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xB8488000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xB8490000 \SystemRoot\system32\DRIVERS\hamachi.sys
  0xB1042000 \SystemRoot\system32\DRIVERS\rdpdr.sys
  0xB82C8000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xB85FE000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB0FBC000 \SystemRoot\system32\DRIVERS\update.sys
  0xB1D6D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB8308000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
  0xB0F7C000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys
  0xB82D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xB82F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xB8602000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xABACF000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xABAAB000 \SystemRoot\system32\drivers\portcls.sys
  0xB8318000 \SystemRoot\system32\drivers\drmk.sys
  0xB8606000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xB87E4000 \SystemRoot\System32\Drivers\Null.SYS
  0xB8608000 \SystemRoot\System32\Drivers\Beep.SYS
  0xB84A8000 \SystemRoot\System32\drivers\vga.sys
  0xB860A000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xB860C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xB84B0000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xB8340000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB101E000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xABA28000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xAB9CF000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xAB9A7000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xAB981000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xAED93000 \SystemRoot\System32\drivers\ws2ifsl.sys
  0xAB95F000 \SystemRoot\System32\drivers\afd.sys
  0xB8138000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xB8148000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xB8370000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
  0xAB934000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xAB89C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xB8158000 \SystemRoot\System32\Drivers\Fips.SYS
  0xB8378000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xB8380000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0xB8178000 \SystemRoot\system32\drivers\usbaudio.sys
  0xB855C000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xB8188000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xB8388000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xB81A8000 \SystemRoot\system32\DRIVERS\avkmgr.sys
  0xAB84F000 \SystemRoot\system32\DRIVERS\avipbb.sys
  0xB81F8000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xAB76F000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xB8614000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xAB874000 \SystemRoot\System32\drivers\Dxapi.sys
  0xB8410000 \SystemRoot\System32\watchdog.sys
  0xBD000000 \SystemRoot\System32\drivers\dxg.sys
  0xB8711000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBD012000 \SystemRoot\System32\nv4_disp.dll
  0xBD417000 \SystemRoot\System32\ATMFD.DLL
  0xAAABE000 \SystemRoot\system32\DRIVERS\avgntflt.sys
  0xAABF9000 \??\H:\WINDOWS\system32\drivers\mbam.sys
  0xAAB91000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
  0xAAA58000 \SystemRoot\system32\DRIVERS\irda.sys
  0xAAAED000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xAA6AB000 \SystemRoot\system32\drivers\wdmaud.sys
  0xAA808000 \SystemRoot\system32\drivers\sysaudio.sys
  0xA952B000 \SystemRoot\system32\DRIVERS\srv.sys
  0xA903A000 \SystemRoot\System32\Drivers\HTTP.sys
  0xA8E7F000 \SystemRoot\system32\drivers\kmixer.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 46):
       0 System Idle Process
       4 System
    1248 H:\WINDOWS\system32\smss.exe
    1584 csrss.exe
    1684 H:\WINDOWS\system32\winlogon.exe
    1752 H:\WINDOWS\system32\services.exe
    1764 H:\WINDOWS\system32\lsass.exe
    2028 H:\WINDOWS\system32\svchost.exe
     272 svchost.exe
     720 H:\WINDOWS\system32\svchost.exe
     884 svchost.exe
    1220 svchost.exe
    1432 H:\WINDOWS\system32\LEXBCES.EXE
    1460 H:\WINDOWS\system32\LEXPPS.EXE
    1456 H:\WINDOWS\system32\spoolsv.exe
    1560 H:\Programme\Avira\AntiVir Desktop\sched.exe
     700 H:\WINDOWS\explorer.exe
    1232 H:\WINDOWS\RTHDCPL.exe
    1408 H:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
    1572 H:\Programme\Lexmark X74-X75\lxbbbmgr.exe
    1604 H:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
    1612 H:\Programme\Avira\AntiVir Desktop\avgnt.exe
     144 H:\Programme\Lexmark X74-X75\lxbbbmon.exe
    1716 H:\Programme\Sony\PMB\PMBVolumeWatcher.exe
    1928 H:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe
     260 H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
     308 H:\WINDOWS\system32\ctfmon.exe
     452 H:\Dokumente und Einstellungen\Stefan\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
    2260 H:\WINDOWS\system32\svchost.exe
    2272 H:\Programme\Avira\AntiVir Desktop\avguard.exe
    2308 H:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2356 H:\Programme\Bonjour\mDNSResponder.exe
    2840 H:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
    2904 H:\Programme\LogMeIn Hamachi\hamachi-2.exe
    2964 H:\Programme\Java\jre6\bin\jqs.exe
    2996 H:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
    3060 H:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe
    4020 H:\WINDOWS\ALCFDRTM.EXE
    1192 H:\WINDOWS\system32\svchost.exe
    2092 H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
    2416 H:\Programme\Acronis\DiskDirector\OSS\reinstall_svc.exe
     548 H:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3940 H:\Programme\Avira\AntiVir Desktop\avshadow.exe
    2700 alg.exe
    3772 H:\Programme\Mozilla Firefox\firefox.exe
     432 H:\Dokumente und Einstellungen\Stefan\Eigene Dateien\Downloads\MBRCheck.exe

\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: ST3500320AS, Rev: SD15    

      Size  Device Name          MBR Status
  --------------------------------------------
    465 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!

cosinus · 18.07.2012, 19:40

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

16.07.2012, 16:34	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Akm 50€ Trojaner Problem Desktop lässt sich nicht aufrufen Was ist mit GMER? Und bei aswMBR ist weas schiefgegangen, musst du nochmal machen __________________ Logfiles bitte immer in CODE-Tags posten

18.07.2012, 19:40	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Akm 50€ Trojaner Problem Desktop lässt sich nicht aufrufen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Akm 50€ Trojaner Problem Desktop lässt sich nicht aufrufen

Log-Analyse und Auswertung: Akm 50€ Trojaner Problem Desktop lässt sich nicht aufrufen