mspd Trojaner o.ä.

Bodolino · 15.07.2012, 21:09

Hallo Trojanerboard,

Nachdem t´john den Rechner von meinen Sohn so super bereinigt hat, hab ich jetzt mal auf meinen Rechner auch ein paar Scanner laufen lassen, weil er immer träger wird, im Internet manchmal richtig hängt und der Fingerscan wie von Geisterhand aufblinkt, als ob jemand eine Adminanforderung gestellt hätte und bestätigt wurde.

Hab dann mal in Autostart nachgeschaut, und eine mspd.exe gefunden, wo ich nicht weiss, was die macht. Nach Internetrecherchen hat es dann geheisen, das es eventuell ein Trojaner sein könnte.

Hab dann leider nicht widerstehen können und doch einige Scanner laufen lassen, welche auch einiges gefunden haben. Superantispyware hat mir dann unter anderem auch die mspd.exe angezeigt.

Ich hoffe ihr könnt mich bei meinen Problem auch unterstützen.

Anbei das Log von Gmer

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-15 01:28:02
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 Hitachi_ rev.FB4O
Running: lwdcbtwt.exe; Driver: C:\Users\Bodo\AppData\Local\Temp\kwtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT            910D8B96                                                                                                                                          ZwCreateSection
SSDT            910D8BA0                                                                                                                                          ZwRequestWaitReplyPort
SSDT            910D8B9B                                                                                                                                          ZwSetContextThread
SSDT            910D8BA5                                                                                                                                          ZwSetSecurityObject
SSDT            910D8BAA                                                                                                                                          ZwSystemDebugControl
SSDT            910D8B37                                                                                                                                          ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                          8304A3C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                            83083D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                               8308AEAC 4 Bytes  [96, 8B, 0D, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                               8308B208 4 Bytes  [A0, 8B, 0D, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                                               8308B24C 4 Bytes  [9B, 8B, 0D, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                                               8308B2C8 4 Bytes  [A5, 8B, 0D, 91]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                                               8308B31C 4 Bytes  [AA, 8B, 0D, 91]
.text           ...                                                                                                                                               
.vmp2           C:\Windows\system32\drivers\acedrv11.sys                                                                                                          entry point in ".vmp2" section [0xA1A6D69D]
.text           D:\CyberLink\PowerDVD8\PowerDVD8\000.fcl                                                                                                          section is writeable [0xA1B68000, 0x2892, 0xE8000020]
.vmp2           D:\CyberLink\PowerDVD8\PowerDVD8\000.fcl                                                                                                          entry point in ".vmp2" section [0xA1B8B050]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                           Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                           Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000053                                                                                                                 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                           Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                            hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                            hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                            hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                            hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                            hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                                                                            hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                                                                            hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                                            fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                                            rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume8                                                                                                            hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b2235d                                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b2235d@0016b84829a2                                                          0x05 0xF2 0x21 0xB1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b2235d@b0ec7109bdb9                                                          0xD4 0x5C 0x86 0x72 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b2235d (not active ControlSet)                                                   
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b2235d@0016b84829a2                                                              0x05 0xF2 0x21 0xB1 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b2235d@b0ec7109bdb9                                                              0xD4 0x5C 0x86 0x72 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}                                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{91AE4577-AFD4-690D-A343-5C8E3C82B1F6}@pakejmagabfdeieggdbnmnhhpdkkkkgn  0x61 0x62 0x70 0x69 ...
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}                                   
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92C1845F-9629-E837-45B3-5CE2552BF71B}@pahkcmcamhdadjfkagekbgbhjjogehob  0x61 0x62 0x6D 0x6F ...

---- EOF - GMER 1.0.15 ----

Nun das Log von Malwarebytes

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Bodo :: BODO-PC [Administrator]

15.07.2012 09:52:04
mbam-log-2012-07-15 (09-52-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 424065
Laufzeit: 2 Stunde(n), 23 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hier das log von eset

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Bodo :: BODO-PC [Administrator]

15.07.2012 09:52:04
mbam-log-2012-07-15 (09-52-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 424065
Laufzeit: 2 Stunde(n), 23 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Den gefundenen Ordner von ESET hab ich schon gelöscht.

Hier die Log von adwcleaner

sorry, find das log nicht mehr

Hier das Log von Superantispyware

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/15/2012 at 09:31 PM

Application Version : 5.5.1006

Core Rules Database Version : 8902
Trace Rules Database Version: 6714

Scan type       : Complete Scan
Total Scan Time : 02:43:40

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 833
Memory threats detected   : 0
Registry items scanned    : 35930
Registry threats detected : 1
File items scanned        : 185514
File threats detected     : 80

Adware.Tracking Cookie
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\6B4T9CWM.txt [ /fastclick.net ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\2R6DBYQ5.txt [ /tracking.quisma.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\3X96MEY5.txt [ /ad1.adfarm1.adition.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\UI45GQ7R.txt [ /mediaplex.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\Y1WC960K.txt [ /ad.zanox.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\VW01H9LA.txt [ /atdmt.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\OH10EEPB.txt [ /doubleclick.net ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\830B0ROW.txt [ /zanox-affiliate.de ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\09GKVWBL.txt [ /adfarm1.adition.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\VHRYBYRM.txt [ /track.adform.net ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\2VWOKTHE.txt [ /adbrite.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\IVEVKVXA.txt [ /apmebf.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\FK72IXFC.txt [ /zanox.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\7321EY1D.txt [ /pro-market.net ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\Y4O0SJCM.txt [ /www.zanox-affiliate.de ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\7DIEBN46.txt [ /dyntracker.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\GESDBPFI.txt [ /smartadserver.com ]
	C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Cookies\XX9PWKTM.txt [ /adform.net ]
	C:\USERS\BODO\AppData\Roaming\Microsoft\Windows\Cookies\Low\bodo@atdmt[2].txt [ Cookie:bodo@atdmt.com/ ]
	C:\USERS\BODO\Cookies\6B4T9CWM.txt [ Cookie:bodo@fastclick.net/ ]
	C:\USERS\BODO\Cookies\VW01H9LA.txt [ Cookie:bodo@atdmt.com/ ]
	C:\USERS\BODO\Cookies\OH10EEPB.txt [ Cookie:bodo@doubleclick.net/ ]
	C:\USERS\BODO\Cookies\2VWOKTHE.txt [ Cookie:bodo@adbrite.com/ ]
	C:\USERS\BODO\Cookies\IVEVKVXA.txt [ Cookie:bodo@apmebf.com/ ]
	C:\USERS\BODO\Cookies\FK72IXFC.txt [ Cookie:bodo@zanox.com/ ]
	C:\USERS\BODO\Cookies\7321EY1D.txt [ Cookie:bodo@pro-market.net/ ]
	C:\USERS\BODO\Cookies\Y4O0SJCM.txt [ Cookie:bodo@www.zanox-affiliate.de/ ]
	C:\USERS\BODO\Cookies\7DIEBN46.txt [ Cookie:bodo@dyntracker.com/ ]
	C:\USERS\BODO\Cookies\GESDBPFI.txt [ Cookie:bodo@smartadserver.com/ ]
	C:\USERS\BODO\Cookies\XX9PWKTM.txt [ Cookie:bodo@adform.net/ ]
	a.banner.t-online.de [ C:\USERS\BODO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F4GGDZES ]
	cdn1.eyewonder.com [ C:\USERS\BODO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F4GGDZES ]
	cdn5.specificclick.net [ C:\USERS\BODO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F4GGDZES ]
	piximedia.fr [ C:\USERS\BODO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F4GGDZES ]
	s0.2mdn.net [ C:\USERS\BODO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F4GGDZES ]
	serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F4GGDZES ]
	www.office-discount.de [ C:\USERS\BODO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F4GGDZES ]
	www.secmedia.de [ C:\USERS\BODO\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\F4GGDZES ]
	C:\USERS\BODO\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\BODO@WW251.SMARTADSERVER[1].TXT [ /WW251.SMARTADSERVER ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.im.banner.t-online.de [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	beacons.hottraffic.nl [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	ww251.smartadserver.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-Malagent
	[mspd] C:\WINDOWS\SYSTEM32\MSPD.EXE
	C:\WINDOWS\SYSTEM32\MSPD.EXE

Trojan.Agent/Gen-Krpytik
	E:\SIERRA\UPBALL3\L0.DLL
	E:\SIERRA\UPBALL3\L1.DLL
	E:\SIERRA\UPBALL3\L4.DLL
	E:\SIERRA\UPBALL3\L5.DLL
	E:\SIERRA\UPBALL3\T0.DLL
	E:\SIERRA\UPBALL3\T2.DLL
	E:\SIERRA\UPBALL3\T3.DLL
	E:\SIERRA\UPBALL3\T4.DLL
	E:\SIERRA\UPBALL3\T5.DLL
	E:\SIERRA\UPBALL3\V0.DLL
	E:\SIERRA\UPBALL3\V1.DLL
	E:\SIERRA\UPBALL3\V2.DLL
	E:\SIERRA\UPBALL3\V3.DLL
	E:\SIERRA\UPBALL3\V4.DLL
	E:\SIERRA\UPBALL3\V5.DLL

Soll ich den Fund von SUPERAntiSpyware jetzt erst mal so belassen, soll ich was löschen oder einfach schliessen?

Herzlichen Dank im voraus
Schöne Grüße Bodolino

cosinus · 16.07.2012, 21:49

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die

+ R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

ATTFilter

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

ATTFilter

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Bodolino · 16.07.2012, 22:00

Hey Arne,

danke für´s annehmen von meinen Problem.

Eset hab ich schon ausgeführt, hab gerade gesehen, das ich das falsche log gesendet habe.
Hier ist der log von gestern Nachmittag-Abend

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2757e1de06e89f4f80ea6e0f284f8b5c
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-15 04:26:35
# local_time=2012-07-15 06:26:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 16644234 16644234 0 0
# compatibility_mode=5893 16776573 100 94 142712 93993317 0 0
# compatibility_mode=8192 67108863 100 0 89 89 0 0
# scanned=213642
# found=8
# cleaned=0
# scan_time=7468
D:\Bodo\Diverses\Adventskalender\OTR\tuerchen10-Dateien\a.htm	JS/Kryptik.CC trojan (unable to clean)	00000000000000000000000000000000	I
D:\Bodo\Diverses\Adventskalender\OTR\tuerchen14-Dateien\a.htm	JS/Kryptik.CC trojan (unable to clean)	00000000000000000000000000000000	I
D:\Bodo\Diverses\Adventskalender\OTR\tuerchen17-Dateien\a.htm	JS/Kryptik.CC trojan (unable to clean)	00000000000000000000000000000000	I
D:\Bodo\Diverses\Adventskalender\OTR\tuerchen18-Dateien\a.htm	JS/Kryptik.CC trojan (unable to clean)	00000000000000000000000000000000	I
D:\Bodo\Diverses\Adventskalender\OTR\tuerchen22-Dateien\a.htm	JS/Kryptik.CC trojan (unable to clean)	00000000000000000000000000000000	I
D:\Bodo\Diverses\Adventskalender\OTR\tuerchen23-Dateien\a.htm	JS/Kryptik.CC trojan (unable to clean)	00000000000000000000000000000000	I
D:\Bodo\Diverses\Adventskalender\OTR\tuerchen24-Dateien\a.htm	JS/Kryptik.CC trojan (unable to clean)	00000000000000000000000000000000	I
D:\Bodo\Diverses\Adventskalender\OTR\tuerchen9-Dateien\a.htm	JS/Kryptik.CC trojan (unable to clean)	00000000000000000000000000000000	I

Herzlichen Dank und schöne Grüße
Bodo

cosinus · 17.07.2012, 12:08

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Bodolino · 17.07.2012, 14:35

Hallo Arne,

hier das log von AdwCleaner

# AdwCleaner v1.702 - Logfile created 07/17/2012 at 15:24:03
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Bodo - BODO-PC
# Running from : C:\Users\Bodo\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar

***** [Registre - GUID] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v3.5 (de)

Profile name : default
File : C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4308 octets] - [15/07/2012 18:35:35]
AdwCleaner[S1].txt - [4336 octets] - [15/07/2012 18:37:38]
AdwCleaner[R2].txt - [1065 octets] - [17/07/2012 15:22:08]
AdwCleaner[R3].txt - [997 octets] - [17/07/2012 15:24:03]

########## EOF - C:\AdwCleaner[R3].txt - [1124 octets] ##########

Ich hab übrigens gestern im Autostart die MSPD.exe deaktiviert, da ich schon fast nicht mehr arbeiten hab können. Seitdem läuft der Computer wieder zügiger und der Fingerscan hat seitdem auch nicht mehr unkontrolliert aufgeblinkt.

Soll ich die MSPD.exe im Autostart noch mal aktivieren und dann AdwCleaner durchlaufen lassen?

Danke und schöne Grüße
Bodo

cosinus · 18.07.2012, 13:56

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Bodolino · 18.07.2012, 15:59

Hey Arne,

hier die log-Datei von AdwCleaner

Code:

ATTFilter

# AdwCleaner v1.702 - Logfile created 07/18/2012 at 16:48:26
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Bodo - BODO-PC
# Running from : C:\Users\Bodo\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v3.5 (de)

Profile name : default 
File : C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4308 octets] - [15/07/2012 18:35:35]
AdwCleaner[S1].txt - [4336 octets] - [15/07/2012 18:37:38]
AdwCleaner[R2].txt - [1065 octets] - [17/07/2012 15:22:08]
AdwCleaner[R3].txt - [1125 octets] - [17/07/2012 15:24:03]
AdwCleaner[R4].txt - [1186 octets] - [17/07/2012 15:43:30]
AdwCleaner[S2].txt - [997 octets] - [18/07/2012 16:48:26]

########## EOF - C:\AdwCleaner[S2].txt - [1124 octets] ##########

Schöne Grüße und Danke schön
Bodo

cosinus · 18.07.2012, 20:33

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Bodolino · 18.07.2012, 21:01

Hey Arne,

also ich find, das Windows wieder normal läuft, (bis auf das, das ich mal wieder meinen Computer entrümpeln müßte ) das einzige was mir auffällt wenn ich hier schreibe ist es etwas träge, sprich die Buchstaben erscheinen teilweise verspätet oder gar nicht, genauso wenn ich eine Web-Adresse eingib. Im Startmenü fällt mir jetzt nichts verdächtiges auf, müsste alles da sein. Ein Ordner ist leer (Arcade deluxe), aber ich könnt Dir jetzt gar nicht sagen, was da drin war (ich glaub Spiele) , also nichts wichtiges.

Die Funde von SUPERAntiSpyware hab ich noch nicht entfernen lassen, sprich auch die MSPD.exe usw. Ich hab lediglich die MSPD im Autostart deaktiviert.

Herzlichen Dank für Deine Mühe.
Schöne Grüße und bis dann
Bodo

cosinus · 19.07.2012, 16:04

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Bodolino · 19.07.2012, 20:04

Hey Arne,

log ist fertig

Code:

ATTFilter

OTL logfile created on: 19.07.2012 18:12:22 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\Bodo\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 67,32% Memory free
5,99 Gb Paging File | 4,92 Gb Available in Paging File | 82,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 69,44 Gb Free Space | 69,44% Space Free | Partition Type: NTFS
Drive D: | 60,00 Gb Total Space | 42,31 Gb Free Space | 70,52% Space Free | Partition Type: NTFS
Drive E: | 60,00 Gb Total Space | 58,77 Gb Free Space | 97,94% Space Free | Partition Type: NTFS
Drive F: | 77,00 Gb Total Space | 55,68 Gb Free Space | 72,31% Space Free | Partition Type: NTFS
Drive G: | 1,08 Gb Total Space | 1,07 Gb Free Space | 98,98% Space Free | Partition Type: FAT32
Drive H: | 195,00 Gb Total Space | 31,55 Gb Free Space | 16,18% Space Free | Partition Type: NTFS
Drive I: | 195,00 Gb Total Space | 51,02 Gb Free Space | 26,17% Space Free | Partition Type: NTFS
Drive J: | 75,76 Gb Total Space | 12,81 Gb Free Space | 16,90% Space Free | Partition Type: NTFS
 
Computer Name: BODO-PC | User Name: Bodo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.19 18:08:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bodo\Desktop\OTL.exe
PRC - [2012.05.09 06:27:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 06:27:44 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 06:27:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 06:27:44 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.31 16:35:56 | 000,605,344 | ---- | M] (Atheros Communications) -- D:\Bluetooth Suite\BtvStack.exe
PRC - [2011.03.31 16:35:52 | 000,519,328 | ---- | M] (Atheros Commnucations) -- D:\Bluetooth Suite\AthBtTray.exe
PRC - [2011.03.31 16:35:50 | 000,068,768 | ---- | M] (Atheros Commnucations) -- D:\Bluetooth Suite\AdminService.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () -- D:\CDBurnerXP\NMSAccessU.exe
PRC - [2009.09.05 10:16:54 | 003,452,928 | ---- | M] (Egis Technology Inc.) -- C:\Programme\Acer Bio Protection\BASVC.exe
PRC - [2009.09.05 10:16:40 | 003,407,360 | ---- | M] (Egis Technology Inc.) -- C:\Programme\Acer Bio Protection\CompPtcVUI.exe
PRC - [2009.07.28 17:07:42 | 000,073,528 | ---- | M] (AVM Berlin) -- D:\Fritzbox\FRITZ!DSL\IGDCTRL.EXE
PRC - [2009.07.20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- D:\Maus\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.20 12:01:00 | 000,760,120 | ---- | M] (AVM Berlin) -- D:\Fritzbox\FRITZ!DSL\StCenter.exe
PRC - [2009.07.10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.06.03 03:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe
PRC - [2009.04.09 13:45:26 | 001,061,688 | ---- | M] (AVM Berlin) -- D:\Fritzbox\FRITZ!DSL\FwebProt.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2008.06.30 18:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.19 07:21:36 | 000,163,728 | ---- | M] () -- C:\Programme\Lavasoft\Ad-Aware\ShellExt.dll
MOD - [2009.07.20 13:27:14 | 000,017,936 | ---- | M] () -- D:\Maus\Logitech\SetPoint\khalwrapper.dll
MOD - [2009.04.27 13:55:12 | 000,678,400 | ---- | M] () -- D:\IZArc (Packen)\IZArcCM.dll
MOD - [2009.02.23 16:44:18 | 001,347,584 | ---- | M] () -- D:\Foto Film und Audio\XnView\ShellEx\XnViewShellExt.dll
MOD - [2008.06.30 18:56:32 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.12 16:23:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.09 06:27:45 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.09 06:27:44 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.10 03:51:12 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.05.19 07:21:30 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.03.31 16:35:50 | 000,068,768 | ---- | M] (Atheros Commnucations) [Auto | Running] -- D:\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.10.27 12:20:28 | 000,109,072 | ---- | M] (Paragon Software Group) [On_Demand | Stopped] -- D:\Paragon Software\Paragon Backup and Recovery 10 Suite\program\dbhservice.exe -- (Paragon System Backup Dienst)
SRV - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.09.05 10:16:54 | 003,452,928 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Programme\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2009.07.28 17:07:42 | 000,073,528 | ---- | M] (AVM Berlin) [Auto | Running] -- D:\Fritzbox\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2009.07.20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.06.03 03:12:50 | 000,599,344 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- D:\Homebanking\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2007.11.06 22:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\archlp.sys -- (archlp)
DRV - [2012.05.09 06:27:45 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 06:27:45 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.03.31 16:36:04 | 000,247,968 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btfilter.sys -- (BtFilter)
DRV - [2011.03.31 16:36:02 | 000,266,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV - [2011.03.31 16:36:02 | 000,226,976 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV - [2011.03.31 16:36:02 | 000,147,104 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV - [2011.03.31 16:36:02 | 000,097,440 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_avdt.sys -- (btath_avdt)
DRV - [2011.03.31 16:36:02 | 000,052,384 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV - [2011.03.31 16:36:02 | 000,043,680 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AthDfu.sys -- (ATHDFU)
DRV - [2011.03.31 16:36:02 | 000,035,488 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btath_flt.sys -- (AthBTPort)
DRV - [2011.03.31 16:36:02 | 000,024,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btath_bus.sys -- (BTATH_BUS)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010.11.08 07:06:31 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.11.18 22:32:33 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaura.sys -- (avmaura)
DRV - [2009.11.12 06:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.10.27 12:20:26 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2009.09.28 21:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.09.23 14:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009.09.15 20:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009.08.23 06:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009.08.13 23:53:26 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/01/06 23:51:18] [Kernel | Auto | Running] -- D:\CyberLink\PowerDVD8\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009.08.07 12:18:28 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.03.09 17:58:00 | 000,056,320 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2009.02.20 20:09:16 | 000,044,032 | ---- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB)
DRV - [2008.11.08 10:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.03.12 13:52:34 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.11.06 22:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007.04.27 11:13:34 | 000,044,800 | R--- | M] (Intel Corporation (UK)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CE6230StandaloneDriver.sys -- (ce6230)
DRV - [2007.04.27 05:29:10 | 000,019,328 | R--- | M] (Intel Corporation (UK)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CE6230BDA.sys -- (ce6230BDACAP)
DRV - [2007.02.08 15:45:14 | 000,029,184 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dsiarhwprog.sys -- (dsiarhwprog)
DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1501325428-669346799-357816155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1501325428-669346799-357816155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1501325428-669346799-357816155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1501325428-669346799-357816155-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.online-translator.com/Default.aspx?prmtlang=de
IE - HKU\S-1-5-21-1501325428-669346799-357816155-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1501325428-669346799-357816155-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1501325428-669346799-357816155-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1501325428-669346799-357816155-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1501325428-669346799-357816155-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1501325428-669346799-357816155-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1501325428-669346799-357816155-1001\..\SearchScopes\{FE42AB68-3E01-415E-A715-2DE640DAED20}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1501325428-669346799-357816155-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: D:\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\PDF XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Foto Film und Audio\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: D:\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Foto Film und Audio\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: D:\PDF XChange Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Bodo\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: D:\Firefox\components [2012.07.12 23:08:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: D:\Firefox\plugins [2012.07.09 22:56:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Components: D:\Thunderbird\components [2012.04.26 22:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0\extensions\\Plugins: D:\Thunderbird\plugins [2008.02.22 17:24:06 | 000,095,832 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: D:\Mobile Master (Handy)\ext\1\ [2012.03.10 18:47:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: D:\Firefox\components [2012.07.12 23:08:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: D:\Firefox\plugins [2012.07.09 22:56:16 | 000,000,000 | ---D | M]
 
[2010.09.27 17:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bodo\AppData\Roaming\mozilla\Extensions
[2010.09.27 17:18:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bodo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.14 23:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bodo\AppData\Roaming\mozilla\Firefox\Profiles\dkvo1wf9.default\extensions
[2012.07.12 23:39:45 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Bodo\AppData\Roaming\mozilla\Firefox\Profiles\dkvo1wf9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009.11.27 22:19:19 | 000,000,694 | ---- | M] () -- C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\searchplugins\icq-search.xml
[2010.01.06 23:26:11 | 000,000,961 | ---- | M] () -- C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\searchplugins\icqplugin-1.xml
[2010.02.19 00:12:15 | 000,000,961 | ---- | M] () -- C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\searchplugins\icqplugin-2.xml
[2009.12.17 23:52:43 | 000,000,961 | ---- | M] () -- C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\searchplugins\icqplugin.xml
[2012.04.01 17:21:51 | 000,128,837 | ---- | M] () (No name found) -- C:\USERS\BODO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DKVO1WF9.DEFAULT\EXTENSIONS\TOOLBAR-FF@PAYBACK.DE.XPI
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - D:\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1501325428-669346799-357816155-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AthBtTray] D:\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4 - HKLM..\Run: [AtherosBtStack] D:\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PDFPrint] D:\pdf24 (PDF kreieren)\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-21-1501325428-669346799-357816155-1001..\Run: [AVMUSBFernanschluss] C:\Users\Bodo\AppData\Local\Apps\2.0\8C4DLC30.M1O\BW4CZV7Q.50A\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin)
O4 - HKU\S-1-5-21-1501325428-669346799-357816155-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1501325428-669346799-357816155-1001..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = D:\Fritzbox\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - D:\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Fritzbox\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Fritzbox\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Fritzbox\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Fritzbox\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - D:\Fritzbox\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98C369BD-5DCE-4C71-BA76-FF03134D8D81}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{13bbb2b3-ec8b-11e0-a831-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{13bbb2b3-ec8b-11e0-a831-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{349505e5-c539-11e0-ade8-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{349505e5-c539-11e0-ade8-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{3a3c5cb1-acf6-11e1-9ac4-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{3a3c5cb1-acf6-11e1-9ac4-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{3a3c5cd4-acf6-11e1-9ac4-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{3a3c5cd4-acf6-11e1-9ac4-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{5f296395-9d27-11e0-bddb-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{5f296395-9d27-11e0-bddb-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{6a5d05a8-6b35-11df-80f5-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a5d05a8-6b35-11df-80f5-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{6a5d05c8-6b35-11df-80f5-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a5d05c8-6b35-11df-80f5-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{8364e88c-5ea4-11df-b609-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{8364e88c-5ea4-11df-b609-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{8364e8a4-5ea4-11df-b609-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{8364e8a4-5ea4-11df-b609-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{bd0a82fa-c535-11e0-b1e8-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{bd0a82fa-c535-11e0-b1e8-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{bd0a830e-c535-11e0-b1e8-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{bd0a830e-c535-11e0-b1e8-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{dba17bc3-9c62-11e0-9ab7-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{dba17bc3-9c62-11e0-9ab7-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - D:\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^Bodo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk - C:\Programme\Common Files\Logishrd\eReg\SetPoint\eReg.exe - (Leader Technologies/Logitech)
MsConfig - StartUpReg: AVMUSBFernanschluss - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink)
MsConfig - StartUpReg: LManager - hkey= - key= - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
MsConfig - StartUpReg: mspd - hkey= - key= -  File not found
MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - D:\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe (CyberLink Corp.)
MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - D:\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: VirtualCloneDrive - hkey= - key= - D:\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig - StartUpReg: VitaKeyPdtWzd - hkey= - key= - C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
MsConfig - State: "startup" - 2
 
SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.19 18:08:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bodo\Desktop\OTL.exe
[2012.07.15 18:45:07 | 000,000,000 | ---D | C] -- C:\Users\Bodo\AppData\Roaming\SUPERAntiSpyware.com
[2012.07.15 18:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.07.15 18:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.07.15 18:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.07.15 18:40:04 | 000,000,000 | R--D | C] -- C:\Users\Bodo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012.07.15 16:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.14 23:19:29 | 018,101,376 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Bodo\Desktop\SUPERAntiSpyware.exe
[2012.07.14 23:11:02 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Bodo\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.14 23:10:08 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Bodo\Desktop\esetsmartinstaller_enu.exe
[2012.07.12 23:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.07.12 23:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.07.11 13:52:00 | 000,000,000 | ---D | C] -- C:\Users\Bodo\Documents\GTA San Andreas User Files
[2012.07.09 23:11:56 | 000,000,000 | ---D | C] -- C:\Users\Bodo\AppData\Roaming\Malwarebytes
[2012.07.09 23:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.09 23:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.09 23:11:48 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.09 23:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.09 22:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.24 00:16:13 | 000,000,000 | ---D | C] -- C:\Users\Bodo\AppData\Local\Macromedia
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.19 18:08:43 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bodo\Desktop\OTL.exe
[2012.07.19 18:04:58 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.19 18:04:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.18 16:58:29 | 000,019,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 16:58:29 | 000,019,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.18 16:53:59 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.07.18 16:50:42 | 2413,522,944 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 16:46:03 | 000,654,194 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.17 16:46:03 | 000,616,036 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.17 16:46:03 | 000,130,034 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.17 16:46:03 | 000,106,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.17 15:43:12 | 000,624,883 | ---- | M] () -- C:\Users\Bodo\Desktop\adwcleaner.exe
[2012.07.16 16:31:57 | 000,007,596 | ---- | M] () -- C:\Users\Bodo\AppData\Local\Resmon.ResmonCfg
[2012.07.15 18:44:27 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.15 09:50:08 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.14 23:19:38 | 018,101,376 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Bodo\Desktop\SUPERAntiSpyware.exe
[2012.07.14 23:11:08 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Bodo\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.14 23:10:09 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Bodo\Desktop\esetsmartinstaller_enu.exe
[2012.07.14 22:59:47 | 000,302,592 | ---- | M] () -- C:\Users\Bodo\Desktop\lwdcbtwt.exe
[2012.07.12 06:04:28 | 000,493,072 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.07.17 15:43:01 | 000,624,883 | ---- | C] () -- C:\Users\Bodo\Desktop\adwcleaner.exe
[2012.07.16 16:31:57 | 000,007,596 | ---- | C] () -- C:\Users\Bodo\AppData\Local\Resmon.ResmonCfg
[2012.07.15 18:44:27 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.07.14 22:59:46 | 000,302,592 | ---- | C] () -- C:\Users\Bodo\Desktop\lwdcbtwt.exe
[2012.07.09 23:11:50 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.07.26 12:48:46 | 000,000,218 | ---- | C] () -- C:\Users\Bodo\.recently-used.xbel
[2011.07.17 03:00:53 | 000,000,681 | ---- | C] () -- C:\Windows\RUMMY500.INI
[2011.06.20 02:24:51 | 000,001,078 | ---- | C] () -- C:\Windows\wschk.ini
[2011.05.06 23:47:55 | 000,017,408 | ---- | C] () -- C:\Users\Bodo\AppData\Local\WebpageIcons.db
[2011.03.31 16:32:04 | 000,246,804 | ---- | C] () -- C:\Windows\System32\drivers\AtherosBt.bin
[2011.02.24 13:22:16 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.12.30 16:11:15 | 000,389,632 | ---- | C] () -- C:\Windows\System32\mspd.exe
[2010.01.08 12:49:57 | 000,010,752 | ---- | C] () -- C:\Users\Bodo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.07.06 20:22:45 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Akademische Arbeitsgemeinschaft
[2011.02.24 13:06:19 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\AnvSoft
[2010.01.08 13:58:35 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Audacity
[2009.11.18 20:45:18 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Auslogics
[2010.02.08 23:52:20 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Autodesk
[2011.02.24 13:54:31 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\avidemux
[2009.11.18 21:19:11 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Canneverbe_Limited
[2010.02.05 22:18:23 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Canon
[2010.03.04 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\CasaPortale.de
[2010.04.21 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\CD-LabelPrint
[2012.06.16 00:12:36 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\DVDVideoSoft
[2011.10.10 17:50:00 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\elsterformular
[2012.07.16 23:25:22 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\FRITZ!
[2009.11.19 00:12:54 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2010.01.09 17:08:38 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\GlarySoft
[2010.03.04 20:13:07 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\gtk-2.0
[2011.03.24 01:16:58 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Haenlein-Software
[2010.02.06 21:02:25 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\inkscape
[2009.12.11 23:59:05 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\jpg-Illuminator
[2012.03.10 16:21:38 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Jumping Bytes
[2009.11.18 01:32:48 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Leadertech
[2012.02.04 21:42:39 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\LG Electronics
[2012.02.04 21:48:10 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\LGAAS
[2012.03.10 22:44:32 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Mobile Master
[2009.11.20 00:40:19 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\OpenOffice.org
[2011.02.23 13:59:02 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\ProtectDisc
[2010.09.27 17:18:28 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Thunderbird
[2009.11.17 23:56:46 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Validity
[2011.07.29 12:38:32 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\XnView
[2012.07.18 16:53:59 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2012.05.16 19:33:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.11.18 02:46:43 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Adobe
[2010.07.06 20:22:45 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Akademische Arbeitsgemeinschaft
[2011.02.24 13:06:19 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\AnvSoft
[2010.01.07 01:34:54 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\ArcSoft
[2012.03.10 12:59:30 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Atheros
[2010.01.08 13:58:35 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Audacity
[2009.11.18 20:45:18 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Auslogics
[2010.02.08 23:52:20 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Autodesk
[2011.02.24 13:54:31 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\avidemux
[2012.01.05 02:03:48 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Avira
[2009.11.18 21:19:11 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Canneverbe_Limited
[2010.02.05 22:18:23 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Canon
[2010.03.04 19:29:28 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\CasaPortale.de
[2010.04.21 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\CD-LabelPrint
[2011.02.19 17:28:45 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\CyberLink
[2009.12.12 00:37:48 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\DivX
[2011.02.26 10:44:24 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\dvdcss
[2012.06.16 00:12:36 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\DVDVideoSoft
[2011.10.10 17:50:00 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\elsterformular
[2012.07.16 23:25:22 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\FRITZ!
[2009.11.19 00:12:54 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2010.01.09 17:08:38 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\GlarySoft
[2010.03.04 20:13:07 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\gtk-2.0
[2011.03.24 01:16:58 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Haenlein-Software
[2009.11.17 23:33:24 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Identities
[2010.02.06 21:02:25 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\inkscape
[2009.11.17 23:51:27 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\InstallShield
[2009.12.11 23:59:05 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\jpg-Illuminator
[2012.03.10 16:21:38 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Jumping Bytes
[2009.11.18 01:32:48 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Leadertech
[2012.02.04 21:42:39 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\LG Electronics
[2012.02.04 21:48:10 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\LGAAS
[2009.11.18 01:32:51 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Logitech
[2009.11.18 02:46:43 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Macromedia
[2012.07.09 23:11:56 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Media Center Programs
[2012.06.24 00:16:13 | 000,000,000 | --SD | M] -- C:\Users\Bodo\AppData\Roaming\Microsoft
[2009.12.19 02:22:12 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Microsoft Web Folders
[2012.03.10 22:44:32 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Mobile Master
[2011.05.07 00:33:31 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Mozilla
[2010.02.13 23:32:03 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Nero
[2009.11.20 00:40:19 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\OpenOffice.org
[2011.02.23 13:59:02 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\ProtectDisc
[2012.07.15 18:45:07 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\SUPERAntiSpyware.com
[2009.11.19 23:25:21 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Talkback
[2010.09.27 17:18:28 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Thunderbird
[2009.11.17 23:56:46 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Validity
[2012.07.12 17:11:44 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\vlc
[2009.12.09 00:04:25 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\Winamp
[2011.07.29 12:38:32 | 000,000,000 | ---D | M] -- C:\Users\Bodo\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2012.03.12 23:29:23 | 005,199,808 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\install_dfv12.exe
[2012.02.10 21:22:09 | 008,843,080 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\install_est11.exe
[2012.03.12 23:28:43 | 006,232,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur11.exe
[2012.03.12 23:29:04 | 005,933,208 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst11.exe
[2012.03.12 23:28:54 | 005,861,416 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz11.exe
[2012.03.12 23:29:31 | 005,268,208 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lsta12.exe
[2012.03.12 23:29:39 | 005,430,712 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\install_lstb12.exe
[2012.03.12 23:29:13 | 005,836,248 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\install_par34a11.exe
[2012.02.10 21:22:18 | 005,026,376 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ust11.exe
[2012.02.06 19:46:50 | 004,939,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\install_ustva12.exe
[2012.01.05 01:20:26 | 004,051,632 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_7094_7699.exe
[2012.02.06 08:00:36 | 004,388,112 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_7699_8086.exe
[2012.03.04 20:05:36 | 004,643,176 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_8086_8394.exe
[2012.05.07 18:50:46 | 004,277,888 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_8394_8623.exe
[2012.01.05 01:21:00 | 004,048,168 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_7094_7699.exe
[2012.02.06 08:01:26 | 004,390,768 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_7699_8086.exe
[2012.03.04 20:05:51 | 004,642,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_8086_8394.exe
[2012.05.07 18:51:04 | 004,277,648 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_8394_8623.exe
[2012.05.07 18:51:19 | 004,264,240 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_12_8479_8623.exe
[2012.03.04 20:06:05 | 006,913,240 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8086_8394.exe
[2012.03.12 23:29:48 | 004,492,672 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8394_8479.exe
[2012.04.04 20:12:38 | 004,180,528 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8479_8531.exe
[2012.05.07 18:51:34 | 005,933,016 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_est_11_8531_8623.exe
[2012.01.05 01:21:26 | 004,067,576 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_7094_7699.exe
[2012.02.06 08:02:13 | 004,502,176 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_7699_8086.exe
[2012.03.04 20:06:20 | 004,691,768 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_8086_8394.exe
[2012.05.07 18:51:51 | 004,322,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_8394_8623.exe
[2012.02.06 08:03:02 | 004,501,512 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_7094_8086.exe
[2012.03.04 20:06:32 | 004,700,176 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_8086_8394.exe
[2012.05.07 18:52:06 | 004,324,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_8394_8623.exe
[2012.05.07 18:52:22 | 004,591,856 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_11_8479_8623.exe
[2012.02.06 08:05:24 | 004,448,056 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_7094_8086.exe
[2012.03.04 20:07:10 | 004,630,968 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_8086_8394.exe
[2012.05.07 18:53:25 | 004,279,840 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_8394_8623.exe
[2012.02.06 08:06:10 | 004,447,056 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_7094_8086.exe
[2012.03.04 20:07:23 | 004,631,456 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_8086_8394.exe
[2012.05.07 18:53:41 | 004,280,832 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_8394_8623.exe
[2012.05.07 18:53:57 | 004,506,672 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_11_8479_8623.exe
[2012.02.06 08:03:49 | 004,454,760 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_7094_8086.exe
[2012.03.04 20:06:44 | 004,637,496 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_8086_8394.exe
[2012.05.07 18:52:38 | 004,284,600 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_8394_8623.exe
[2012.02.06 08:04:36 | 004,453,216 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_7094_8086.exe
[2012.03.04 20:06:57 | 004,637,352 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_8086_8394.exe
[2012.05.07 18:52:54 | 004,283,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_8394_8623.exe
[2012.05.07 18:53:09 | 004,504,904 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_11_8479_8623.exe
[2012.01.05 01:21:53 | 004,058,240 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_7094_7699.exe
[2012.02.06 08:06:57 | 004,415,296 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_7699_8086.exe
[2012.03.04 20:07:36 | 004,646,376 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_8086_8394.exe
[2012.05.07 18:54:13 | 004,275,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_8394_8623.exe
[2012.01.05 01:22:19 | 004,052,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_7094_7699.exe
[2012.02.06 08:07:45 | 004,418,776 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_7699_8086.exe
[2012.03.04 20:07:48 | 004,648,632 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_8086_8394.exe
[2012.05.07 18:54:30 | 004,285,872 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_8394_8623.exe
[2012.05.07 18:54:47 | 004,267,496 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_12_8479_8623.exe
[2012.02.06 08:08:37 | 004,473,376 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_7094_8086.exe
[2012.03.04 20:08:02 | 004,697,488 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_8086_8394.exe
[2012.05.07 18:55:03 | 004,308,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_8394_8623.exe
[2012.02.06 08:09:26 | 004,482,440 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_7094_8086.exe
[2012.03.04 20:08:16 | 004,694,976 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_8086_8394.exe
[2012.05.07 18:55:20 | 004,313,696 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_8394_8623.exe
[2012.05.07 18:55:38 | 004,318,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_12_8479_8623.exe
[2012.02.06 08:10:16 | 004,842,576 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_7094_8086.exe
[2012.03.04 20:08:30 | 004,766,648 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_8086_8394.exe
[2012.05.07 18:55:55 | 004,285,984 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_8394_8623.exe
[2012.02.06 08:11:09 | 004,851,968 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_7094_8086.exe
[2012.03.04 20:08:43 | 004,766,752 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_8086_8394.exe
[2012.05.07 18:56:13 | 004,295,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_8394_8623.exe
[2012.05.07 18:56:31 | 004,282,328 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_11_8479_8623.exe
[2012.02.06 07:59:30 | 012,718,200 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_7094_8086.exe
[2012.03.04 20:05:11 | 007,447,064 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8086_8394.exe
[2012.03.12 23:28:24 | 003,841,320 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8394_8479.exe
[2012.05.07 18:50:19 | 005,576,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8479_8623.exe
[2012.01.05 01:22:45 | 004,049,248 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_7094_7699.exe
[2012.02.06 08:13:19 | 004,416,640 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_7699_8086.exe
[2012.03.04 20:09:41 | 004,673,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_8086_8394.exe
[2012.05.07 18:57:44 | 004,278,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_8394_8623.exe
[2012.01.05 01:23:10 | 004,051,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_7094_7699.exe
[2012.02.06 08:14:01 | 004,450,656 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_7699_8086.exe
[2012.03.04 20:09:54 | 004,658,456 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_8086_8394.exe
[2012.05.07 18:58:03 | 004,279,440 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_8394_8623.exe
[2012.03.04 20:10:09 | 004,715,656 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_12_8086_8394.exe
[2012.05.07 18:58:22 | 004,292,672 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_12_8394_8623.exe
[2012.02.06 08:11:54 | 004,473,720 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_7094_8086.exe
[2012.03.04 20:08:57 | 004,644,168 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_8086_8394.exe
[2012.05.07 18:56:49 | 004,288,728 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_8394_8623.exe
[2012.02.06 08:12:36 | 004,490,080 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_7094_8086.exe
[2012.03.04 20:09:10 | 004,646,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_8086_8394.exe
[2012.05.07 18:57:07 | 004,292,008 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_8394_8623.exe
[2012.03.04 20:09:27 | 004,729,840 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_11_8086_8394.exe
[2012.05.07 18:57:25 | 004,298,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_11_8394_8623.exe
[2011.10.10 17:44:23 | 011,250,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Bodo\AppData\Roaming\elsterformular\update\ElsterFormular_update-12_3_2_6814u.exe
[2011.03.24 01:18:45 | 006,235,620 | ---- | M] () -- C:\Users\Bodo\AppData\Roaming\Haenlein-Software\DVR-Studio Pro 2\temp\DVR-Studio Pro 2 Setup220ger.exe
[2011.03.26 01:09:53 | 000,094,208 | R--- | M] () -- C:\Users\Bodo\AppData\Roaming\Microsoft\Installer\{20C31435-2A0A-4580-BE8B-AC06FC243CA4}\python_icon.exe
[2009.07.22 17:28:36 | 000,477,976 | ---- | M] (Protect GmbH) -- C:\Users\Bodo\AppData\Roaming\ProtectDisc\License Helper v2\PDLicenseHelperBroker.exe
[2010.12.30 16:58:42 | 000,059,043 | ---- | M] () -- C:\Users\Bodo\AppData\Roaming\ProtectDisc\License Helper v2\uninst.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
[2009.06.04 12:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_x86_neutral_10aa509d6843c6fc\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:FB1B13D8

< End of report >

Danke und bis gleich
Gruß Bodo

cosinus · 19.07.2012, 20:48

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - user.js - File not found
[2009.11.27 22:19:19 | 000,000,694 | ---- | M] () -- C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\searchplugins\icq-search.xml
[2010.01.06 23:26:11 | 000,000,961 | ---- | M] () -- C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\searchplugins\icqplugin-1.xml
[2010.02.19 00:12:15 | 000,000,961 | ---- | M] () -- C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\searchplugins\icqplugin-2.xml
[2009.12.17 23:52:43 | 000,000,961 | ---- | M] () -- C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\searchplugins\icqplugin.xml
O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found
O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{13bbb2b3-ec8b-11e0-a831-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{13bbb2b3-ec8b-11e0-a831-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{349505e5-c539-11e0-ade8-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{349505e5-c539-11e0-ade8-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{3a3c5cb1-acf6-11e1-9ac4-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{3a3c5cb1-acf6-11e1-9ac4-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{3a3c5cd4-acf6-11e1-9ac4-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{3a3c5cd4-acf6-11e1-9ac4-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{5f296395-9d27-11e0-bddb-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{5f296395-9d27-11e0-bddb-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{6a5d05a8-6b35-11df-80f5-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a5d05a8-6b35-11df-80f5-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{6a5d05c8-6b35-11df-80f5-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{6a5d05c8-6b35-11df-80f5-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{8364e88c-5ea4-11df-b609-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{8364e88c-5ea4-11df-b609-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{8364e8a4-5ea4-11df-b609-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{8364e8a4-5ea4-11df-b609-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{bd0a82fa-c535-11e0-b1e8-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{bd0a82fa-c535-11e0-b1e8-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{bd0a830e-c535-11e0-b1e8-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{bd0a830e-c535-11e0-b1e8-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\{dba17bc3-9c62-11e0-9ab7-0022fa1fa41e}\Shell - "" = AutoRun
O33 - MountPoints2\{dba17bc3-9c62-11e0-9ab7-0022fa1fa41e}\Shell\AutoRun\command - "" = N:\AutoRun.exe
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:FB1B13D8
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Bodolino · 19.07.2012, 21:04

Hey Arne,

hat nicht funktioniert.
Ich hab auch wirklich alle Programme was ich schließen konnte, geschlossen.
Es kam der berühmte blaue Bildschirm mit Konflikt (weiss ich nicht mehr, ging alles zu schnell) und dann hat der Computer wieder neu gestartet.
Soll ich den fix nochmal machen?

Danke und schönen Gruß
Bodo

cosinus · 19.07.2012, 21:51

Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus.

Bodolino · 20.07.2012, 05:45

Guten morgen Arne,

hat geklappt.

hier die log-Datei

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\searchplugins\icq-search.xml moved successfully.
C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Bodo\AppData\Roaming\Mozilla\Firefox\Profiles\dkvo1wf9.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\FRITZ!protect deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\FRITZ!protect not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13bbb2b3-ec8b-11e0-a831-0022fa1fa41e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13bbb2b3-ec8b-11e0-a831-0022fa1fa41e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{13bbb2b3-ec8b-11e0-a831-0022fa1fa41e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13bbb2b3-ec8b-11e0-a831-0022fa1fa41e}\ not found.
File N:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{349505e5-c539-11e0-ade8-0022fa1fa41e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{349505e5-c539-11e0-ade8-0022fa1fa41e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{349505e5-c539-11e0-ade8-0022fa1fa41e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{349505e5-c539-11e0-ade8-0022fa1fa41e}\ not found.
File N:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a3c5cb1-acf6-11e1-9ac4-0022fa1fa41e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a3c5cb1-acf6-11e1-9ac4-0022fa1fa41e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a3c5cb1-acf6-11e1-9ac4-0022fa1fa41e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a3c5cb1-acf6-11e1-9ac4-0022fa1fa41e}\ not found.
File N:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a3c5cd4-acf6-11e1-9ac4-0022fa1fa41e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a3c5cd4-acf6-11e1-9ac4-0022fa1fa41e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3a3c5cd4-acf6-11e1-9ac4-0022fa1fa41e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3a3c5cd4-acf6-11e1-9ac4-0022fa1fa41e}\ not found.
File N:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f296395-9d27-11e0-bddb-0022fa1fa41e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f296395-9d27-11e0-bddb-0022fa1fa41e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f296395-9d27-11e0-bddb-0022fa1fa41e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f296395-9d27-11e0-bddb-0022fa1fa41e}\ not found.
File N:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a5d05a8-6b35-11df-80f5-0022fa1fa41e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a5d05a8-6b35-11df-80f5-0022fa1fa41e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a5d05a8-6b35-11df-80f5-0022fa1fa41e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a5d05a8-6b35-11df-80f5-0022fa1fa41e}\ not found.
File N:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a5d05c8-6b35-11df-80f5-0022fa1fa41e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a5d05c8-6b35-11df-80f5-0022fa1fa41e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6a5d05c8-6b35-11df-80f5-0022fa1fa41e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6a5d05c8-6b35-11df-80f5-0022fa1fa41e}\ not found.
File N:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8364e88c-5ea4-11df-b609-0022fa1fa41e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8364e88c-5ea4-11df-b609-0022fa1fa41e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8364e88c-5ea4-11df-b609-0022fa1fa41e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8364e88c-5ea4-11df-b609-0022fa1fa41e}\ not found.
File N:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8364e8a4-5ea4-11df-b609-0022fa1fa41e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8364e8a4-5ea4-11df-b609-0022fa1fa41e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8364e8a4-5ea4-11df-b609-0022fa1fa41e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8364e8a4-5ea4-11df-b609-0022fa1fa41e}\ not found.
File N:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd0a82fa-c535-11e0-b1e8-0022fa1fa41e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0a82fa-c535-11e0-b1e8-0022fa1fa41e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd0a82fa-c535-11e0-b1e8-0022fa1fa41e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0a82fa-c535-11e0-b1e8-0022fa1fa41e}\ not found.
File N:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd0a830e-c535-11e0-b1e8-0022fa1fa41e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0a830e-c535-11e0-b1e8-0022fa1fa41e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd0a830e-c535-11e0-b1e8-0022fa1fa41e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0a830e-c535-11e0-b1e8-0022fa1fa41e}\ not found.
File N:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba17bc3-9c62-11e0-9ab7-0022fa1fa41e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dba17bc3-9c62-11e0-9ab7-0022fa1fa41e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dba17bc3-9c62-11e0-9ab7-0022fa1fa41e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dba17bc3-9c62-11e0-9ab7-0022fa1fa41e}\ not found.
File N:\AutoRun.exe not found.
ADS C:\ProgramData\Temp:FB1B13D8 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Bodo
->Temp folder emptied: 352765134 bytes
->Temporary Internet Files folder emptied: 196532734 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 55379276 bytes
->Flash cache emptied: 23574 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Silke
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112472903 bytes
RecycleBin emptied: 3011367 bytes
 
Total Files Cleaned = 687,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Bodo
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
User: Silke
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07202012_063605

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Bin ab heut Nachmittag/Abend das ganze Wochenende über ein öffentliches Netzwerk on.
Bis später und Danke.
Schöne Grüße Bodo

18.07.2012, 20:33	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	mspd Trojaner o.ä. Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

19.07.2012, 21:51	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	mspd Trojaner o.ä. Starte Windows neu im abgesicherten Modus (mit Netzwerktreibern nach Möglichkeit), manchmal hakt das Fixen mit OTL im normalen Modus aber sehr oft funktioniert der Fix im abgesicherte Modus. __________________ Logfiles bitte immer in CODE-Tags posten

mspd Trojaner o.ä.

Plagegeister aller Art und deren Bekämpfung: mspd Trojaner o.ä.