Willkommen bei Windows Update - Verschlüsselungstrojaner

cosinus · 16.09.2012, 12:00

Kannst du denn wenigstens sehen wo in etwa OTL beim Script hängt? An einer bestimmten Stelle/Zeile im Script oder schon ganz am Anfang?

schnitzel_12 · 17.09.2012, 01:19

Wie kann ich das sehen?
Was ich sagen kann ist das der Explorer unmittelbar nach dem Starten des Fix beendet wird.
Und dann passiert eben nichts mehr.

cosinus · 17.09.2012, 11:56

Wenn das OTL-Fenster noch sichtbar bleibt solltest du unten eine Statusleiste von OTL sehen - da sieht man nämlich was OTL gerade tut. Auch wenn ein Log gerade erstellt wird, sieht man in welchem Bereich er gerade rumscannt

schnitzel_12 · 17.09.2012, 19:21

In der Statuszeile steht
"Killing processes. DO NOT INTERRUPT"

cosinus · 18.09.2012, 14:32

Probiers mal mit diesem Script bitte aus:

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\SearchScopes\{5F276539-372D-43BC-A681-4D4507B04092}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=1DE2DBE8-F401-41CC-A9D0-8D01C5FF8A1F&apn_sauid=F70E54C6-193B-4AE6-9B69-11E5C943A158
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-1214440339-725345543-332150421-1003..\Run: [504651AF] C:\WINDOWS\system32\09737FD3504651AFA464.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: SecretCity 3DChat - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - C:\PROGRA~1\SECRET~1\\SECRET~1.EXE File not found
O9 - Extra Button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe File not found
O9 - Extra 'Tools' menuitem : &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\09737FD3504651AFA464.exe) -  File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.13 12:22:39 | 000,000,000 | ---D | M] - G:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{*
C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Oblr
C:\Programme\Windows iLivid Toolbar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

schnitzel_12 · 18.09.2012, 19:47

The same procedure, another script, absolutely the same result.

cosinus · 19.09.2012, 15:01

Dann müssen wir das Script noch weiter kastrieren

Probier es hiermit:

Code:

ATTFilter

:OTL
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\09737FD3504651AFA464.exe) -  File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.13 12:22:39 | 000,000,000 | ---D | M] - G:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{*
C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Oblr
C:\Programme\Windows iLivid Toolbar
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

schnitzel_12 · 19.09.2012, 18:18

ähhhhhhhhhhhm - nö.

cosinus · 20.09.2012, 10:14

Dann müssen wir OTL erstmal sein lassen, probieren wir später nochmal

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

schnitzel_12 · 23.09.2012, 16:16

Das hat zur Abwechslung funktioniert

Code:

ATTFilter

17:11:45.0750 1068  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:11:45.0937 1068  ============================================================
17:11:45.0937 1068  Current date / time: 2012/09/23 17:11:45.0937
17:11:45.0937 1068  SystemInfo:
17:11:45.0937 1068  
17:11:45.0937 1068  OS Version: 5.1.2600 ServicePack: 2.0
17:11:45.0937 1068  Product type: Workstation
17:11:45.0937 1068  ComputerName: FAHRSCHULMAFIA
17:11:45.0937 1068  UserName: Sascha
17:11:45.0937 1068  Windows directory: C:\WINDOWS
17:11:45.0937 1068  System windows directory: C:\WINDOWS
17:11:45.0937 1068  Processor architecture: Intel x86
17:11:45.0937 1068  Number of processors: 2
17:11:45.0937 1068  Page size: 0x1000
17:11:45.0937 1068  Boot type: Normal boot
17:11:45.0937 1068  ============================================================
17:11:46.0906 1068  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x97695, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000054
17:11:46.0906 1068  ============================================================
17:11:46.0906 1068  \Device\Harddisk0\DR0:
17:11:46.0906 1068  MBR partitions:
17:11:46.0906 1068  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2710011
17:11:46.0921 1068  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x271008F, BlocksNum 0xBA06921
17:11:46.0937 1068  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE1169EF, BlocksNum 0xB98C041
17:11:46.0953 1068  \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x19AA2A6F, BlocksNum 0xB98BC51
17:11:46.0953 1068  ============================================================
17:11:46.0984 1068  C: <-> \Device\Harddisk0\DR0\Partition1
17:11:47.0031 1068  E: <-> \Device\Harddisk0\DR0\Partition2
17:11:47.0125 1068  F: <-> \Device\Harddisk0\DR0\Partition3
17:11:47.0156 1068  G: <-> \Device\Harddisk0\DR0\Partition4
17:11:47.0156 1068  ============================================================
17:11:47.0156 1068  Initialize success
17:11:47.0156 1068  ============================================================
17:13:44.0984 4052  ============================================================
17:13:44.0984 4052  Scan started
17:13:44.0984 4052  Mode: Manual; SigCheck; TDLFS; 
17:13:44.0984 4052  ============================================================
17:13:45.0203 4052  ================ Scan system memory ========================
17:13:45.0218 4052  System memory - ok
17:13:45.0218 4052  ================ Scan services =============================
17:13:45.0296 4052  [ C1874DC75A0FA1746CD2F4DB3B2A3D94 ] 6to4            C:\WINDOWS\System32\6to4svc.dll
17:13:45.0843 4052  6to4 - ok
17:13:45.0859 4052  Abiosdsk - ok
17:13:45.0859 4052  abp480n5 - ok
17:13:45.0921 4052  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
17:13:45.0953 4052  ACDaemon - ok
17:13:45.0984 4052  [ 94B4741D2CF9ED38140B831293D1601A ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:13:46.0765 4052  ACPI - ok
17:13:46.0781 4052  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
17:13:46.0921 4052  ACPIEC - ok
17:13:46.0968 4052  [ 76D5A3D2A50402A0B9B6ED13C4371E79 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:13:46.0984 4052  AdobeFlashPlayerUpdateSvc - ok
17:13:46.0984 4052  adpu160m - ok
17:13:47.0000 4052  [ 1EE7B434BA961EF845DE136224C30FEC ] aec             C:\WINDOWS\system32\drivers\aec.sys
17:13:47.0203 4052  aec - ok
17:13:47.0234 4052  [ A7B8A3A79D35215D798A300DF49ED23F ] Afc             C:\WINDOWS\system32\drivers\Afc.sys
17:13:47.0250 4052  Afc ( UnsignedFile.Multi.Generic ) - warning
17:13:47.0250 4052  Afc - detected UnsignedFile.Multi.Generic (1)
17:13:47.0265 4052  [ 55E6E1C51B6D30E54335750955453702 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
17:13:47.0296 4052  AFD - ok
17:13:47.0296 4052  Aha154x - ok
17:13:47.0312 4052  aic78u2 - ok
17:13:47.0312 4052  aic78xx - ok
17:13:47.0328 4052  [ 1AAB6C5F8376357CB9B16C38C42C4076 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
17:13:47.0421 4052  Alerter - ok
17:13:47.0421 4052  [ 6596DD260FFDE1BDC994C1DF236307BB ] ALG             C:\WINDOWS\System32\alg.exe
17:13:47.0500 4052  ALG - ok
17:13:47.0500 4052  AliIde - ok
17:13:47.0500 4052  amsint - ok
17:13:47.0546 4052  [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:13:47.0546 4052  Apple Mobile Device - ok
17:13:47.0562 4052  [ BECD5328E7869807D6557BE4FE60C72F ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
17:13:47.0656 4052  AppMgmt - ok
17:13:47.0687 4052  [ 57C1ACB60AA2AEE0D61FAC52E9DD6D9F ] archlp          C:\WINDOWS\system32\drivers\archlp.sys
17:13:47.0687 4052  archlp - ok
17:13:47.0687 4052  asc - ok
17:13:47.0687 4052  asc3350p - ok
17:13:47.0703 4052  asc3550 - ok
17:13:47.0750 4052  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
17:13:47.0781 4052  aspnet_state - ok
17:13:47.0796 4052  [ 02000ABF34AF4C218C35D257024807D6 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:13:47.0875 4052  AsyncMac - ok
17:13:47.0875 4052  [ CDFE4411A69C224BD1D11B2DA92DAC51 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
17:13:47.0953 4052  atapi - ok
17:13:47.0953 4052  Atdisk - ok
17:13:47.0968 4052  [ EC88DA854AB7D7752EC8BE11A741BB7F ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:13:48.0046 4052  Atmarpc - ok
17:13:48.0078 4052  [ E98B8250398F6637B335A76BA8DFB602 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
17:13:48.0140 4052  AudioSrv - ok
17:13:48.0171 4052  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
17:13:48.0234 4052  audstub - ok
17:13:48.0265 4052  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
17:13:48.0343 4052  Beep - ok
17:13:48.0359 4052  [ 3A5E54A9AB96EF2D273B58136FB58EFE ] BITS            C:\WINDOWS\system32\qmgr.dll
17:13:48.0515 4052  BITS - ok
17:13:48.0562 4052  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
17:13:48.0578 4052  Bonjour Service - ok
17:13:48.0593 4052  [ D8653DCD80CF2EBB333FC4FCC43A7DEF ] Browser         C:\WINDOWS\System32\browser.dll
17:13:48.0656 4052  Browser - ok
17:13:48.0687 4052  [ AFAB1D4CAB04218CBAB0AE69625D0D65 ] cbfs3           C:\WINDOWS\system32\drivers\cbfs3.sys
17:13:48.0703 4052  cbfs3 - ok
17:13:48.0718 4052  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
17:13:48.0812 4052  cbidf2k - ok
17:13:48.0828 4052  [ 6163ED60B684BAB19D3352AB22FC48B2 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:13:48.0906 4052  CCDECODE - ok
17:13:48.0906 4052  cd20xrnt - ok
17:13:48.0921 4052  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
17:13:49.0000 4052  Cdaudio - ok
17:13:49.0000 4052  [ CD7D5152DF32B47F4E36F710B35AAE02 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
17:13:49.0078 4052  Cdfs - ok
17:13:49.0093 4052  [ AF9C19B3100FE010496B1A27181FBF72 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:13:49.0156 4052  Cdrom - ok
17:13:49.0171 4052  Changer - ok
17:13:49.0187 4052  [ 234D52C63C67A8CF4AF9BECCE43BFB4A ] CiSvc           C:\WINDOWS\system32\cisvc.exe
17:13:49.0265 4052  CiSvc - ok
17:13:49.0265 4052  [ 0461868578D29DC18FB1C79933C5158A ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
17:13:49.0343 4052  ClipSrv - ok
17:13:49.0390 4052  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:13:49.0406 4052  clr_optimization_v2.0.50727_32 - ok
17:13:49.0421 4052  CmdIde - ok
17:13:49.0421 4052  COMSysApp - ok
17:13:49.0421 4052  Cpqarray - ok
17:13:49.0484 4052  cpuz130 - ok
17:13:49.0500 4052  [ 1A5F9DB98DF7955B4C7CBDBF2C638238 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
17:13:49.0578 4052  CryptSvc - ok
17:13:49.0578 4052  dac2w2k - ok
17:13:49.0578 4052  dac960nt - ok
17:13:49.0609 4052  [ D45BBCDDC74A1B0259A0C4B00C190D20 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
17:13:49.0671 4052  DcomLaunch - ok
17:13:49.0687 4052  [ 7C4D218F9017725589ADACAB82BEB0F8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
17:13:49.0890 4052  Dhcp - ok
17:13:49.0906 4052  [ 00CA44E4534865F8A3B64F7C0984BFF0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
17:13:49.0984 4052  Disk - ok
17:13:50.0000 4052  dmadmin - ok
17:13:50.0015 4052  [ 5789B83BA87FC84C3568CF86CACEF8CE ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
17:13:50.0109 4052  dmboot - ok
17:13:50.0125 4052  [ 084EB0A50A4F7B4705C8A57F234E5291 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
17:13:50.0203 4052  dmio - ok
17:13:50.0218 4052  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
17:13:50.0296 4052  dmload - ok
17:13:50.0312 4052  [ FA2D9D1A9F6B5A88D01E1685CE2378BA ] dmserver        C:\WINDOWS\System32\dmserver.dll
17:13:50.0375 4052  dmserver - ok
17:13:50.0406 4052  [ A6F881284AC1150E37D9AE47FF601267 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
17:13:50.0468 4052  DMusic - ok
17:13:50.0484 4052  [ D20C5B5F0D8AC53FFEC17FF9B1658A6E ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
17:13:50.0703 4052  Dnscache - ok
17:13:50.0703 4052  dpti2o - ok
17:13:50.0718 4052  [ 1ED4DBBAE9F5D558DBBA4CC450E3EB2E ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
17:13:50.0781 4052  drmkaud - ok
17:13:50.0796 4052  [ 877A4512CC9074D6954776AF47021766 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
17:13:50.0859 4052  ERSvc - ok
17:13:50.0859 4052  esgiguard - ok
17:13:50.0875 4052  [ 65F6B774819BD727358157CEDEA67B8E ] Eventlog        C:\WINDOWS\system32\services.exe
17:13:50.0921 4052  Eventlog - ok
17:13:50.0937 4052  [ D68ED3908C7A0DB446111D34AC40DC18 ] EventSystem     C:\WINDOWS\system32\es.dll
17:13:50.0968 4052  EventSystem - ok
17:13:50.0984 4052  Fabs - ok
17:13:51.0000 4052  [ 3117F595E9615E04F05A54FC15A03B20 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
17:13:51.0078 4052  Fastfat - ok
17:13:51.0093 4052  [ 521A4CB71CC419FDF60DB83E7308AE2B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
17:13:51.0312 4052  FastUserSwitchingCompatibility - ok
17:13:51.0328 4052  [ CED2E8396A8838E59D8FD529C680E02C ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
17:13:51.0390 4052  Fdc - ok
17:13:51.0421 4052  [ 9E9AF89F9B14AA6249065C309CE73BD8 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
17:13:51.0484 4052  Fips - ok
17:13:51.0562 4052  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
17:13:51.0656 4052  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
17:13:51.0656 4052  FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
17:13:51.0671 4052  [ 0DD1DE43115B93F4D85E889D7A86F548 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:13:51.0750 4052  Flpydisk - ok
17:13:51.0750 4052  [ 3D234FB6D6EE875EB009864A299BEA29 ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:13:51.0968 4052  FltMgr - ok
17:13:52.0015 4052  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
17:13:52.0015 4052  FontCache3.0.0.0 - ok
17:13:52.0046 4052  [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
17:13:52.0046 4052  fssfltr - ok
17:13:52.0109 4052  [ 45B52394F9624237F33A8A3D73C0B221 ] fsssvc          C:\Programme\Windows Live\Family Safety\fsssvc.exe
17:13:52.0125 4052  fsssvc - ok
17:13:52.0156 4052  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:13:52.0234 4052  Fs_Rec - ok
17:13:52.0250 4052  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:13:52.0328 4052  Ftdisk - ok
17:13:52.0343 4052  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:13:52.0359 4052  GEARAspiWDM - ok
17:13:52.0375 4052  [ 77EBF3E9386DAA51551AF429052D88D0 ] giveio          C:\WINDOWS\system32\giveio.sys
17:13:52.0375 4052  giveio ( UnsignedFile.Multi.Generic ) - warning
17:13:52.0375 4052  giveio - detected UnsignedFile.Multi.Generic (1)
17:13:52.0390 4052  [ C0F1D4A21DE5A415DF8170616703DEBF ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:13:52.0453 4052  Gpc - ok
17:13:52.0500 4052  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Programme\Google\Update\GoogleUpdate.exe
17:13:52.0500 4052  gupdate - ok
17:13:52.0515 4052  [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
17:13:52.0515 4052  gupdatem - ok
17:13:52.0546 4052  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
17:13:52.0562 4052  gusvc - ok
17:13:52.0578 4052  [ 3FCC124B6E08EE0E9351F717DD136939 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:13:52.0593 4052  HDAudBus - ok
17:13:52.0625 4052  [ BA85BCF1A2BCF927C3600574173403E0 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:13:52.0703 4052  helpsvc - ok
17:13:52.0718 4052  [ B647CA198B9C73056ABFB0A9D8F4916D ] HidServ         C:\WINDOWS\System32\hidserv.dll
17:13:52.0781 4052  HidServ - ok
17:13:52.0796 4052  [ 1DE6783B918F540149AA69943BDFEBA8 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:13:52.0875 4052  HidUsb - ok
17:13:52.0875 4052  hpn - ok
17:13:52.0890 4052  [ 9F8B0F4276F618964FD118BE4289B7CD ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
17:13:52.0921 4052  HTTP - ok
17:13:52.0968 4052  [ 9EC7E866BBDBF3ECC0E67F4E0A838EB2 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
17:13:53.0031 4052  HTTPFilter - ok
17:13:53.0031 4052  i2omgmt - ok
17:13:53.0046 4052  i2omp - ok
17:13:53.0046 4052  [ 7C575018D0413440D75432A78B88C899 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:13:53.0125 4052  i8042prt - ok
17:13:53.0187 4052  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
17:13:53.0187 4052  IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:13:53.0187 4052  IDriverT - detected UnsignedFile.Multi.Generic (1)
17:13:53.0250 4052  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:13:53.0281 4052  idsvc - ok
17:13:53.0296 4052  [ F8AA320C6A0409C0380E5D8A99D76EC6 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
17:13:53.0375 4052  Imapi - ok
17:13:53.0390 4052  [ 57D7267A9ED91ECAF4336B08C9628FCA ] ImapiService    C:\WINDOWS\system32\imapi.exe
17:13:53.0468 4052  ImapiService - ok
17:13:53.0468 4052  ini910u - ok
17:13:53.0562 4052  [ 8CD7F3FB0B2418AF79914ADB1E265184 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:13:53.0703 4052  IntcAzAudAddService - ok
17:13:53.0718 4052  IntelIde - ok
17:13:53.0718 4052  [ C1C2CC1DA79C5EE10457EF0A3B8568C7 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:13:53.0781 4052  intelppm - ok
17:13:53.0796 4052  [ 4448006B6BC60E6C027932CFC38D6855 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
17:13:53.0859 4052  Ip6Fw - ok
17:13:53.0890 4052  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:13:53.0953 4052  IpFilterDriver - ok
17:13:53.0984 4052  [ E1EC7F5DA720B640CD8FB8424F1B14BB ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:13:54.0046 4052  IpInIp - ok
17:13:54.0062 4052  [ E2168CBC7098FFE963C6F23F472A3593 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:13:54.0281 4052  IpNat - ok
17:13:54.0328 4052  [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
17:13:54.0343 4052  iPod Service - ok
17:13:54.0359 4052  [ 64537AA5C003A6AFEEE1DF819062D0D1 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:13:54.0421 4052  IPSec - ok
17:13:54.0437 4052  [ 86C204836FEEC22510D434982D4221B8 ] irda            C:\WINDOWS\system32\DRIVERS\irda.sys
17:13:54.0515 4052  irda - ok
17:13:54.0531 4052  [ 50708DAA1B1CBB7D6AC1CF8F56A24410 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
17:13:54.0593 4052  IRENUM - ok
17:13:54.0625 4052  [ 5AB3BAD0AAD5EBBA5359A02BCC4F80F8 ] Irmon           C:\WINDOWS\System32\irmon.dll
17:13:54.0687 4052  Irmon - ok
17:13:54.0703 4052  [ 0501F0B9AB08425F8C0EACBDCC04AA32 ] irsir           C:\WINDOWS\system32\DRIVERS\irsir.sys
17:13:54.0750 4052  irsir - ok
17:13:54.0765 4052  [ CE9B7AFDF0A3D7DD8D1487262316B959 ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:13:54.0843 4052  isapnp - ok
17:13:54.0875 4052  [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
17:13:54.0890 4052  JavaQuickStarterService - ok
17:13:54.0906 4052  [ B128FC0A5CD83F669D5DE4B58F77C7D6 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:13:54.0968 4052  Kbdclass - ok
17:13:54.0968 4052  [ 7EC877AA899323B92874FE62C7DDCDE7 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:13:55.0046 4052  kbdhid - ok
17:13:55.0062 4052  [ BA5DEDA4D934E6288C2F66CAF58D2562 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
17:13:55.0281 4052  kmixer - ok
17:13:55.0296 4052  [ 674D3E5A593475915DC6643317192403 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
17:13:55.0343 4052  KSecDD - ok
17:13:55.0375 4052  [ 2865FA4ED4471929881C053A6E5A85F6 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
17:13:55.0609 4052  lanmanserver - ok
17:13:55.0625 4052  [ F716A6F5BABB6DA60C0532510AB52245 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
17:13:55.0656 4052  lanmanworkstation - ok
17:13:55.0656 4052  lbrtfdc - ok
17:13:55.0687 4052  [ 4C25FADD7FE1D5BD779B20D3D0EB8D7C ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
17:13:55.0765 4052  LmHosts - ok
17:13:55.0765 4052  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
17:13:55.0781 4052  MBAMProtector - ok
17:13:55.0796 4052  [ 43683E970F008C93C9429EF428147A54 ] MBAMService     C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
17:13:55.0828 4052  MBAMService - ok
17:13:55.0859 4052  [ FA4A4270B22B8E16FBAE59DC03C38D6F ] MCSWASVR        C:\Programme\Telekom\Mediencenter\WebDAV.AdminService.exe
17:13:55.0875 4052  MCSWASVR ( UnsignedFile.Multi.Generic ) - warning
17:13:55.0875 4052  MCSWASVR - detected UnsignedFile.Multi.Generic (1)
17:13:55.0890 4052  [ 11F714F85530A2BD134074DC30E99FCA ] MDM             C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
17:13:55.0906 4052  MDM - ok
17:13:55.0937 4052  [ E5215AB942C5AC5F7EB0E54871D7A27C ] Messenger       C:\WINDOWS\System32\msgsvc.dll
17:13:56.0000 4052  Messenger - ok
17:13:56.0015 4052  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
17:13:56.0093 4052  mnmdd - ok
17:13:56.0125 4052  [ BB2470D20405B272EA47CA5E18F1C58E ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
17:13:56.0187 4052  mnmsrvc - ok
17:13:56.0203 4052  [ 91A3DA4B12F6F1D760463A7F7857F748 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
17:13:56.0265 4052  Modem - ok
17:13:56.0281 4052  [ 71E15CA47FD947552054AFB28536268F ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:13:56.0343 4052  Mouclass - ok
17:13:56.0375 4052  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:13:56.0453 4052  mouhid - ok
17:13:56.0484 4052  [ 65653F3B4477F3C63E68A9659F85EE2E ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
17:13:56.0546 4052  MountMgr - ok
17:13:56.0546 4052  mraid35x - ok
17:13:56.0562 4052  [ 29414447EB5BDE2F8397DC965DBB3156 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:13:56.0796 4052  MRxDAV - ok
17:13:56.0812 4052  [ FB6C89BB3CE282B08BDB1E3C179E1C39 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:13:56.0859 4052  MRxSmb - ok
17:13:56.0875 4052  [ D059F9C7752EF461476E83180DAA5C62 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
17:13:56.0937 4052  MSDTC - ok
17:13:56.0968 4052  [ 561B3A4333CA2DBDBA28B5B956822519 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
17:13:57.0031 4052  Msfs - ok
17:13:57.0031 4052  MSIServer - ok
17:13:57.0046 4052  [ AE431A8DD3C1D0D0610CDBAC16057AD0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:13:57.0109 4052  MSKSSRV - ok
17:13:57.0125 4052  [ 13E75FEF9DFEB08EEDED9D0246E1F448 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:13:57.0203 4052  MSPCLOCK - ok
17:13:57.0218 4052  [ 1988A33FF19242576C3D0EF9CE785DA7 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
17:13:57.0281 4052  MSPQM - ok
17:13:57.0281 4052  [ 469541F8BFD2B32659D5D463A6714BCE ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:13:57.0359 4052  mssmbios - ok
17:13:57.0359 4052  [ BF13612142995096AB084F2DB7F40F77 ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
17:13:57.0421 4052  MSTEE - ok
17:13:57.0437 4052  [ 82035E0F41C2DD05AE41D27FE6CF7DE1 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
17:13:57.0500 4052  Mup - ok
17:13:57.0531 4052  [ 5C8DC6429C43DC6177C1FA5B76290D1A ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:13:57.0609 4052  NABTSFEC - ok
17:13:57.0609 4052  [ 558635D3AF1C7546D26067D5D9B6959E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
17:13:57.0687 4052  NDIS - ok
17:13:57.0703 4052  [ 520CE427A8B298F54112857BCF6BDE15 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:13:57.0765 4052  NdisIP - ok
17:13:57.0781 4052  [ 08D43BBDACDF23F34D79E44ED35C1B4C ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:13:57.0859 4052  NdisTapi - ok
17:13:57.0875 4052  [ 34D6CD56409DA9A7ED573E1C90A308BF ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:13:57.0937 4052  Ndisuio - ok
17:13:57.0953 4052  [ 0B90E255A9490166AB368CD55A529893 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:13:58.0015 4052  NdisWan - ok
17:13:58.0031 4052  [ 59FC3FB44D2669BC144FD87826BB571F ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
17:13:58.0109 4052  NDProxy - ok
17:13:58.0140 4052  [ 7AFD0E39AB15CB355487B7CC19F4E2C5 ] Netaapl         C:\WINDOWS\system32\DRIVERS\netaapl.sys
17:13:58.0140 4052  Netaapl ( UnsignedFile.Multi.Generic ) - warning
17:13:58.0140 4052  Netaapl - detected UnsignedFile.Multi.Generic (1)
17:13:58.0156 4052  [ 3A2ACA8FC1D7786902CA434998D7CEB4 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
17:13:58.0234 4052  NetBIOS - ok
17:13:58.0250 4052  [ 0C80E410CD2F47134407EE7DD19CC86B ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
17:13:58.0328 4052  NetBT - ok
17:13:58.0343 4052  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDE          C:\WINDOWS\system32\netdde.exe
17:13:58.0421 4052  NetDDE - ok
17:13:58.0437 4052  [ F4EFF57254F565F39B6029150414A0D5 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
17:13:58.0500 4052  NetDDEdsdm - ok
17:13:58.0515 4052  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] Netlogon        C:\WINDOWS\system32\lsass.exe
17:13:58.0578 4052  Netlogon - ok
17:13:58.0593 4052  [ 1E5218FBE323C375B488318950E10FB4 ] Netman          C:\WINDOWS\System32\netman.dll
17:13:58.0828 4052  Netman - ok
17:13:58.0859 4052  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:13:58.0859 4052  NetTcpPortSharing - ok
17:13:58.0875 4052  [ 774274C487493452DF3B0126DBE7FF3B ] Nla             C:\WINDOWS\System32\mswsock.dll
17:13:58.0921 4052  Nla - ok
17:13:58.0937 4052  [ 4F601BCB8F64EA3AC0994F98FED03F8E ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
17:13:59.0015 4052  Npfs - ok
17:13:59.0046 4052  [ 19A811EF5F1ED5C926A028CE107FF1AF ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
17:14:00.0546 4052  Ntfs - ok
17:14:00.0562 4052  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
17:14:00.0843 4052  NtLmSsp - ok
17:14:00.0890 4052  [ 428AA946A8D9F32DBB4260C8E6E13377 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
17:14:01.0265 4052  NtmsSvc - ok
17:14:01.0281 4052  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
17:14:01.0781 4052  Null - ok
17:14:02.0015 4052  [ 83780F3A86D2804912F22F6E37CD2254 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:14:02.0484 4052  nv - ok
17:14:02.0500 4052  [ 42321AC5448078131903B272E6C49024 ] NVSvc           C:\WINDOWS\system32\nvsvc32.exe
17:14:02.0531 4052  NVSvc - ok
17:14:02.0562 4052  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:14:02.0671 4052  NwlnkFlt - ok
17:14:02.0687 4052  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:14:02.0796 4052  NwlnkFwd - ok
17:14:02.0828 4052  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
17:14:02.0828 4052  ose - ok
17:14:02.0843 4052  [ B2F17A2EDB5450E61973A037F63A595B ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
17:14:02.0921 4052  Parport - ok
17:14:02.0937 4052  [ 3334430C29DC338092F79C38EF7B4CD0 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
17:14:03.0015 4052  PartMgr - ok
17:14:03.0046 4052  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
17:14:03.0125 4052  ParVdm - ok
17:14:03.0125 4052  [ 6FB463E5B243FBD6F3D3C83F914D94FB ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
17:14:03.0218 4052  PCI - ok
17:14:03.0218 4052  PCIDump - ok
17:14:03.0234 4052  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
17:14:03.0328 4052  PCIIde - ok
17:14:03.0343 4052  [ E2363F4C1DAFF89ABEE5F593E13D8A05 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
17:14:03.0421 4052  Pcmcia - ok
17:14:03.0421 4052  PDCOMP - ok
17:14:03.0437 4052  PDFRAME - ok
17:14:03.0437 4052  PDRELI - ok
17:14:03.0437 4052  PDRFRAME - ok
17:14:03.0437 4052  perc2 - ok
17:14:03.0453 4052  perc2hib - ok
17:14:03.0468 4052  [ 65F6B774819BD727358157CEDEA67B8E ] PlugPlay        C:\WINDOWS\system32\services.exe
17:14:03.0500 4052  PlugPlay - ok
17:14:03.0531 4052  [ 831883B107684301F48ACE752C963984 ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
17:14:03.0531 4052  PnkBstrA - ok
17:14:03.0546 4052  [ E24106A5EAECDDFF00B25497049DD65F ] PnkBstrB        C:\WINDOWS\system32\PnkBstrB.exe
17:14:03.0562 4052  PnkBstrB - ok
17:14:03.0562 4052  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
17:14:03.0640 4052  PolicyAgent - ok
17:14:03.0640 4052  [ 1C5CC65AAC0783C344F16353E60B72AC ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:14:03.0718 4052  PptpMiniport - ok
17:14:03.0718 4052  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
17:14:03.0796 4052  ProtectedStorage - ok
17:14:03.0812 4052  [ 48671F327553DCF1D27F6197F622A668 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
17:14:03.0890 4052  PSched - ok
17:14:03.0906 4052  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:14:04.0000 4052  Ptilink - ok
17:14:04.0015 4052  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:14:04.0015 4052  PxHelp20 - ok
17:14:04.0031 4052  ql1080 - ok
17:14:04.0031 4052  Ql10wnt - ok
17:14:04.0031 4052  ql12160 - ok
17:14:04.0031 4052  ql1240 - ok
17:14:04.0046 4052  ql1280 - ok
17:14:04.0046 4052  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:14:04.0140 4052  RasAcd - ok
17:14:04.0156 4052  [ E3C6E87C1F84584A773D7C3DD205DBFF ] RasAuto         C:\WINDOWS\System32\rasauto.dll
17:14:04.0234 4052  RasAuto - ok
17:14:04.0265 4052  [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda         C:\WINDOWS\system32\DRIVERS\rasirda.sys
17:14:04.0312 4052  Rasirda - ok
17:14:04.0312 4052  [ 98FAEB4A4DCF812BA1C6FCA4AA3E115C ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:14:04.0390 4052  Rasl2tp - ok
17:14:04.0406 4052  [ FFC8343B35FB2DF01A5767748EFA5B58 ] RasMan          C:\WINDOWS\System32\rasmans.dll
17:14:04.0656 4052  RasMan - ok
17:14:04.0671 4052  [ 7306EEED8895454CBED4669BE9F79FAA ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:14:04.0750 4052  RasPppoe - ok
17:14:04.0781 4052  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
17:14:04.0843 4052  Raspti - ok
17:14:04.0859 4052  [ 03B965B1CA47F6EF60EB5E51CB50E0AF ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:14:05.0125 4052  Rdbss - ok
17:14:05.0140 4052  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:14:05.0218 4052  RDPCDD - ok
17:14:05.0234 4052  [ A2CAE2C60BC37E0751EF9DDA7CEAF4AD ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:14:05.0343 4052  rdpdr - ok
17:14:05.0359 4052  [ B54CD38A9EBFBF2B3561426E3FE26F62 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
17:14:05.0609 4052  RDPWD - ok
17:14:05.0625 4052  [ AEC159942DF64A9890072D7BB1797762 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
17:14:05.0687 4052  RDSessMgr - ok
17:14:05.0703 4052  [ AA56702E230860565CB8D43680F57F33 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
17:14:05.0781 4052  redbook - ok
17:14:05.0812 4052  [ EBA80CDF25E02084857957E820004934 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
17:14:05.0906 4052  RemoteAccess - ok
17:14:05.0921 4052  [ AE81CF7D7CFA79CD03E8FB99788A7E09 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
17:14:06.0000 4052  RemoteRegistry - ok
17:14:06.0015 4052  [ DA23F9F3F1B1871120F980A6879581AC ] RpcLocator      C:\WINDOWS\system32\locator.exe
17:14:06.0109 4052  RpcLocator - ok
17:14:06.0125 4052  [ D45BBCDDC74A1B0259A0C4B00C190D20 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
17:14:06.0171 4052  RpcSs - ok
17:14:06.0187 4052  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
17:14:06.0281 4052  RSVP - ok
17:14:06.0296 4052  [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:14:06.0328 4052  RTLE8023xp - ok
17:14:06.0343 4052  [ 183805EB05BCA5A1E4AAAED4D2BE3690 ] SamSs           C:\WINDOWS\system32\lsass.exe
17:14:06.0437 4052  SamSs - ok
17:14:06.0453 4052  [ B4CF7B42DE6CFA6FDE7D6AF4DAA55F57 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
17:14:06.0531 4052  SCardSvr - ok
17:14:06.0546 4052  [ D5E73842F38E24457C63FEF8CEFFBE19 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
17:14:06.0640 4052  Schedule - ok
17:14:06.0687 4052  [ 271077B91D7AD1B616F8AFDFE8E3F981 ] SeaPort         C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
17:14:06.0687 4052  SeaPort - ok
17:14:06.0718 4052  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:14:06.0968 4052  Secdrv - ok
17:14:06.0984 4052  [ FED544B43903FB801B106F062110358A ] seclogon        C:\WINDOWS\System32\seclogon.dll
17:14:07.0062 4052  seclogon - ok
17:14:07.0078 4052  [ AB74D986C1DD0D0C95B6AD37EC1E9F4F ] SENS            C:\WINDOWS\system32\sens.dll
17:14:07.0171 4052  SENS - ok
17:14:07.0171 4052  [ A2D868AEEFF612E70E213C451A70CAFB ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
17:14:07.0250 4052  serenum - ok
17:14:07.0250 4052  [ CD5B9995AFCDB466C9EFC048D167E3BE ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
17:14:07.0343 4052  Serial - ok
17:14:07.0375 4052  [ 0D13B6DF6E9E101013A7AFB0CE629FE0 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
17:14:07.0453 4052  Sfloppy - ok
17:14:07.0484 4052  [ 9245420422E409A25C1410ACB4244060 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
17:14:07.0578 4052  SharedAccess - ok
17:14:07.0593 4052  [ 521A4CB71CC419FDF60DB83E7308AE2B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
17:14:07.0828 4052  ShellHWDetection - ok
17:14:07.0843 4052  Simbad - ok
17:14:07.0843 4052  [ 5CAEED86821FA2C6139E32E9E05CCDC9 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:14:07.0921 4052  SLIP - ok
17:14:07.0937 4052  Sparrow - ok
17:14:07.0937 4052  [ 5D6401DB90EC81B71F8E2C5C8F0FEF23 ] speedfan        C:\WINDOWS\system32\speedfan.sys
17:14:07.0937 4052  speedfan ( UnsignedFile.Multi.Generic ) - warning
17:14:07.0953 4052  speedfan - detected UnsignedFile.Multi.Generic (1)
17:14:07.0953 4052  [ 0CE218578FFF5F4F7E4201539C45C78F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
17:14:08.0203 4052  splitter - ok
17:14:08.0250 4052  [ DA81EC57ACD4CDC3D4C51CF3D409AF9F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
17:14:08.0515 4052  Spooler - ok
17:14:08.0531 4052  [ E4200CB2F418D8FC4ACDD7E38C419D6A ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
17:14:08.0609 4052  sr - ok
17:14:08.0625 4052  [ 015F302C4CF961F20C3F98F3A7CA7917 ] srservice       C:\WINDOWS\system32\srsvc.dll
17:14:08.0687 4052  srservice - ok
17:14:08.0703 4052  [ 7A4F147CC6B133F905F6E65E2F8669FB ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
17:14:08.0750 4052  Srv - ok
17:14:08.0765 4052  [ 6FA03B462B2FFFE2627171B7FE73EE29 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
17:14:08.0843 4052  SSDPSRV - ok
17:14:08.0875 4052  [ 25E9B30AF1FA1B9AF1853577F39FF20B ] stisvc          C:\WINDOWS\system32\wiaservc.dll
17:14:09.0125 4052  stisvc - ok
17:14:09.0156 4052  [ 284C57DF5DC7ABCA656BC2B96A667AFB ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:14:09.0250 4052  streamip - ok
17:14:09.0265 4052  [ 03C1BAE4766E2450219D20B993D6E046 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
17:14:09.0328 4052  swenum - ok
17:14:09.0343 4052  [ 94ABC808FC4B6D7D2BBF42B85E25BB4D ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
17:14:09.0437 4052  swmidi - ok
17:14:09.0437 4052  SwPrv - ok
17:14:09.0437 4052  symc810 - ok
17:14:09.0453 4052  symc8xx - ok
17:14:09.0453 4052  sym_hi - ok
17:14:09.0453 4052  sym_u3 - ok
17:14:09.0468 4052  [ 650AD082D46BAC0E64C9C0E0928492FD ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
17:14:09.0546 4052  sysaudio - ok
17:14:09.0562 4052  [ 6D0C43DF9D3A7C5A9B4F94772CBD5DDC ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
17:14:09.0640 4052  SysmonLog - ok
17:14:09.0656 4052  [ 427D7EB3B453347082C8F4B370065D60 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
17:14:09.0906 4052  TapiSrv - ok
17:14:09.0921 4052  [ 2A5554FC5B1E04E131230E3CE035C3F9 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:14:09.0968 4052  Tcpip - ok
17:14:09.0984 4052  [ BE4007AB8C9B62E3688FC2F469B98190 ] Tcpip6          C:\WINDOWS\system32\DRIVERS\tcpip6.sys
17:14:10.0000 4052  Tcpip6 - ok
17:14:10.0015 4052  [ 38D437CF2D98965F239B0ABCD66DCB0F ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
17:14:10.0093 4052  TDPIPE - ok
17:14:10.0109 4052  [ ED0580AF02502D00AD8C4C066B156BE9 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
17:14:10.0171 4052  TDTCP - ok
17:14:10.0187 4052  [ A540A99C281D933F3D69D55E48727F47 ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
17:14:10.0281 4052  TermDD - ok
17:14:10.0296 4052  [ 1850BC10DE5DCCCEDE063FC2D0F2CEDA ] TermService     C:\WINDOWS\System32\termsrv.dll
17:14:10.0390 4052  TermService - ok
17:14:10.0406 4052  [ 521A4CB71CC419FDF60DB83E7308AE2B ] Themes          C:\WINDOWS\System32\shsvcs.dll
17:14:10.0781 4052  Themes - ok
17:14:10.0812 4052  [ 58708746B8267033E5CF2B29659E7F74 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
17:14:10.0921 4052  TlntSvr - ok
17:14:10.0921 4052  TosIde - ok
17:14:10.0953 4052  [ A34E894201D66E380E1FA96FE11B587E ] TrkWks          C:\WINDOWS\system32\trkwks.dll
17:14:11.0046 4052  TrkWks - ok
17:14:11.0062 4052  [ 87A0E9E18C10A9E454238E3330E2A26D ] tunmp           C:\WINDOWS\system32\DRIVERS\tunmp.sys
17:14:11.0140 4052  tunmp - ok
17:14:11.0156 4052  [ 12F70256F140CD7D52C58C7048FDE657 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
17:14:11.0250 4052  Udfs - ok
17:14:11.0250 4052  ultra - ok
17:14:11.0265 4052  [ CED744117E91BDC0BEB810F7D8608183 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
17:14:11.0546 4052  Update - ok
17:14:11.0562 4052  [ BA85BCF1A2BCF927C3600574173403E0 ] uploadmgr       C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
17:14:11.0625 4052  uploadmgr - ok
17:14:11.0640 4052  [ 855790C1BACED245A6B210AF430ED17B ] upnphost        C:\WINDOWS\System32\upnphost.dll
17:14:11.0906 4052  upnphost - ok
17:14:11.0937 4052  [ A99F867E76CFDAA28EE305B93F70E84F ] UPS             C:\WINDOWS\System32\ups.exe
17:14:12.0015 4052  UPS - ok
17:14:12.0031 4052  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
17:14:12.0062 4052  USBAAPL - ok
17:14:12.0078 4052  [ 45A0D14B26C35497AD93BCE7E15C9941 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
17:14:12.0156 4052  usbaudio - ok
17:14:12.0171 4052  [ BFFD9F120CC63BCBAA3D840F3EEF9F79 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:14:12.0234 4052  usbccgp - ok
17:14:12.0250 4052  [ 15E993BA2F6946B2BFBBFCD30398621E ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:14:12.0328 4052  usbehci - ok
17:14:12.0343 4052  [ C72F40947F92CEA56A8FB532EDF025F1 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:14:12.0437 4052  usbhub - ok
17:14:12.0453 4052  [ A42369B7CD8886CD7C70F33DA6FCBCF5 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:14:12.0546 4052  usbprint - ok
17:14:12.0562 4052  [ A6BC71402F4F7DD5B77FD7F4A8DDBA85 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:14:12.0703 4052  usbscan - ok
17:14:12.0703 4052  [ 6CD7B22193718F1D17A47A1CD6D37E75 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:14:12.0859 4052  USBSTOR - ok
17:14:12.0859 4052  [ F8FD1400092E23C8F2F31406EF06167B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:14:12.0984 4052  usbuhci - ok
17:14:13.0000 4052  [ 8968FF3973A883C49E8B564200F565B9 ] usbvideo        C:\WINDOWS\system32\Drivers\usbvideo.sys
17:14:13.0125 4052  usbvideo - ok
17:14:13.0156 4052  [ AE4DF3B7D1DB9373B08DB4ED224E26B6 ] usb_rndisx      C:\WINDOWS\system32\DRIVERS\usb8023x.sys
17:14:13.0156 4052  usb_rndisx ( UnsignedFile.Multi.Generic ) - warning
17:14:13.0156 4052  usb_rndisx - detected UnsignedFile.Multi.Generic (1)
17:14:13.0171 4052  [ 8A60EDD72B4EA5AEA8202DAF0E427925 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
17:14:13.0281 4052  VgaSave - ok
17:14:13.0312 4052  ViaIde - ok
17:14:13.0343 4052  [ F4C81E351117C60B1E1BAD1F845F7F4B ] VMUVC           C:\WINDOWS\system32\Drivers\VMUVC.sys
17:14:13.0390 4052  VMUVC - ok
17:14:13.0406 4052  [ D6888520FF56D72A50437E371CA25FC9 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
17:14:13.0546 4052  VolSnap - ok
17:14:13.0593 4052  [ 6635ECBF0D8090DC3A452D0D072B5D5B ] VSS             C:\WINDOWS\System32\vssvc.exe
17:14:13.0718 4052  VSS - ok
17:14:13.0750 4052  [ 77D037C0DF3C5F0FE33E3D8DB32ACC1E ] vvftUVC         C:\WINDOWS\system32\drivers\vvftUVC.sys
17:14:13.0796 4052  vvftUVC - ok
17:14:13.0812 4052  [ C6D874CD2A5B83CD11CDEBD28A638584 ] W32Time         C:\WINDOWS\system32\w32time.dll
17:14:13.0921 4052  W32Time - ok
17:14:13.0937 4052  [ 984EF0B9788ABF89974CFED4BFBAACBC ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:14:14.0031 4052  Wanarp - ok
17:14:14.0046 4052  [ 46A247F6617526AFE38B6F12F5512120 ] wceusbsh        C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
17:14:14.0078 4052  wceusbsh - ok
17:14:14.0109 4052  [ D918617B46457B9AC28027722E30F647 ] Wdf01000        C:\WINDOWS\system32\Drivers\wdf01000.sys
17:14:14.0125 4052  Wdf01000 - ok
17:14:14.0140 4052  WDICA - ok
17:14:14.0156 4052  [ EFD235CA22B57C81118C1AEB4798F1C1 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
17:14:14.0406 4052  wdmaud - ok
17:14:14.0421 4052  [ 879ECB9A5F14A03960B84EDB7207A051 ] WebClient       C:\WINDOWS\System32\webclnt.dll
17:14:14.0687 4052  WebClient - ok
17:14:14.0718 4052  [ DA2DADB42916E59C6E4BBA593BCCDA73 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
17:14:14.0812 4052  winmgmt - ok
17:14:14.0828 4052  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
17:14:14.0906 4052  WmdmPmSN - ok
17:14:14.0937 4052  [ 80D811741505365B79CBDB1254D5C98B ] Wmi             C:\WINDOWS\System32\advapi32.dll
17:14:15.0000 4052  Wmi - ok
17:14:15.0015 4052  [ 042A78FCD1ADFB0FBA9865D55C6F5CC1 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
17:14:15.0093 4052  WmiApSrv - ok
17:14:15.0140 4052  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
17:14:15.0187 4052  WMPNetworkSvc - ok
17:14:15.0218 4052  [ BD3561AAE748150CF51C2CA876449EA7 ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
17:14:15.0312 4052  wscsvc - ok
17:14:15.0328 4052  [ D5842484F05E12121C511AA93F6439EC ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:14:15.0390 4052  WSTCODEC - ok
17:14:15.0406 4052  [ 1EDDD5C0ECF3FA6EDFD8A25B2B4E7DF6 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
17:14:15.0500 4052  wuauserv - ok
17:14:15.0531 4052  [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:14:15.0562 4052  WudfPf - ok
17:14:15.0578 4052  [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:14:15.0593 4052  WudfRd - ok
17:14:15.0625 4052  [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
17:14:15.0640 4052  WudfSvc - ok
17:14:15.0656 4052  [ AE83ADA96575DACF533C2BCB1FC163DC ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
17:14:15.0734 4052  WZCSVC - ok
17:14:15.0765 4052  [ 8302DE1C64618D72346DD0034DBC5D9B ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
17:14:15.0843 4052  xmlprov - ok
17:14:15.0843 4052  zlportio - ok
17:14:15.0859 4052  ================ Scan global ===============================
17:14:15.0890 4052  [ 1B91BAC6996731EE8925F58205DCB016 ] C:\WINDOWS\system32\basesrv.dll
17:14:15.0906 4052  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
17:14:15.0906 4052  [ 317DF8980138FB91AE03E95757F4D0E9 ] C:\WINDOWS\system32\winsrv.dll
17:14:15.0921 4052  [ 65F6B774819BD727358157CEDEA67B8E ] C:\WINDOWS\system32\services.exe
17:14:15.0921 4052  [Global] - ok
17:14:15.0921 4052  ================ Scan MBR ==================================
17:14:15.0937 4052  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
17:14:16.0187 4052  \Device\Harddisk0\DR0 - ok
17:14:16.0187 4052  ================ Scan VBR ==================================
17:14:16.0187 4052  [ 231D7CD95D2239DFE5F9D8544C9B065B ] \Device\Harddisk0\DR0\Partition1
17:14:16.0187 4052  \Device\Harddisk0\DR0\Partition1 - ok
17:14:16.0187 4052  [ FCC74D8A96EC4F1E1EBCD1DD785E02C7 ] \Device\Harddisk0\DR0\Partition2
17:14:16.0187 4052  \Device\Harddisk0\DR0\Partition2 - ok
17:14:16.0218 4052  [ A0AEC532DA175B26B61AFFDD8F535EB6 ] \Device\Harddisk0\DR0\Partition3
17:14:16.0218 4052  \Device\Harddisk0\DR0\Partition3 - ok
17:14:16.0234 4052  [ 4A9284888BEDF59562C14C870A0A4B96 ] \Device\Harddisk0\DR0\Partition4
17:14:16.0234 4052  \Device\Harddisk0\DR0\Partition4 - ok
17:14:16.0234 4052  ============================================================
17:14:16.0234 4052  Scan finished
17:14:16.0234 4052  ============================================================
17:14:16.0359 2884  Detected object count: 8
17:14:16.0359 2884  Actual detected object count: 8
17:14:39.0921 2884  Afc ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:39.0921 2884  Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:14:39.0921 2884  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:39.0921 2884  FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:14:39.0937 2884  giveio ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:39.0937 2884  giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:14:39.0937 2884  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:39.0937 2884  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:14:39.0937 2884  MCSWASVR ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:39.0937 2884  MCSWASVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:14:39.0937 2884  Netaapl ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:39.0937 2884  Netaapl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:14:39.0937 2884  speedfan ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:39.0937 2884  speedfan ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:14:39.0937 2884  usb_rndisx ( UnsignedFile.Multi.Generic ) - skipped by user
17:14:39.0937 2884  usb_rndisx ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 23.09.2012, 18:29

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

schnitzel_12 · 25.09.2012, 14:41

Auch das hat geklappt.

Code:

ATTFilter

ComboFix 12-09-24.03 - Sascha 25.09.2012  15:06:25.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.3263.2567 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Sascha\Desktop\Reparatur\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\programme\Incredibar.com
c:\programme\Incredibar.com\incredibar\1.5.3.27\bh\incredibar.dll
c:\programme\Incredibar.com\incredibar\1.5.3.27\incredibar.crx
c:\programme\Incredibar.com\incredibar\1.5.3.27\incredibarApp.dll
c:\programme\Incredibar.com\incredibar\1.5.3.27\incredibarEng.dll
c:\programme\Incredibar.com\incredibar\1.5.3.27\incredibarsrv.exe
c:\programme\Incredibar.com\incredibar\1.5.3.27\incredibarTlbr.dll
c:\programme\Incredibar.com\incredibar\1.5.3.27\uninstall.exe
c:\windows\system32\cnm33.tmp
c:\windows\system32\roboot.exe
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETCC.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETD4.tmp
c:\windows\system32\winsh320
c:\windows\system32\winsh321
c:\windows\system32\winsh322
c:\windows\system32\winsh323
c:\windows\system32\winsh324
c:\windows\system32\winsh325
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-25 bis 2012-09-25  ))))))))))))))))))))))))))))))
.
.
2012-09-12 16:56 . 2012-09-12 19:30	--------	d-----w-	c:\windows\system32\bits
2012-09-12 16:56 . 2012-09-12 16:56	--------	d-----w-	c:\windows\l2schemas
2012-09-12 16:56 . 2012-09-12 16:56	--------	d-----w-	c:\windows\system32\de
2012-09-12 16:38 . 2006-12-28 22:31	19569	----a-w-	c:\windows\003043_.tmp
2012-09-12 16:30 . 2004-08-03 22:57	81920	----a-w-	c:\windows\system32\dllcache\nmchat.dll
2012-09-12 16:29 . 2004-08-03 22:57	20511	----a-w-	c:\windows\system32\dllcache\odtext32.dll
2012-09-12 16:28 . 2009-12-14 07:35	33280	----a-w-	c:\windows\system32\dllcache\csrsrv.dll
2012-09-12 15:21 . 2004-08-03 22:56	96768	----a-w-	c:\windows\system32\dpcdll.dll.wga
2012-09-12 15:21 . 2004-08-03 22:54	24064	----a-w-	c:\windows\system32\pidgen.dll.wga
2012-09-12 15:01 . 2012-09-12 15:01	--------	dc----w-	c:\dokumente und einstellungen\Sascha\Anwendungsdaten\OCS
2012-09-04 23:42 . 2012-09-04 23:42	--------	d-----w-	c:\dokumente und einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\PCHealth
2012-09-04 23:26 . 2007-04-09 11:23	28552	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2012-09-04 23:26 . 2007-04-09 11:23	28040	----a-w-	c:\windows\system32\mdimon.dll
2012-09-03 19:33 . 2012-09-03 19:33	--------	d-----w-	c:\programme\ESET
2012-09-03 10:04 . 2012-09-03 10:04	--------	dc----w-	c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Malwarebytes
2012-09-03 10:03 . 2012-09-03 10:03	--------	dc----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-09-03 10:03 . 2012-09-03 10:04	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-09-03 10:03 . 2012-07-03 11:46	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-01 21:30 . 2012-09-01 15:49	--------	dc----w-	C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 10:06 . 2009-05-16 10:05	30143040	-c--a-w-	c:\programme\avira_antivir_personal_de.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-05-15 14:55	155416	----a-w-	c:\windows\system32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\WebDavOverlayUpload]
@="{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}"
[HKEY_CLASSES_ROOT\CLSID\{0774B5A9-ADB5-4D3A-915F-72C7EF9CD262}]
2010-10-27 11:13	284304	----a-w-	c:\windows\system32\WebDAV.ShellExtension.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\dokumente und einstellungen\Sascha\Startmenü\Programme\Autostart\
Mediencenter Software.lnk - c:\programme\Telekom\Mediencenter\MediencenterSoftware.exe [2011-2-27 1991824]
SpeedFan.lnk - c:\programme\SpeedFan\speedfan.exe [2008-8-19 3562496]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"DataSync Outlook"="c:\programme\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe" -S
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"fssui"="c:\programme\Windows Live\Family Safety\fsui.exe" -autorun
"SweetIM"=c:\programme\SweetIM\Messenger\SweetIM.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"VMonitorVMUVC"="c:\programme\Vimicro\VMUVC\VMonitor.exe" VMUVC
"LuxeMate525"=c:\programme\KYE\LUXEMATE525\LuxeMateLoader.exe
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe"
"ArcSoft Connection Service"=c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe
"DATAMNGR"=c:\progra~1\WI371A~1\Datamngr\DATAMN~1.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\CryptLoad\\RouterClient.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"e:\\iTunes\\iTunes.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [09.11.2009 17:26 11392]
R1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [27.02.2011 20:15 265800]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [03.02.2009 14:53 1155072]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [03.09.2012 12:03 655944]
R2 MCSWASVR;Mediencenter Service;c:\programme\Telekom\Mediencenter\WebDAV.AdminService.exe [27.02.2011 20:14 16016]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [03.09.2012 12:03 22344]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [03.02.2010 12:33 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [09.04.2012 10:13 257696]
S3 cpuz130;cpuz130;\??\c:\dokume~1\Sascha\LOKALE~1\Temp\cpuz130\cpuz_x32.sys --> c:\dokume~1\Sascha\LOKALE~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 esgiguard;esgiguard;\??\c:\programme\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\programme\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [07.08.2008 10:10 3276800]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [03.02.2010 12:33 135664]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [30.01.2011 20:21 18432]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [02.12.2008 13:31 250240]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [02.12.2008 13:31 476160]
S3 zlportio;zlportio;\??\i:\singstar\zlportio.sys --> i:\singstar\zlportio.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 10:56]
.
2012-06-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-03 10:33]
.
2012-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-03 10:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.t-online.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx
IE: Download with Xilisoft YouTube Video Converter - c:\programme\Xilisoft\YouTube Video Converter\upod_link.HTM
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - c:\progra~1\SECRET~1\\SECRET~1.EXE
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\programme\IPPS\XM2002®\XM2002.exe
TCP: DhcpNameServer = 192.168.178.1
DPF: Deployer - hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab
DPF: {7527E129-A524-434A-A337-8C19F6F25C91} - hxxps://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{DFEFCDEE-CF1A-4FC8-88AD-18272BE37E29} - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
HKCU-Run-504651AF - c:\windows\system32\09737FD3504651AFA464.exe
Notify-dimsntfy - (no file)
AddRemove-DivX Plus DirectShow Filters - c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
AddRemove-DivX Setup.divx.com - c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe
AddRemove-Free 3GP Video Converter_is1 - c:\programme\DVDVideoSoft\Free 3GP Video Converter\unins000.exe
AddRemove-Free Audio CD Burner_is1 - c:\programme\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\programme\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe
AddRemove-Uninstall_is1 - c:\programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
AddRemove-Dropbox - c:\dokumente und einstellungen\Sascha\Anwendungsdaten\Dropbox\bin\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-09-25 15:10
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ð•€|ÿÿÿÿ.•€|ù•6~*]
"7040C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3600)
c:\windows\system32\CbFsMntNtf3.dll
c:\windows\system32\WebDAV.ShellExtension.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\programme\iPod\bin\iPodService.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-25  15:13:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-25 13:13
.
Vor Suchlauf: 6.423.916.544 Bytes frei
Nach Suchlauf: 6.800.424.960 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 484A53E95725541DCCBBB0799C45B1EB

cosinus · 25.09.2012, 15:10

Ok, dann versuchen wir nochmal OTL, mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

schnitzel_12 · 25.09.2012, 17:49

Mal ne kurze Frage - die Aufforderungen mit den Code-Tags, ist das eine Standardformulierung?
Ich bin mir da nämlich keiner Schuld bewusst.
Wenn nicht sag mal bescheid, nicht das ich jedes mal ins selbe Fettnäpfchen trete.

Ansonsten

..... diesmal hat es geklappt.

Code:

ATTFilter

OTL logfile created on: 25.09.2012 17:31:26 - Run 2
OTL by OldTimer - Version 3.2.68.0     Folder = C:\Dokumente und Einstellungen\Sascha\Desktop\Reparatur
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,19 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 83,57% Memory free
5,03 Gb Paging File | 4,66 Gb Available in Paging File | 92,54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 19,53 Gb Total Space | 6,35 Gb Free Space | 32,52% Space Free | Partition Type: NTFS
Drive E: | 93,01 Gb Total Space | 44,21 Gb Free Space | 47,53% Space Free | Partition Type: NTFS
Drive F: | 92,77 Gb Total Space | 92,21 Gb Free Space | 99,40% Space Free | Partition Type: NTFS
Drive G: | 92,77 Gb Total Space | 84,80 Gb Free Space | 91,40% Space Free | Partition Type: NTFS
 
Computer Name: FAHRSCHULMAFIA | User Name: Sascha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.25 17:29:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sascha\Desktop\Reparatur\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.06.09 14:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2010.07.09 16:43:15 | 000,016,016 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\Telekom\Mediencenter\WebDAV.AdminService.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
PRC - [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.12 18:25:34 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\6cabc7d1700c224e8b41ff2f96a3087c\SMDiagnostics.ni.dll
MOD - [2012.09.12 18:24:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll
MOD - [2012.09.12 18:24:35 | 011,797,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d987cf1de4ba688da92e212a374232c2\System.Web.ni.dll
MOD - [2012.09.12 18:23:50 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
MOD - [2012.09.12 18:22:11 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
MOD - [2012.09.12 18:21:12 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\8b2710a63ecd363315ef16b257588b95\System.Runtime.Serialization.ni.dll
MOD - [2012.09.12 18:21:02 | 001,070,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
MOD - [2012.09.12 17:38:10 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\563a54b98adb70fae862974042298348\System.Xml.ni.dll
MOD - [2012.09.12 17:36:44 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll
MOD - [2012.09.12 17:36:37 | 011,486,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.05 12:56:28 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.27 01:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.07.09 16:43:15 | 000,016,016 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- C:\Programme\Telekom\Mediencenter\WebDAV.AdminService.exe -- (MCSWASVR)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.02.03 14:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- I:\SingStar\zlportio.sys -- (zlportio)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Sascha\LOKALE~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.05.15 16:55:14 | 000,265,800 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2010.04.19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.02.11 14:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.08.05 22:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008.06.16 02:58:00 | 000,476,160 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vvftUVC.sys -- (vvftUVC)
DRV - [2008.06.16 02:58:00 | 000,250,240 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMUVC.sys -- (VMUVC)
DRV - [2008.01.29 11:02:00 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\archlp.sys -- (archlp)
DRV - [2008.01.03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.11.27 14:06:42 | 004,630,016 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2001.08.17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com/ [binary data]
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\SearchScopes\{5F276539-372D-43BC-A681-4D4507B04092}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=1DE2DBE8-F401-41CC-A9D0-8D01C5FF8A1F&apn_sauid=F70E54C6-193B-4AE6-9B69-11E5C943A158
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\SearchScopes\{D4806BE1-8CA5-4D04-87D3-3476E09BB2EB}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&form=MS8TDF&pc=MS8TDF&src=IE-SearchBox
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\SearchScopes\{D85B09C2-6989-4236-A53D-2C2D58EEF2E0}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programme\Veetle\plugins\npVeetle.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programme\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 16:32:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 16:32:21 | 000,000,000 | ---D | M]
 
[2012.01.21 16:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2012.09.25 15:10:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Sascha\Startmenü\Programme\Autostart\Mediencenter Software.lnk = C:\Programme\Telekom\Mediencenter\MediencenterSoftware.exe (Deutsche Telekom AG)
O4 - Startup: C:\Dokumente und Einstellungen\Sascha\Startmenü\Programme\Autostart\SpeedFan.lnk = C:\Programme\SpeedFan\speedfan.exe (Almico Software (www.almico.com))
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Programme\Xilisoft\YouTube Video Converter\upod_link.HTM ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: SecretCity 3DChat - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - C:\PROGRA~1\SECRET~1\\SECRET~1.EXE File not found
O9 - Extra Button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe File not found
O9 - Extra 'Tools' menuitem : &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7527E129-A524-434A-A337-8C19F6F25C91} https://shop.aldisued-fotos-druck.de/shop/activex/aldi_sued_express_upload.cab (AldiSuedActiveFormX Element)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Deployer hxxp://www.pcthreat.com/autoinstall/shsafeinstall.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EA4AA5C-F237-463B-A2F5-C840D21DB31A}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.13 12:22:39 | 000,000,000 | ---D | M] - G:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5CA109D3-A084-47E8-A9CB-D497322E3F50} - MSN Toolbar 3.0 & Silverlight 2.0
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{03d41b27-e2c9-48f4-841d-f0ae4cc0e233} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.ACM (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.I263 - C:\WINDOWS\System32\I263_32.DRV (Intel Corporation)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\I263_32.DRV (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VX1K - C:\WINDOWS\System32\vx1000s.dll (Lucent Technologies Inc.)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.25 17:28:12 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.09.25 14:44:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.09.25 14:25:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.09.25 14:25:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.09.25 14:25:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.09.25 14:25:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.09.25 14:25:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.09.25 14:24:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.09.12 21:40:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012.09.12 18:56:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012.09.12 18:56:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2012.09.12 18:56:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012.09.12 18:30:53 | 000,282,624 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012.09.12 18:30:52 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012.09.12 18:30:34 | 000,050,688 | ---- | C] (Twain-Arbeitsgruppe) -- C:\WINDOWS\System32\dllcache\twain_32.dll
[2012.09.12 18:06:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office
[2012.09.12 17:01:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\OCS
[2012.09.05 01:42:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012.09.03 21:33:19 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.09.03 12:04:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Malwarebytes
[2012.09.03 12:03:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.09.03 12:03:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.09.03 12:03:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.09.03 12:03:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.09.03 12:02:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sascha\Desktop\Reparatur
[2012.09.01 23:30:46 | 000,000,000 | ---D | C] -- C:\_OTL
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Sascha\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Sascha\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.25 17:25:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.25 17:24:55 | 000,201,151 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.09.25 17:24:53 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.25 17:24:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.25 16:56:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.25 15:10:22 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.09.25 14:44:59 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.09.25 14:16:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.13 14:22:38 | 000,452,632 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.13 14:22:38 | 000,435,710 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.13 14:22:38 | 000,081,474 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.13 14:22:38 | 000,068,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.12 21:43:02 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012.09.12 21:43:02 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012.09.12 21:40:03 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.09.12 21:31:01 | 000,251,184 | RHS- | M] () -- C:\ntldr
[2012.09.12 21:19:57 | 000,002,675 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.09.12 17:21:31 | 000,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012.09.03 12:03:59 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.31 18:20:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Sascha\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\Sascha\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.25 14:44:59 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.09.25 14:44:57 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012.09.25 14:25:08 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.09.25 14:25:08 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.09.25 14:25:08 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.09.25 14:25:08 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.09.25 14:25:08 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.09.12 21:24:06 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\Sascha\Startmenü\Programme\Outlook Express.lnk
[2012.09.12 18:31:35 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wstrendr.ax
[2012.09.12 18:31:35 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wstpager.ax
[2012.09.12 18:31:35 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012.09.12 18:31:35 | 000,103,124 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012.09.12 18:31:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax
[2012.09.12 18:31:35 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012.09.12 18:31:34 | 000,186,368 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2012.09.12 18:31:34 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2data.ax
[2012.09.12 18:31:34 | 000,018,989 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012.09.12 18:31:32 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2012.09.12 18:31:32 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012.09.12 18:31:18 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2012.09.12 18:31:14 | 000,618,406 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nt5inf.cat
[2012.09.12 18:31:07 | 000,081,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apps.chm
[2012.09.12 18:31:06 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2012.09.12 18:31:05 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012.09.12 18:31:05 | 000,030,983 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fp4.cat
[2012.09.12 18:31:01 | 000,379,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012.09.12 18:31:01 | 000,198,736 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2012.09.12 18:31:01 | 000,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ims.cat
[2012.09.12 18:31:01 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msmsgs.cat
[2012.09.12 18:30:59 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mstsweb.cat
[2012.09.12 18:30:58 | 001,899,936 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nt5.cat
[2012.09.12 18:30:51 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sniffpol.dll
[2012.09.12 18:30:50 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sstub.dll
[2012.09.12 18:30:49 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tshoot.dll
[2012.09.12 18:30:34 | 000,460,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\micross.ttf
[2012.09.12 18:30:34 | 000,383,140 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tahoma.ttf
[2012.09.12 18:30:34 | 000,355,436 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tahomabd.ttf
[2012.09.12 18:30:32 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2012.09.12 18:30:29 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compatui.dll
[2012.09.12 18:30:20 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2012.09.12 18:30:20 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2012.09.12 18:30:05 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp
[2012.09.12 18:29:49 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2012.09.12 18:29:01 | 000,009,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb
[2012.09.12 17:21:31 | 000,013,588 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2012.09.10 23:51:25 | 000,292,048 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.09.05 01:16:58 | 000,002,675 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.09.03 12:03:59 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.06 19:59:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.04 20:20:27 | 000,000,071 | ---- | C] () -- C:\WINDOWS\EPSONCD.INI
[2010.09.25 11:31:48 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc
[2010.01.09 15:47:57 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\Sascha\RefEdit.exd
[2009.09.19 10:53:09 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\$_hpcst$.hpc
[2009.05.16 12:05:35 | 030,143,040 | ---- | C] () -- C:\Programme\avira_antivir_personal_de.exe
[2008.10.31 16:04:56 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\PnkBstrK.sys
[2008.10.31 15:12:06 | 000,250,368 | ---- | C] () -- C:\Dokumente und Einstellungen\Sascha\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1601.02.13 10:28:18 | 002,927,687 | ---- | C] () -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\rQeerQdEAUdEAdT
[1601.02.13 10:28:18 | 000,005,084 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\qnfplJprvpnVGAGdjO
 
========== ZeroAccess Check ==========
 
[2008.12.21 22:22:45 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.08.20 07:35:25 | 001,494,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:18:19 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2004.08.04 00:57:38 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.08.27 15:53:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aldi Sued Fotoservice
[2009.10.14 21:24:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2008.10.26 14:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2011.07.16 11:12:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.08.27 15:53:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2009.05.25 13:44:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo
[2008.10.31 12:20:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.03.28 09:30:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2008.10.31 16:05:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2012.06.06 09:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2010.08.25 20:08:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2012.06.06 09:15:53 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010.09.18 13:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.03.31 17:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2010.02.21 16:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\AnvSoft
[2009.09.05 13:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Bump Technologies, Inc
[2011.11.15 20:14:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Cornelsen
[2008.10.31 12:30:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Datalayer
[2010.09.29 12:52:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\DataSync Outlook
[2012.06.06 19:54:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\DDMSettings
[2012.06.06 19:54:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Dropbox
[2009.09.21 17:12:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\EPSON
[2012.06.06 19:54:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\ICQ
[2012.01.21 16:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Incredibar.com
[2008.10.31 12:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Leadertech
[2009.08.27 15:57:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\MAGIX
[2012.06.06 19:54:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\MSNInstaller
[2009.02.10 13:06:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Nokia
[2012.06.06 19:54:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Nokia Multimedia Player
[2012.09.05 01:03:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Oblr
[2012.09.12 17:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\OCS
[2008.10.31 12:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\PC Suite
[2008.12.09 15:35:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\PX24
[2011.12.13 23:22:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Reviversoft
[2012.03.28 09:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\TuneUp Software
[2008.12.21 22:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Windows Live Writer
[2010.03.14 11:39:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Xilisoft
[2012.06.06 19:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\xplugin
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.10 15:38:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Adobe
[2010.02.21 16:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\AnvSoft
[2011.10.13 11:39:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Apple Computer
[2009.11.09 17:30:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\ArcSoft
[2009.09.05 13:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Bump Technologies, Inc
[2011.11.15 20:14:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Cornelsen
[2008.10.31 12:30:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Datalayer
[2010.09.29 12:52:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\DataSync Outlook
[2012.06.06 19:54:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\DDMSettings
[2010.08.08 13:51:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\DivX
[2012.06.06 19:54:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Dropbox
[2009.09.21 17:12:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\EPSON
[2009.03.28 15:22:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Google
[2010.09.18 13:52:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Help
[2012.06.06 19:54:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\ICQ
[2008.10.20 01:54:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Identities
[2012.01.21 16:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Incredibar.com
[2008.10.20 01:57:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\InstallShield
[2008.10.31 12:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Leadertech
[2008.10.20 01:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Macromedia
[2009.08.27 15:57:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\MAGIX
[2012.09.03 12:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Malwarebytes
[2012.06.06 19:54:17 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Microsoft
[2010.09.25 09:38:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Microsoft Web Folders
[2008.12.02 22:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Mozilla
[2009.09.19 09:42:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\MozillaControl
[2012.06.06 19:54:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\MSNInstaller
[2009.02.10 13:06:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Nokia
[2012.06.06 19:54:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Nokia Multimedia Player
[2012.09.05 01:03:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Oblr
[2012.09.12 17:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\OCS
[2008.10.31 12:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\PC Suite
[2008.12.09 15:35:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\PX24
[2011.12.13 23:22:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Reviversoft
[2009.06.20 18:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Sun
[2012.03.28 09:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\TuneUp Software
[2012.06.06 19:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\vlc
[2008.12.21 22:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Windows Live Writer
[2009.02.20 16:10:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\WinRAR
[2010.03.14 11:39:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Xilisoft
[2012.06.06 19:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\xplugin
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\erdnt\cache\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.23 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.10.20 09:24:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.10.20 09:24:08 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.10.20 09:24:08 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >
[2008.10.20 01:49:26 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2008.10.20 01:53:35 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2010.02.03 12:33:57 | 000,001,086 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010.02.03 12:33:58 | 000,001,090 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2010.09.18 13:31:06 | 000,000,276 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2012.04.09 10:13:02 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

< End of report >

cosinus · 25.09.2012, 19:45

Ja das ist eine Standardformulierung, ich will nicht jedesmal das Rad neu erfinden - was meinst du wohl wie viele Beiträge ich hier verfasse

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\SearchScopes\{5F276539-372D-43BC-A681-4D4507B04092}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=1DE2DBE8-F401-41CC-A9D0-8D01C5FF8A1F&apn_sauid=F70E54C6-193B-4AE6-9B69-11E5C943A158
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1214440339-725345543-332150421-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
O3 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1214440339-725345543-332150421-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: SecretCity 3DChat - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - C:\PROGRA~1\SECRET~1\\SECRET~1.EXE File not found
O9 - Extra Button: XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe File not found
O9 - Extra 'Tools' menuitem : &XM2002® - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Programme\IPPS\XM2002®\XM2002.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.13 12:22:39 | 000,000,000 | ---D | M] - G:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
:Files
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{*
C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Oblr
C:\Programme\Windows iLivid Toolbar
C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\Incredibar.com
C:\Dokumente und Einstellungen\Sascha\Anwendungsdaten\rQeerQdEAUdEAdT
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\qnfplJprvpnVGAGdjO
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

16.09.2012, 12:00	#31
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Willkommen bei Windows Update - Verschlüsselungstrojaner Kannst du denn wenigstens sehen wo in etwa OTL beim Script hängt? An einer bestimmten Stelle/Zeile im Script oder schon ganz am Anfang? __________________ Logfiles bitte immer in CODE-Tags posten

17.09.2012, 11:56	#33
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Willkommen bei Windows Update - Verschlüsselungstrojaner Wenn das OTL-Fenster noch sichtbar bleibt solltest du unten eine Statusleiste von OTL sehen - da sieht man nämlich was OTL gerade tut. Auch wenn ein Log gerade erstellt wird, sieht man in welchem Bereich er gerade rumscannt __________________ __________________

Willkommen bei Windows Update - Verschlüsselungstrojaner

Plagegeister aller Art und deren Bekämpfung: Willkommen bei Windows Update - Verschlüsselungstrojaner