Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Cyber Crime Investigation Department Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 31.08.2012, 23:48   #1
conlinz
 
Cyber Crime Investigation Department Virus - Standard

Cyber Crime Investigation Department Virus



Hallo!

Mein PC (Win 7) hat sich heute den hier schon in einigen Themen angesprochenen Virus mit der Meldung "Cyber Crime Investigation Department" in der österreichischen Version eingefangen. Die erschienene Meldung sperrt meinen PC und fordert zur Zahlung von 100 Euro mittels Paypal auf.

Bevor ich auf dieses Forum hier gestoßen bin, habe ich schon entsprechend einer anderen Anleitung aus dem Web im geschützten Modus einen Scan mit Malwarebytes Anti-Malware durchgeführt. Dabei wurden zwei infizierte Dateien gefunden und in Quarantäne verschoben. Anschließend ließ sich der Rechner wieder problemlos starten, es gibt keine offensichtlichen Fehlfunktionen mehr

Nun bin ich mir nicht ganz sicher ob schon alles wieder in Ordung ist oder doch noch zusätzlich etwas zu tun ist.

Hier die Logs in der Reihenfolge wie ich die Scans durchgeführt habe:

Malwarebytes Anti-Malware :

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.31.09

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
User :: PABLO [Administrator]

Schutz: Deaktiviert

31.08.2012 18:54:04
mbam-log-2012-08-31 (18-54-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 565643
Laufzeit: 1 Stunde(n), 24 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\User\AppData\Local\Temp\roper0dun.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
danach der Scan mit OTL:
Code:
ATTFilter
OTL logfile created on: 31.08.2012 20:39:05 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\User\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 60,41% Memory free
3,75 Gb Paging File | 2,67 Gb Available in Paging File | 71,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 156,63 Gb Total Space | 65,10 Gb Free Space | 41,57% Space Free | Partition Type: NTFS
Drive D: | 309,11 Gb Total Space | 28,75 Gb Free Space | 9,30% Space Free | Partition Type: NTFS
 
Computer Name: PABLO | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.31 20:36:53 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.14 12:23:18 | 003,133,704 | ---- | M] (Evgeny Lachinov) -- C:\Program Files\Wild Media Server\wmssvc.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.05.16 16:58:21 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.05.10 09:23:08 | 000,958,464 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.exe
PRC - [2010.04.15 12:51:02 | 000,261,256 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.02.03 13:57:56 | 000,389,120 | R--- | M] (Teleca) -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.12.11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2009.11.19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009.11.11 15:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Programme\AirPort\APAgent.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.09.29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
PRC - [2009.09.29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009.09.29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009.09.29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009.06.03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Program Files\Common Files\Teleca Shared\logger.exe
PRC - [2009.05.15 12:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
PRC - [2009.05.15 12:36:48 | 000,206,128 | R--- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\nassche.exe
PRC - [2009.04.14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.06.03 02:51:08 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.06.03 02:50:58 | 001,144,104 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.05.10 09:23:08 | 000,958,464 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.exe
MOD - [2010.02.10 18:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010.02.10 18:08:38 | 000,237,361 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2010.02.04 12:15:22 | 000,209,920 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtSqlBirdie4.dll
MOD - [2010.02.04 12:15:10 | 007,810,560 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtGuiBirdie4.dll
MOD - [2010.02.04 12:02:16 | 000,673,792 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtNetworkBirdie4.dll
MOD - [2010.02.04 12:01:02 | 002,097,152 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtCoreBirdie4.dll
MOD - [2010.01.20 17:57:38 | 000,030,208 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\QtSolutions_SingleApplication-2.6.dll
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2009.09.29 12:24:24 | 000,139,264 | R--- | M] () -- C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2009.09.12 15:47:34 | 000,544,768 | ---- | M] () -- C:\Programme\BirdieSync\BirdieSync.Lib\sqlite3.dll
MOD - [2007.01.11 17:33:20 | 000,106,496 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.31 08:29:12 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.22 00:41:25 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.04.14 12:23:18 | 003,133,704 | ---- | M] (Evgeny Lachinov) [Auto | Running] -- C:\Program Files\Wild Media Server\wmssvc.exe -- (WmsService)
SRV - [2010.06.15 19:55:43 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.05.16 16:58:21 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.04.15 12:51:02 | 000,261,256 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.05.15 12:36:50 | 000,251,184 | R--- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files\BUFFALO\NASNAVI\nassvc.exe -- (NasPmService)
SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.11.03 09:56:28 | 000,920,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.30 11:24:30 | 000,132,608 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2012.07.30 11:24:30 | 000,132,608 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 20:03:17 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 20:03:17 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.05.02 01:35:17 | 000,121,208 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.10 16:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2011.07.20 02:54:06 | 000,047,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV - [2011.07.19 23:12:22 | 000,225,280 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btmhsf.sys -- (btmhsf)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.10.22 18:37:42 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2010.10.22 18:37:42 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2010.10.22 18:37:41 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2010.10.22 18:37:41 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2010.06.13 19:56:17 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.26 16:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.07.26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 15:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 15:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)
DRV - [2008.07.26 15:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007.09.25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109992&babsrc=HP_ss&mntrId=853668800000000000000009dd5084cf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 59 19 18 41 BF CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{033D0AAE-1F9D-4141-AA17-8965E3B86015}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109992&babsrc=SP_ss&mntrId=853668800000000000000009dd5084cf
IE - HKCU\..\SearchScopes\{ABB50930-30DE-43A4-9CF5-2FEA0BF812BA}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\User\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.30 03:54:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.03 20:41:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.05.18 19:21:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.03 20:41:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Sunbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files\BirdieSync\Sunbird Service [2010.05.29 15:37:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files\BirdieSync\Thunderbird Service [2010.05.29 15:37:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.30 03:54:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.03 20:41:07 | 000,000,000 | ---D | M]
 
[2011.12.22 21:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2010.06.12 23:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.13 14:13:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\MediaCoder
[2010.06.13 22:23:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX
[2010.06.13 14:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2011.12.22 21:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2012.08.30 11:43:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\fl8p56oj.default\extensions
[2010.06.12 23:10:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\fl8p56oj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.08.30 11:43:51 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\fl8p56oj.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011.01.28 14:00:10 | 000,000,000 | ---D | M] (FireTorrent) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\fl8p56oj.default\extensions\firetorrent@radicalsoft.com
[2012.03.17 14:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.31 08:29:13 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.06.13 19:28:17 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.06.26 22:45:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.28 19:50:46 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.08.31 08:29:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.26 22:45:29 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.26 22:45:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.26 22:45:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.26 22:45:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {D6E0063B-7B09-45C9-A51D-1FB51840EBE0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - No CLSID value found.
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BirdieSync] C:\Program Files\BirdieSync\BirdieSync.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [Nero MediaHome 4] "C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN File not found
O4 - HKCU..\Run: [Wild Media Server (UPnP, DLNA, HTTP)] C:\Program Files\Wild Media Server\wms.exe (Evgeny Lachinov)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Playlist - res://C:\Program Files\PacketVideo\TwonkyBeam\Internet Explorer\TwonkyIEPlugin.dll/314 File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: //@surf.mar@/ ([]money in Local intranet)
O15 - HKCU\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites)
O15 - HKCU\..Trusted Domains: google-analytics.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: novastor.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B23B6D48-271C-43AA-AEDB-F49E63BDCE79}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 20:36:50 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.08.31 20:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.08.31 18:52:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.08.31 18:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.31 18:51:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.31 18:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.31 18:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.31 18:50:46 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.29 18:33:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{726BFC50-6E04-43FC-8EF4-AC04F172C1AB}
[2012.08.27 19:41:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3A67FCD4-39AD-41B2-9170-52DCB6928241}
[2012.08.23 00:28:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{BEB32763-825B-41F6-9FDB-60C2C8A64684}
[2012.08.22 10:59:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DDBA9F3C-2037-40B1-82E2-F57AF3097E11}
[2012.08.22 00:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012.08.22 00:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012.08.21 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{40D3583C-2FA4-486E-9C82-165BC339FE89}
[2012.08.21 14:04:45 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Alpen 3D Online
[2012.08.20 01:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012.08.20 01:33:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F11543B5-59CB-4DB6-93A8-3B280E8562A6}
[2012.08.18 02:26:20 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F57C37CB-0CF2-47FF-AB26-111C539AB080}
[2012.08.15 18:15:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3F7DC36E-1BBC-47DB-B748-8710655A8393}
[2012.08.15 18:15:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{974E162D-CAC3-4A5D-9707-36002E4547DD}
[2012.08.11 17:53:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EB041BD3-EF57-43B6-BC09-5255D9C05D91}
[2012.08.11 17:53:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3E574AA1-B3D2-474E-A9D8-D02C13E1E279}
[2012.08.08 22:22:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F23488B4-4A23-481E-88C0-0F0CB7455479}
[2012.08.08 22:22:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{7133A287-EE6E-4CF6-B750-1888C140A9B1}
[2012.08.03 22:22:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{16FF14EF-FF29-44FC-8C8C-11E563129080}
[2012.08.03 22:22:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{2C99307C-D624-4F0A-9E39-B6C617BB895A}
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.31 20:36:53 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.08.31 20:36:07 | 000,000,000 | ---- | M] () -- C:\Users\User\defogger_reenable
[2012.08.31 20:35:06 | 000,000,514 | ---- | M] () -- C:\Users\User\Desktop\Defogger - Verknüpfung.lnk
[2012.08.31 20:34:00 | 000,050,477 | ---- | M] () -- C:\Users\User\Desktop\Defogger.exe
[2012.08.31 20:29:09 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 20:29:09 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.31 20:21:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.31 20:21:40 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.31 18:51:56 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.31 18:50:46 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\User\Desktop\mbam-setup-1.62.0.1300.exe
[2012.08.31 18:45:03 | 001,008,141 | ---- | M] () -- C:\Users\User\Desktop\rkill.com
[2012.08.31 18:37:32 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.08.31 17:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 10:42:28 | 000,004,197 | ---- | M] () -- C:\Users\User\.recently-used.xbel
[2012.08.22 01:07:59 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\AnyDVD.lnk
[2012.08.22 00:40:54 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012.08.18 02:16:13 | 000,294,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.08.31 20:36:07 | 000,000,000 | ---- | C] () -- C:\Users\User\defogger_reenable
[2012.08.31 20:35:29 | 000,050,477 | ---- | C] () -- C:\Users\User\Desktop\Defogger.exe
[2012.08.31 20:35:06 | 000,000,514 | ---- | C] () -- C:\Users\User\Desktop\Defogger - Verknüpfung.lnk
[2012.08.31 18:51:56 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.31 18:45:03 | 001,008,141 | ---- | C] () -- C:\Users\User\Desktop\rkill.com
[2012.08.31 17:47:36 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.08.31 10:42:28 | 000,004,197 | ---- | C] () -- C:\Users\User\.recently-used.xbel
[2012.08.22 00:41:29 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.22 00:40:54 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012.03.07 22:31:05 | 000,000,087 | ---- | C] () -- C:\Users\User\.iccbutton_history
[2011.04.30 09:19:29 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.12.13 21:07:17 | 000,000,011 | ---- | C] () -- C:\ProgramData\.tv6
[2010.12.12 16:50:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.12.12 16:20:02 | 000,000,842 | ---- | C] () -- C:\Windows\wms.ini
[2010.12.12 16:19:56 | 000,000,134 | ---- | C] () -- C:\Windows\wmssetup.ini
[2010.12.11 22:54:20 | 000,003,584 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.12 02:00:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.06.13 19:38:22 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.06.13 12:38:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== LOP Check ==========
 
[2012.08.21 14:04:45 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Alpen 3D Online
[2011.12.31 12:47:35 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon
[2012.02.28 19:50:44 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Babylon
[2011.02.26 23:26:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BirdieSync
[2010.06.13 22:43:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Broad Intelligence
[2010.06.13 13:46:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited
[2010.06.13 17:53:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon
[2012.03.25 23:07:46 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DVDVideoSoft
[2010.11.16 20:07:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Engelmann Media
[2010.06.21 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Facebook
[2011.04.02 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit Software
[2012.08.31 10:42:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\gtk-2.0
[2010.06.12 22:36:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2010.11.20 13:36:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MyPhoneExplorer
[2011.01.05 20:27:54 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\NASNaviator2
[2010.06.18 16:28:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2011.12.22 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Songbird2
[2012.08.08 21:08:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Spotify
[2010.10.30 16:05:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Teleca
[2010.06.12 23:17:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Thunderbird
[2010.06.13 12:46:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Trillian
[2010.06.13 19:57:41 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TrueCrypt
[2010.12.13 21:53:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TwonkyMedia
[2012.08.22 17:10:37 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 31.08.2012 20:39:05 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\User\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,87 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 60,41% Memory free
3,75 Gb Paging File | 2,67 Gb Available in Paging File | 71,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 156,63 Gb Total Space | 65,10 Gb Free Space | 41,57% Space Free | Partition Type: NTFS
Drive D: | 309,11 Gb Total Space | 28,75 Gb Free Space | 9,30% Space Free | Partition Type: NTFS
 
Computer Name: PABLO | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E97173-A0BC-4893-A0DB-C110BDB51D38}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0A088FA1-F0FE-4D70-AA61-014240EDEB4D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0DBA54ED-FE1C-4867-BCD1-3156E8150E40}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0FF0908D-4DB0-4D9A-BCE7-CAF015890B7D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{16A66A85-3450-493B-8909-10D22950B748}" = lport=137 | protocol=17 | dir=in | app=system | 
"{1A3A8578-246B-4F27-9EFE-20DC065A475E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{23EC4ACC-2940-417F-9F33-57B4F8C27600}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2FCC5A55-3E4B-4F94-9E06-DA77F87558D4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{39BEE632-19CC-4F4B-93F0-1B493356CDF7}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4808CC69-5DC1-4A16-B653-0FD794C643EA}" = lport=1900 | protocol=17 | dir=in | name=medienmanager upnp broadcast | 
"{4AD18B6F-1067-423E-8022-334D555E9C04}" = lport=58927 | protocol=6 | dir=in | app=c:\program files\birdiesync\birdiesync.exe | 
"{4FE7DE1A-6DC5-4262-B643-A396C26A8D63}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{541C7346-08B1-49BB-A6F1-FD28F0876D3C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=datei- und druckerfreigabe (spoolerdienst - rpc-epmap) | 
"{55920470-DCAD-461A-939F-636553C05079}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5863C073-4C14-4856-8B89-6167B8BD1FDD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6DE6AD38-A096-45F2-80C7-899E7C4945FB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe | 
"{725BE2D3-7800-4778-9034-FC05B7EFC725}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 
"{751F0AAC-7F2E-446B-9E05-F7B837BBB01C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C34436A-FBE8-49AF-A36C-6E7350FC35F0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{9F484EED-8D71-41D7-BC11-F5DA51E9E04E}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9FD68BDB-BFBA-473E-BBEF-5039029D3089}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A5306BFF-AECE-4244-A8E6-1EC79FC2655A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C264E6A4-0E5C-4711-B29F-FD6683553B59}" = lport=4004 | protocol=6 | dir=in | name=medienmanager tcp port | 
"{D0164924-42B1-47DE-A3BA-B03D7E826B66}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E1B70C69-A1C5-456C-B908-52B3A940E139}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E6972866-550E-4B4B-A7BF-7C71ECFC900C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{EE25348B-697B-4557-BB94-5D63350597C7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FA06F76E-E3DA-4BE7-89A5-FA08E530204F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07EE6E46-043F-41AC-A1DD-0361921B7B4A}" = protocol=6 | dir=out | app=system | 
"{08B2D366-AB6A-4694-B1D9-0E09F4512C27}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0FE44533-C1D8-4ECB-AC72-CCD73F713E45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{11F3DE02-29F0-4E03-8600-280C03368687}" = protocol=1 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv4 ausgehend) | 
"{123BBCF1-35E3-448E-9C84-C3320ABE98A7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{1C32A79E-4039-4EC5-8A1A-297C2D56AF72}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1E939EFA-DE42-4D74-BDD7-6236A072F662}" = protocol=17 | dir=in | app=c:\program files\telekom-austria\medienmanager\medienmanager.exe | 
"{1F67EFFF-3D1E-4B6D-BE3F-C62B95EF8A19}" = protocol=1 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv4 eingehend) | 
"{204A7597-3107-4F1C-8841-EA2A0A06B762}" = protocol=58 | dir=out | name=datei- und druckerfreigabe (echoanforderung - icmpv6 ausgehend) | 
"{25C50158-D696-4F60-AAD5-89CE22418F30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{27A30CE0-F3E0-4F95-B8EF-9FB193915DBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{29B6C4D4-B771-45BE-A2A9-B2996BE0D060}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3143D394-31AA-420E-81B1-14A4F62EEE48}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{33A5156F-5261-449D-A49A-0F215EA398D7}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{435A6677-FFB0-4CC0-94CD-874C6F66416F}" = protocol=6 | dir=in | app=c:\program files\wild media server\wmssvc.exe | 
"{4F5773C4-0BF9-4CC9-BDD9-BB1E9634BA88}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{50BA8279-408C-47AB-A4D5-D7B2DA99A29F}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{58E099CC-E703-4DFF-98F8-D92DB704708E}" = dir=in | app=c:\program files\airport\apagent.exe | 
"{617C3544-87CD-4E3F-BD86-2D8EC6627930}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{739EFF8E-D4A9-4D58-99C0-A32CAA2EBBA8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{75FB098D-AA7D-4308-B73E-E13614CF509C}" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{768C0B8E-9284-47B5-A7A1-1870CBC2DF61}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{7DCEE14A-85B4-4C3B-90B4-7F05EDF60127}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8366AD53-D196-42DB-923B-7AD3FCEC9C6C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{8658057C-F31E-40A7-A3AB-0C7579C15567}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8B7E1013-FC08-4D0B-89FC-77A2E7B14B33}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8F2B1193-C67B-4D23-A523-10573DA83E45}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{A0A58A49-1BE4-4853-B749-79DA70C52197}" = protocol=17 | dir=in | app=c:\program files\wild media server\wmssvc.exe | 
"{AAC66BD4-ABCF-4B84-AFAC-3BC13569ADF0}" = protocol=58 | dir=in | name=datei- und druckerfreigabe (echoanforderung - icmpv6 eingehend) | 
"{AF2C48CF-AE84-42E4-800A-99A9B7652A51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B8021C6F-91FC-4F0C-BAAE-49E3803523D2}" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"{C13C5AAC-B39C-44A0-8087-2826EDA66E6C}" = protocol=6 | dir=in | app=c:\program files\telekom-austria\medienmanager\medienmanager.exe | 
"{C6019447-6887-4829-9DC9-BA1456E263FC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{CCB9C2F2-C1C4-4663-B417-B07C7EB72F88}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D0186CE2-AB20-4F89-9ECF-7F457D853BCE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3C86B5E-BE8D-4134-837C-26E44B8B5C56}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{D428B849-D3E9-41C8-860D-A34374ED52A9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E47106F0-B0A0-46D6-BA11-F64E2CBCC9EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5479991-440E-4256-B248-5D9E89407593}" = protocol=58 | dir=in | app=system | 
"{E78647F8-A558-4DA6-A737-236CDFDD559E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{EF180C8B-C4EA-4E41-9CF7-37C0A4A4D202}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F31D5BBD-6D02-487B-AB0D-A21F0D0868A6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F3B6C378-9D54-4A61-9280-C5F6972909C2}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{FDA6B45B-5D38-45E8-99EB-61A998510BC9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"TCP Query User{01B122F7-FA93-4FB7-B770-0D7F768E1788}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"TCP Query User{4E27FA99-29DA-4B81-A556-87C12FBBCE4D}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=6 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"TCP Query User{5A96CF40-0017-4DD9-B141-1BDA5564A163}C:\program files\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=6 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe | 
"TCP Query User{6A32E334-9D30-4866-9D19-DEBB9B890F02}C:\program files\wild media server\wms.exe" = protocol=6 | dir=in | app=c:\program files\wild media server\wms.exe | 
"TCP Query User{6D2D5BB7-38FE-4F2B-BFEA-46CC7A8B1D5B}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{7AEDABDC-96CC-4B7C-8A85-A17B3EC72DAB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{7F8D8539-2290-47FE-A238-449474628ED3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{96600BB4-338F-4B0A-A7EC-0E7097C48AD5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{BB6446DC-F8BF-4D13-8C14-2D4392C8D64F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{CE36C443-E082-4010-8E26-392545F198ED}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{D862314A-7E33-4211-923A-49FBA224094D}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"TCP Query User{E90DE87D-05CE-412C-A009-51B79B0660BE}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe | 
"TCP Query User{EDCCA20D-3076-485C-8547-6FCF5FD89103}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=6 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"TCP Query User{EFF4E918-191B-4B03-88BE-D5B8AE41405B}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{F97E0D76-106C-46A9-8FA0-F6E6FE3D18C2}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{21F73122-5E64-4B84-8FF6-D0E68D3E2ED9}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
"UDP Query User{294C7104-D66C-467B-9606-0C816BFE6A3D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{2ACD5E1E-601B-4836-B54F-F93DEEFD6ED5}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{5C8B3D5C-D938-49FC-97A9-3419E8B36A7D}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{7E39F8A6-2197-49B4-B715-26431147C0B0}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe | 
"UDP Query User{8D02706B-96F3-45F8-9AEF-4CC39AF4F98D}C:\program files\wild media server\wms.exe" = protocol=17 | dir=in | app=c:\program files\wild media server\wms.exe | 
"UDP Query User{933CFB2B-00F6-4963-A667-4A4FE06AE524}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"UDP Query User{970F7085-441E-4A61-AAD7-32F40BBF0C5E}C:\program files\buffalo\nasnavi\nasnavi.exe" = protocol=17 | dir=in | app=c:\program files\buffalo\nasnavi\nasnavi.exe | 
"UDP Query User{9AFC37C1-F4A5-4574-998A-F1B29778BBB5}C:\program files\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files\myphoneexplorer\myphoneexplorer.exe | 
"UDP Query User{B67F9D20-4D04-47EC-A3ED-F532A62A7442}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{C2186A56-A50E-4E5F-895C-72C9CF2706DD}C:\program files\mozilla thunderbird\thunderbird.exe" = protocol=17 | dir=in | app=c:\program files\mozilla thunderbird\thunderbird.exe | 
"UDP Query User{C466B5AD-4011-445C-B041-37C31DAC98DE}C:\program files\twonkymedia\mediamanager\twonkymediamanager.exe" = protocol=17 | dir=in | app=c:\program files\twonkymedia\mediamanager\twonkymediamanager.exe | 
"UDP Query User{E8FDE45D-15F5-4CF4-8ECA-BC02C6B80CC6}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{E9733189-7062-479C-94C2-88308DE1A3A6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{F17CE722-BD29-4CAE-B598-0F255C2D0B9F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F547B3D-8347-4262-AB2C-2F49BB716DA8}" = NovaBACKUP
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40184457-4514-4B18-84A8-6BB8A3AB6A81}" = AirPort
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD2DD45-8763-4F12-BDC6-958FCFEF0FCB}" = Microsoft IntelliType Pro 8.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D210D79-AEC5-453B-960C-4DD2C73931E1}" = Bonjour-Druckdienste
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"8781-9705-0578-2960" = MedienManager 1.2.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"BirdieSync" = BirdieSync 2.2.0.1
"CloneDVD2" = CloneDVD2
"DivX Setup.divx.com" = DivX-Setup
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Foxit Reader" = Foxit Reader
"Free Video Dub_is1" = Free Video Dub version 2.0.3.1206
"GPS Photo Tagger" = GPS Photo Tagger V1.2.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MediaCoder" = MediaCoder 0.7.3.4677
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"Mozilla Thunderbird 15.0 (x86 de)" = Mozilla Thunderbird 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"NovaBACKUP" = NovaBACKUP
"Songbird-release-2160" = Songbird 1.10.1 (Build 2160)
"Trillian" = Trillian
"TrueCrypt" = TrueCrypt
"UN060501" = BUFFALO NAS Navigator2
"UN070209" = Uninstall of File Security Tool
"VLC media player" = VLC media player 1.0.5
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WMS" = Wild Media Server (UPnP, DLNA, HTTP)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.05.2012 13:41:15 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 09.05.2012 13:41:15 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 09.05.2012 13:43:12 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 09.05.2012 13:43:24 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 10.05.2012 11:32:34 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 10.05.2012 11:33:53 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 10.05.2012 13:17:58 | Computer Name = Pablo | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NovaStor\NovaStor
 NovaBACKUP\x64\ExchangeDelegate.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.05.2012 13:35:01 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 10.05.2012 16:53:51 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
Error - 10.05.2012 16:53:51 | Computer Name = Pablo | Source = wmssvc.exe | ID = 0
Description = 
 
[ System Events ]
Error - 31.08.2012 14:07:01 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:09:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:09:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:09:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:14:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:14:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:14:09 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:16:15 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:16:15 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 31.08.2012 14:16:15 | Computer Name = Pablo | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >
         
und mit Gmer:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-01 00:08:28
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AAKS-00YGA0 rev.12.01C02
Running: pc70uyhh.exe; Driver: C:\Users\User\AppData\Local\Temp\ugldapod.sys


---- System - GMER 1.0.15 ----

SSDT            8E3B0906                                                                                         ZwCreateSection
SSDT            8E3B0910                                                                                         ZwRequestWaitReplyPort
SSDT            8E3B090B                                                                                         ZwSetContextThread
SSDT            8E3B0915                                                                                         ZwSetSecurityObject
SSDT            8E3B091A                                                                                         ZwSystemDebugControl
SSDT            8E3B08A7                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         82C543C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           82C8DD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82C94EAC 4 Bytes  [06, 09, 3B, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              82C95208 4 Bytes  JMP BDD2628F 
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              82C9524C 4 Bytes  [0B, 09, 3B, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                              82C952C8 4 Bytes  [15, 09, 3B, 8E]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                              82C9531C 4 Bytes  [1A, 09, 3B, 8E]
.text           ...                                                                                              
?               System32\drivers\vqcgjrx.sys                                                                     Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\drivers\atikmdag.sys                                                         section is writeable [0x8EC18000, 0x227A14, 0xE8000020]
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                              A84BA000 68 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 4FD5                                                              A84BA045 203 Bytes  [8B, C6, F0, 0F, BA, 28, 00, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50A1                                                              A84BA111 17 Bytes  [87, 01, 6A, 00, 6A, 20, A3, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                              A84BA123 629 Bytes  [55, 4B, A8, FE, 05, 34, 55, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                              A84BA399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            ...                                                                                              

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004a                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5084cf                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5084cf@0060d1000b58         0x6D 0x90 0x99 0x19 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5084cf@123456789cdf         0xC9 0x54 0xC4 0x86 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5084cf (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5084cf@0060d1000b58             0x6D 0x90 0x99 0x19 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5084cf@123456789cdf             0xC9 0x54 0xC4 0x86 ...

---- EOF - GMER 1.0.15 ----
         

Ich hoffe ihr könnt mir helfen und im Voraus vielen Dank!

LG Rudi

 

Themen zu Cyber Crime Investigation Department Virus
7-zip, antivir, avira, babylon toolbar, babylontoolbar, bho, bonjour, browser, cdburnerxp, crime, cyber crime, error, euro, fehler, firefox, flash player, format, google-analytics.com, helper, iexplore.exe, infizierte dateien, install.exe, intranet, langs, locker, logfile, mozilla, plug-in, registry, rundll, scan, security, server, software, starten, svchost.exe, udp, virus, zahlung




Ähnliche Themen: Cyber Crime Investigation Department Virus


  1. Cyber Crime Investigation Department Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 02.11.2014 (3)
  2. Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 16.12.2012 (2)
  3. Cyber Crime Investigation Department
    Log-Analyse und Auswertung - 13.11.2012 (11)
  4. Cyber Crime Investigation Department Virus
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (12)
  5. Cyber Crime Investigation Department - OTL-txt
    Log-Analyse und Auswertung - 24.10.2012 (13)
  6. Polizei cyber crime investigation department
    Log-Analyse und Auswertung - 24.10.2012 (2)
  7. cyber crime investigation department österreich - virus?
    Log-Analyse und Auswertung - 24.10.2012 (2)
  8. Cyber Crime Investigation Department Schadsoftware mit Win XP SP 2
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (6)
  9. Cyber Crime Investigation Department Virus
    Log-Analyse und Auswertung - 23.10.2012 (4)
  10. cyber crime investigation department polizei
    Log-Analyse und Auswertung - 17.10.2012 (13)
  11. Cyber Crime Investigation Department !
    Log-Analyse und Auswertung - 11.10.2012 (34)
  12. Polizei Virus - Cyber Crime Investigation Department
    Log-Analyse und Auswertung - 09.10.2012 (28)
  13. cyber crime investigation department
    Plagegeister aller Art und deren Bekämpfung - 04.10.2012 (16)
  14. Cyber Crime Investigation Department Trojaner
    Log-Analyse und Auswertung - 06.09.2012 (12)
  15. Cyber Crime Investigation Department Virus
    Plagegeister aller Art und deren Bekämpfung - 03.09.2012 (5)
  16. Bitte um Hilfe gegen Virus cyber crime investigation department österreich
    Plagegeister aller Art und deren Bekämpfung - 02.09.2012 (11)
  17. Cyber Crime Investigation Department
    Plagegeister aller Art und deren Bekämpfung - 31.08.2012 (1)

Zum Thema Cyber Crime Investigation Department Virus - Hallo! Mein PC (Win 7) hat sich heute den hier schon in einigen Themen angesprochenen Virus mit der Meldung "Cyber Crime Investigation Department" in der österreichischen Version eingefangen. Die erschienene - Cyber Crime Investigation Department Virus...
Archiv
Du betrachtest: Cyber Crime Investigation Department Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.