GVU Trojaner mit kurzer Gedenksekunde immer wieder da

Siegfried01 · 22.01.2013, 22:50

Hallo, liebes Trojaner-Team !

Erstmal toll und Danke, daß es Euch gibt !

Seit ein paar Tagen habe ich einen GVU Trojaner.
Der Rechner (XP) fährt hoch, Desktop erscheint, nach einigen Sekunden poppt der GVU bildschirmfüllend auf. Manchmal kann ich noch auf ein Programm klicken und das Startbild dieses Programmes erscheint, dann überlagert der GVU wieder alles.

Kaspersky Rescue Disk 10 hab ich schon 2 x laufen lassen, hat 2 Bedrohungen "neutralisiert", GVU blieb.
Starten mit abgesichertem Modus mit Eingabeaufforderung geht nicht, er startet nur normal (bis zum Erscheinen GVU)
Systemwiederherstellung hat nichts gebracht.

Wenn der Rechner keine Verbindung mehr zum Internet hat, läuft er normal.

Habe ein Notebook, über das ich (wie jetzt) in's Netz kann.

Würde mich über Tipps sehr freuen !

OTL, Extras und Gmer - txt's sind nach Anleitung erstellt.
Darf ich sie direkt einkopieren oder lieber als zip ?

Vielen Dank schon mal !!

Siegfried aus München !

markusg · 22.01.2013, 23:45

hi
finger weg von der systemwiederherstellung bei trojaner befall! das kann mehr probleme verursachen.
poste die logs bitte

Siegfried01 · 23.01.2013, 12:44

Hi, Markus !
Danke.
Hier die logs:OTL Logfile:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 22.01.2013 11:19:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Siegfried\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 227,63 Mb Available Physical Memory | 44,50% Memory free
1,21 Gb Paging File | 0,99 Gb Available in Paging File | 81,70% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,76 Gb Total Space | 29,25 Gb Free Space | 26,17% Space Free | Partition Type: FAT32
 
Computer Name: OEM-245ONO5QR3Y | User Name: Siegfried | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.21 16:22:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Siegfried\Desktop\OTL.exe
PRC - [2012.12.12 10:28:14 | 000,163,000 | ---- | M] (Geek Software GmbH) -- C:\Programme\pdf24\pdf24.exe
PRC - [2011.05.25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.10.12 04:47:06 | 000,098,304 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004.10.12 03:40:38 | 000,118,784 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2003.07.11 20:45:02 | 000,241,664 | ---- | M] (Nikon Corporation) -- C:\Programme\Nikon\NkView6\NkvMon.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003.06.18 11:57:40 | 000,466,944 | ---- | M] (Neodio Corp.) -- C:\Programme\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.09.29 14:48:42 | 000,094,720 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2004.10.12 04:47:06 | 000,098,304 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
MOD - [2004.10.12 04:46:52 | 000,147,456 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 3.0\platform.dll
MOD - [2004.10.12 03:40:38 | 000,118,784 | ---- | M] () -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
MOD - [2003.09.12 16:35:06 | 000,086,016 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.31 13:16:04 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2011.05.25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007.06.15 16:55:00 | 000,300,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.05.24 17:32:14 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005.11.17 15:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.10.12 04:47:06 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004.10.12 03:40:38 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.04.20 14:50:22 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011.03.10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009.11.02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2008.11.24 22:12:58 | 000,108,768 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV08.sys -- (ACEDRV08)
DRV - [2008.04.13 20:45:34 | 000,011,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2003.11.06 12:04:24 | 000,068,320 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\Tpkd.sys -- (TPkd)
DRV - [2003.09.23 09:09:00 | 000,462,940 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2003.09.23 09:03:00 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxsens.sys -- (ALCXSENS)
DRV - [2003.09.12 16:43:04 | 000,611,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003.08.04 20:14:34 | 000,065,152 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003.07.02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2001.08.17 12:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase)
DRV - [2001.08.17 12:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sueddeutsche.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 7B D2 8E BF CA CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {445319FC-E9F6-404A-BC7D-60841BB195B2}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{445319FC-E9F6-404A-BC7D-60841BB195B2}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:de-DE:official"
FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.04.12 18:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\linkfilter@kaspersky.ru [2012.04.12 18:10:54 | 000,000,000 | ---D | M]
 
[2008.09.22 11:42:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\Mozilla\Extensions
[2005.01.12 22:23:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\Mozilla\Firefox\Profiles\f4wrgeii.default\extensions
[2008.12.01 13:05:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.01 22:42:08 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2009.03.03 16:27:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
 
O1 HOSTS File: ([2001.08.18 20:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2E608F70-C430-4BC5-96F6-608E02EBA5B2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ifgxpers.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Disk Monitor] C:\Programme\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe (Neodio Corp.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Programme\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NkvMon.exe.lnk = C:\Programme\Nikon\NkView6\NkvMon.exe (Nikon Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Siegfried\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: gestrip.com ([secure] http in Trusted sites)
O15 - HKLM\..Trusted Domains: randhi.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} hxxp://plug-in.reallusion.com/CrazyTalk.cab (Reg Error: Key error.)
O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} hxxp://www.kaspersky.com/downloads/misc/kasperskylicensefinder.cab (Kaspersky License Finder)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {33331111-1111-1111-1111-611111193423} hxxp://www.www2.p0rt2.com/files/777.cab (Reg Error: Key error.)
O16 - DPF: {33331111-1111-1111-1111-611111193429} hxxp://www.www2.p0rt2.com/files/_ipsec_.cab (Reg Error: Key error.)
O16 - DPF: {33331111-1111-1111-1111-615111193427} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {33331111-1131-1111-1111-611111193428} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {33331111-1234-1111-1111-615111193427} hxxp://www.www2.p0rt2.com/files/epl29bd.cab (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} hxxp://www.sonypictures.com/movies/casinoroyale/vividas/player/vivid_ocx.jpeg (Reg Error: Key error.)
O16 - DPF: {C3E3BB4F-269C-41A3-9F5F-A360E933CAD3} https://as.photoprintit.com/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C623FCD9-CECA-451A-8FF1-2F16D4117EA3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34546} - C:\WINDOWS\system32\vbsys2.dll File not found
O24 - Desktop Components:0 () - hxxp://www.freesoft-board.de/images/smilies/uglyhammer.gif
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c41b9f94-5bc5-11dd-b661-000d87ddc489}\Shell - "" = AutoRun
O33 - MountPoints2\{c41b9f94-5bc5-11dd-b661-000d87ddc489}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c41b9f94-5bc5-11dd-b661-000d87ddc489}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{d90c5f04-0975-11dc-b300-000d87ddc489}\Shell - "" = AutoRun
O33 - MountPoints2\{d90c5f04-0975-11dc-b300-000d87ddc489}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d90c5f04-0975-11dc-b300-000d87ddc489}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.21 17:44:08 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2013.01.21 17:35:33 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Siegfried\Recent
[2013.01.21 16:31:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Siegfried\Eigene Dateien\Programme Downloads
[2013.01.21 16:22:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Siegfried\Desktop\OTL.exe
[2013.01.21 16:08:26 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Siegfried\Eigene Dateien
[2013.01.21 16:05:41 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Siegfried\Eigene Dateien\Eigene Bilder
[2013.01.21 15:26:20 | 000,000,000 | -HSD | C] -- C:\FOUND.010
[2013.01.21 03:11:20 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.01.20 22:55:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Siegfried\Eigene Dateien\Freemake
[2013.01.20 22:43:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.20 22:40:03 | 000,000,000 | R--D | C] -- C:\Programme
[2013.01.20 22:31:42 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2013.01.20 20:23:31 | 000,000,000 | ---D | C] -- C:\MAGICDVDCOPY_TEMP
[2013.01.20 17:57:40 | 000,162,296 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\csrsss.exe
[2013.01.20 16:45:48 | 000,083,960 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ifgxpers.exe
[2013.01.06 03:02:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2013.01.06 03:02:25 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2013.01.06 03:02:20 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2013.01.04 12:20:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\DVDVideoSoftIEHelpers
[2013.01.04 12:03:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\DVDVideoSoft
[2013.01.04 11:49:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Siegfried\Eigene Dateien\DVDVideoSoft
[2012.05.31 14:34:58 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\pcouffin.sys
[2004.08.13 09:42:57 | 000,447,760 | ---- | C] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\DAO3032.DLL
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.22 10:36:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.22 10:34:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.22 10:34:44 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.21 17:58:08 | 000,210,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Siegfried\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.21 16:38:42 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Siegfried\defogger_reenable
[2013.01.21 16:22:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Siegfried\Desktop\OTL.exe
[2013.01.21 15:47:00 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\Defogger.exe
[2013.01.21 03:38:16 | 000,000,020 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLea.DAT
[2013.01.20 17:57:42 | 002,250,054 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1.bmp
[2013.01.20 17:57:26 | 000,465,655 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1.jpg
[2013.01.17 22:11:00 | 001,258,045 | ---- | M] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\Tenno 2013.pdf
[2013.01.14 13:27:14 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\Word.lnk
[2013.01.14 12:56:04 | 002,566,398 | ---- | M] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\C&A.pdf
[2013.01.10 00:32:06 | 000,495,594 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.10 00:32:06 | 000,475,556 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.10 00:32:06 | 000,091,756 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.10 00:32:06 | 000,076,590 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.10 00:17:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.01.08 10:13:34 | 000,488,227 | ---- | M] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\Viskositaetsbereiche Motoroel.pdf
[2013.01.08 00:38:26 | 000,052,410 | ---- | M] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\rrraarrrrrrrrrrr.jpg
[2013.01.08 00:37:58 | 000,184,720 | ---- | M] () -- C:\Dokumente und Einstellungen\Siegfried\Eigene Dateien\Safe bus.jpg
[2013.01.06 11:41:58 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.01 02:24:32 | 000,311,653 | ---- | M] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\VöKuMu.jpg
[2012.12.29 23:29:22 | 000,072,159 | ---- | M] () -- C:\Dokumente und Einstellungen\Siegfried\Eigene Dateien\2013.jpg
[2012.12.29 23:14:06 | 000,086,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\2013.jpg
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.21 16:38:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\defogger_reenable
[2013.01.21 15:47:00 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\Defogger.exe
[2013.01.20 17:57:39 | 002,250,054 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1.bmp
[2013.01.20 17:57:16 | 000,465,655 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1.jpg
[2013.01.17 22:10:58 | 001,258,045 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\Tenno 2013.pdf
[2013.01.14 12:56:02 | 002,566,398 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\C&A.pdf
[2013.01.08 13:23:59 | 000,311,653 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\VöKuMu.jpg
[2013.01.08 10:13:27 | 000,488,227 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\Viskositaetsbereiche Motoroel.pdf
[2013.01.08 00:40:18 | 000,052,410 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\rrraarrrrrrrrrrr.jpg
[2013.01.08 00:37:54 | 000,184,720 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Eigene Dateien\Safe bus.jpg
[2012.12.29 23:28:58 | 000,072,159 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Eigene Dateien\2013.jpg
[2012.12.29 23:13:36 | 000,086,906 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Desktop\2013.jpg
[2012.05.31 14:34:58 | 000,087,608 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\inst.exe
[2012.05.31 14:34:58 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\pcouffin.cat
[2012.05.31 14:34:58 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\pcouffin.inf
[2012.05.31 11:43:05 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2012.05.13 09:13:42 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2012.04.12 18:20:10 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2012.02.15 14:19:29 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.21 16:20:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX2.INI
[2011.11.08 20:30:12 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cocoa
[2011.11.08 20:30:12 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLes.DAT
[2011.11.08 20:27:03 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ColorSync
[2011.11.08 20:27:03 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLev.DAT
[2011.11.08 20:27:00 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Clips
[2011.11.08 20:27:00 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLet.DAT
[2011.07.08 21:57:16 | 000,047,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2011.03.01 22:41:53 | 000,116,189 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011.03.01 22:41:53 | 000,098,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2010.12.05 01:17:33 | 000,486,130 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2038945071-670792205-3813086739-1005-0.dat
[2010.12.05 01:17:27 | 000,243,514 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2010.05.11 10:11:06 | 000,002,045 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\whlb32g.dll
[2006.01.21 13:46:09 | 000,001,778 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2005.05.15 14:32:20 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLea.DAT
[2004.10.28 12:56:13 | 000,213,706 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\.fonts.cache-1
[2004.08.13 09:42:57 | 000,048,770 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\dao2532.tlb
[2004.08.02 14:36:30 | 000,210,432 | ---- | C] () -- C:\Dokumente und Einstellungen\Siegfried\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2013.01.04 12:07:08 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2011.06.21 20:18:34 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2004.12.30 08:18:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PACE Anti-Piracy
[2005.05.15 14:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp
[2005.05.15 14:32:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15
[2005.07.13 14:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2007.05.18 18:35:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations
[2007.10.11 18:04:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2007.12.01 18:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2007.12.01 18:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.08.20 11:20:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.12.14 14:17:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith
[2011.07.08 21:28:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.11.08 20:27:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sounds
[2011.11.08 20:27:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\String Comparison
[2011.11.08 20:30:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sports
[2011.11.09 09:13:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon
[2012.01.28 21:14:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2012.05.31 14:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk
[2012.06.26 11:59:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Freemake
[2004.07.30 21:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\Nikon
[2004.11.27 20:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\Aladdin Systems
[2005.07.13 14:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\T-Online
[2006.05.23 14:39:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\cPicture
[2007.05.18 18:36:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\PC Suite
[2007.05.18 18:39:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\Nokia
[2007.05.18 18:40:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\DataLayer
[2008.04.29 07:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\HERMA
[2008.10.29 11:34:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\FileZilla
[2009.08.20 11:27:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\MAGIX
[2009.10.01 17:44:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\Docx2Rtf
[2009.10.01 17:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\NwDocx
[2010.12.05 00:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\Orbit
[2010.12.05 00:11:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\ProgSense
[2011.03.01 22:03:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\Titanium
[2011.10.14 20:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\Duhu
[2012.01.28 21:16:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\elsterformular
[2012.05.31 14:12:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\Xilisoft
[2012.05.31 14:35:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\Vso
[2012.06.12 20:25:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\OpenOffice.org
[2013.01.04 12:03:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\DVDVideoSoft
[2013.01.04 12:20:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\DVDVideoSoftIEHelpers
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

--- --- ---

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 22.01.2013 11:19:40 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Siegfried\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511,48 Mb Total Physical Memory | 227,63 Mb Available Physical Memory | 44,50% Memory free
1,21 Gb Paging File | 0,99 Gb Available in Paging File | 81,70% Paging File free
Paging file location(s): C:\pagefile.sys 766 766 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,76 Gb Total Space | 29,25 Gb Free Space | 26,17% Space Free | Partition Type: FAT32
 
Computer Name: OEM-245ONO5QR3Y | User Name: Siegfried | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Porta.MakeAlbum] -- "C:\Programme\Porta\Porta.exe" "%1" ()
Directory [Search Archives...] -- "C:\Programme\Aladdin Systems\StuffIt 7.0.2\ArchiveSearch\archivesearch.exe" -dir "%L" (Aladdin Systems)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Siegfried\Lokale Einstellungen\Temp\.ttF.tmp" = C:\Dokumente und Einstellungen\Siegfried\Lokale Einstellungen\Temp\.ttF.tmp:*:Enabled:enable
"C:\WINDOWS\system32\sysrest32.exe" = C:\WINDOWS\system32\sysrest32.exe:*:Enabled:enable
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21DDC579-834B-4C14-8122-853994FA2214}" = NikonCapture
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{8283FCCD-AC71-4DC1-A81E-4F244FBBE11D}" = T-Online 5.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C4F56A2-03D5-441B-B911-EC2604622D58}" = FormsForWeb® Filler
"{91130407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49486AB-DE0B-4DA6-9C9B-E9DCD4BED263}" = StuffIt 7.0.2
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD &  DVD-Maker
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"ElsterFormular" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.1.3.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Generic USB Card Reader Driver" = Generic USB Card Reader Driver v1.9e3
"ie8" = Windows Internet Explorer 8
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker 6.5 Gold 
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"Magic DVD Copier_is1" = Magic DVD Copier Version 5.0.0
"MAGIX Xtreme Web Designer 5 D" = MAGIX Xtreme Web Designer 5 5.0.1.8242 (D)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Porta" = Porta
"RealPlayer 6.0" = RealPlayer
"Riva FLV Player_is1" = Riva FLV Player
"ST6UNST #1" = Herma Etiketten Assistent 3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.4a
"VTDisplay" = S3 S3Display
"VTGamma2" = S3 S3Gamma2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows SR 2.0" = Windows SR 2.0
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21.01.2013 15:12:16 | Computer Name = OEM-245ONO5QR3Y | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 10.0.0.3646, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 21.01.2013 15:12:20 | Computer Name = OEM-245ONO5QR3Y | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 10.0.0.3646, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 21.01.2013 15:12:27 | Computer Name = OEM-245ONO5QR3Y | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x028dfbf0.
 
Error - 21.01.2013 17:54:52 | Computer Name = OEM-245ONO5QR3Y | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x027b61c0.
 
[ Application Events ]
Error - 21.01.2013 15:12:16 | Computer Name = OEM-245ONO5QR3Y | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 10.0.0.3646, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 21.01.2013 15:12:20 | Computer Name = OEM-245ONO5QR3Y | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung wmplayer.exe, Version 10.0.0.3646, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 21.01.2013 15:12:27 | Computer Name = OEM-245ONO5QR3Y | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x028dfbf0.
 
Error - 21.01.2013 17:54:52 | Computer Name = OEM-245ONO5QR3Y | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x027b61c0.
 
[ System Events ]
Error - 21.01.2013 15:10:29 | Computer Name = OEM-245ONO5QR3Y | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 21.01.2013 15:10:30 | Computer Name = OEM-245ONO5QR3Y | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 21.01.2013 15:10:31 | Computer Name = OEM-245ONO5QR3Y | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 21.01.2013 15:10:32 | Computer Name = OEM-245ONO5QR3Y | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 21.01.2013 15:10:32 | Computer Name = OEM-245ONO5QR3Y | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 21.01.2013 15:10:33 | Computer Name = OEM-245ONO5QR3Y | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 21.01.2013 15:10:34 | Computer Name = OEM-245ONO5QR3Y | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 21.01.2013 15:10:35 | Computer Name = OEM-245ONO5QR3Y | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 21.01.2013 15:10:36 | Computer Name = OEM-245ONO5QR3Y | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 21.01.2013 15:10:37 | Computer Name = OEM-245ONO5QR3Y | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
 
< End of report >

--- --- ---

GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-22 11:50:45
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BB-00DWA0 rev.15.05R15 111.79GB
Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\SIEGFR~1\LOKALE~1\Temp\pwayqpog.sys

---- System - GMER 2.0 ----

SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB2774FBA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB27758B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB278EAEE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB2775E26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB2775D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB278EE06]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcess [0xB2776056]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateProcessEx [0xB277621E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB2774D76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB2775F3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB2790110]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB27755E6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB278EECE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB277653C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB2789084]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB278A88E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB27758F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB277753C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB278A088]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB278AA38]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB277662E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB2789BC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB2789E1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB2790130]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB278D30A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB2775EB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB2775DA0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB27751F4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB277697E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB2775FD0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB27750E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwPlugPlayControl [0xB2790120]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB2788EB8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB278A698]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryObject [0xB278D500]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB2776EC0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB278A488]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB27767CE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB2789198]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB278980C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB278F048]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB278EF96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB278F0B4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB2789A14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB27773DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB278933E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKeyEx [0xB27894D4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveMergedKeys [0xB2789670]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB278EC76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB2775756]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB27763E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB2777010]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB278A248]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB2777104]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB277723E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB277645E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB2775392]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB27752EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB2776D78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB277547C]

Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 2.0 ----

.text ntoskrnl.exe!_abnormal_termination + C8 804E2734 4 Bytes [EE, EA, 78, B2]
.text ntoskrnl.exe!_abnormal_termination + 104 804E2770 12 Bytes [06, EE, 78, B2, 56, 60, 77, ...] {PUSH ES; OUT DX, AL; JS 0xffffffb6; PUSH ESI; PUSHA ; JA 0xffffffba; PUSH DS; BOUND ESI, [EDI-0x4e]}
.text ntoskrnl.exe!_abnormal_termination + 114 804E2780 16 Bytes [76, 4D, 77, B2, 3E, 5F, 77, ...] {JBE 0x4f; JA 0xffffffb6; POP EDI; JA 0xffffffba; ADC [ECX], AL; JNS 0xffffffbe; OUT 0x55, AL; JA 0xffffffc2}
.text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 12 Bytes [2E, 66, 77, B2, C0, 9B, 78, ...]
.text ntoskrnl.exe!_abnormal_termination + 24C 804E28B8 4 Bytes CALL A700A00D
.text ...
.text ntoskrnl.exe!IoIsOperationSynchronous 804E876A 5 Bytes JMP B2767DCC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 805129A1 5 Bytes JMP B27679F0 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF7D51870]
.text C:\WINDOWS\system32\drivers\ACEDRV08.sys section is writeable [0xB237D000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV08.sys entry point in ".pklstb" section [0xB23C1000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV08.sys unknown last section [0xB23DD000, 0x8E, 0x42000040]

---- User code sections - GMER 2.0 ----

? C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1364] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1364] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6AC91765 C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1364] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1364] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67]
? C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1980] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1980] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6AC91765 C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
? C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1980] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe[1980] USER32.dll!AlignRects 7E362A78 4 Bytes [E0, 13, 54, 67]

---- Registry - GMER 2.0 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-0423-8486-84d4fa634c9f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-0423-8486-84d4fa634c9f}\InprocServer32@Class 0x71 0xF5 0x57 0xD3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-0423-8486-84d4fa634c9f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-0423-8486-84d4fa634c9f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1fe8-62df-01f8fa634c9f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1fe8-62df-01f8fa634c9f}\InprocServer32@Class 0xE5 0x1B 0x23 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1fe8-62df-01f8fa634c9f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1fe8-62df-01f8fa634c9f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3674-838b-f220fa634c9f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3674-838b-f220fa634c9f}\InprocServer32@Class 0x9F 0x55 0x06 0x0E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3674-838b-f220fa634c9f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3674-838b-f220fa634c9f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4f09-41e0-d085fa634c9f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4f09-41e0-d085fa634c9f}\InprocServer32@Class 0x0D 0x49 0xEA 0x39 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4f09-41e0-d085fa634c9f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4f09-41e0-d085fa634c9f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-83c3-f1d5-9f6ffa634c9f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-83c3-f1d5-9f6ffa634c9f}\InprocServer32@Class 0x10 0x34 0x19 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-83c3-f1d5-9f6ffa634c9f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-83c3-f1d5-9f6ffa634c9f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9c52-8628-96f9fa634c9f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9c52-8628-96f9fa634c9f}\InprocServer32@Class 0x51 0x4C 0x04 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9c52-8628-96f9fa634c9f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-9c52-8628-96f9fa634c9f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-eed0-4588-d511fa634c9f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-eed0-4588-d511fa634c9f}\InprocServer32@Class 0x10 0x7C 0xB0 0xD9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-eed0-4588-d511fa634c9f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-eed0-4588-d511fa634c9f}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL

---- EOF - GMER 2.0 ----

markusg · 23.01.2013, 13:08

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
[2013.01.20 17:57:40 | 000,162,296 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Siegfried\Anwendungsdaten\csrsss.exe
[2013.01.20 16:45:48 | 000,083,960 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ifgxpers.exe
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Drücke bitte die

+ E Taste.

Öffne dein Systemlaufwerk ( meistens C: )
Suche nun
folgenden Ordner: _OTL und öffne diesen.
Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner
Dies wird eine Movedfiles.zip Datei in _OTL erstellen
Lade diese bitte in unseren Uploadchannel
hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )

Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus

Siegfried01 · 23.01.2013, 21:32

Hallo, Markus !
Hab ich gemacht, hat geklappt.

Datei: MovedFiles.zip_1 hochgeladen
"Vorgang erfolgreich abgeschlossen."

markusg · 23.01.2013, 23:28

sehr gut, danke
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

Siegfried01 · 24.01.2013, 20:53

Danke ebenso.
Und hier das TDSSKiller log file:

20:44:38.0812 3868 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:44:38.0906 3868 ============================================================
20:44:38.0906 3868 Current date / time: 2013/01/24 20:44:38.0906
20:44:38.0906 3868 SystemInfo:
20:44:38.0906 3868
20:44:38.0906 3868 OS Version: 5.1.2600 ServicePack: 3.0
20:44:38.0906 3868 Product type: Workstation
20:44:38.0906 3868 ComputerName: OEM-245ONO5QR3Y
20:44:38.0906 3868 UserName: Siegfried
20:44:38.0906 3868 Windows directory: C:\WINDOWS
20:44:38.0906 3868 System windows directory: C:\WINDOWS
20:44:38.0906 3868 Processor architecture: Intel x86
20:44:38.0906 3868 Number of processors: 1
20:44:38.0906 3868 Page size: 0x1000
20:44:38.0906 3868 Boot type: Normal boot
20:44:38.0906 3868 ============================================================
20:44:40.0375 3868 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:44:40.0468 3868 Drive \Device\Harddisk5\DR10 - Size: 0xF4FFE00 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:44:40.0468 3868 ============================================================
20:44:40.0468 3868 \Device\Harddisk0\DR0:
20:44:40.0468 3868 MBR partitions:
20:44:40.0468 3868 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0xDF93782
20:44:40.0468 3868 \Device\Harddisk5\DR10:
20:44:40.0468 3868 MBR partitions:
20:44:40.0468 3868 \Device\Harddisk5\DR10\Partition1: MBR, Type 0xB, StartLBA 0x63, BlocksNum 0x7A59D
20:44:40.0468 3868 ============================================================
20:44:40.0468 3868 C: <-> \Device\Harddisk0\DR0\Partition1
20:44:40.0468 3868 ============================================================
20:44:40.0468 3868 Initialize success
20:44:40.0468 3868 ============================================================
20:46:04.0312 3948 ============================================================
20:46:04.0312 3948 Scan started
20:46:04.0312 3948 Mode: Manual; SigCheck; TDLFS;
20:46:04.0312 3948 ============================================================
20:46:04.0531 3948 ================ Scan system memory ========================
20:46:04.0531 3948 System memory - ok
20:46:04.0546 3948 ================ Scan services =============================
20:46:04.0718 3948 Abiosdsk - ok
20:46:04.0734 3948 abp480n5 - ok
20:46:04.0796 3948 [ DA06D89CDFDD0D24DE75165CF6D4270B ] ACEDRV08 C:\WINDOWS\system32\drivers\ACEDRV08.sys
20:46:05.0171 3948 ACEDRV08 - ok
20:46:05.0250 3948 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:46:07.0312 3948 ACPI - ok
20:46:07.0359 3948 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
20:46:07.0593 3948 ACPIEC - ok
20:46:07.0718 3948 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
20:46:07.0750 3948 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
20:46:07.0750 3948 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
20:46:07.0890 3948 [ 0F6D872FD048D437DCBF5C1A80194886 ] AdobeActiveFileMonitor C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
20:46:07.0921 3948 AdobeActiveFileMonitor ( UnsignedFile.Multi.Generic ) - warning
20:46:07.0921 3948 AdobeActiveFileMonitor - detected UnsignedFile.Multi.Generic (1)
20:46:07.0937 3948 adpu160m - ok
20:46:08.0000 3948 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
20:46:08.0234 3948 aec - ok
20:46:08.0265 3948 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
20:46:08.0359 3948 AFD - ok
20:46:08.0390 3948 Aha154x - ok
20:46:08.0421 3948 aic78u2 - ok
20:46:08.0437 3948 aic78xx - ok
20:46:08.0500 3948 [ A9355A51698F6901B362EF738B15631D ] ALCXSENS C:\WINDOWS\system32\drivers\ALCXSENS.SYS
20:46:08.0656 3948 ALCXSENS - ok
20:46:08.0718 3948 [ CD86A348FC4016842DBD5AC7398FB48D ] ALCXWDM C:\WINDOWS\system32\drivers\ALCXWDM.SYS
20:46:08.0843 3948 ALCXWDM - ok
20:46:08.0984 3948 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
20:46:09.0171 3948 Alerter - ok
20:46:09.0218 3948 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
20:46:09.0312 3948 ALG - ok
20:46:09.0328 3948 AliIde - ok
20:46:09.0359 3948 [ 3A0DAFAC778236559C14C7203FB550EB ] AmdK7 C:\WINDOWS\system32\DRIVERS\amdk7.sys
20:46:09.0546 3948 AmdK7 - ok
20:46:09.0562 3948 amsint - ok
20:46:09.0687 3948 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:46:09.0703 3948 Apple Mobile Device - ok
20:46:09.0781 3948 AppMgmt - ok
20:46:09.0828 3948 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:46:10.0078 3948 Arp1394 - ok
20:46:10.0109 3948 asc - ok
20:46:10.0125 3948 asc3350p - ok
20:46:10.0156 3948 asc3550 - ok
20:46:10.0312 3948 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:46:10.0343 3948 aspnet_state - ok
20:46:10.0390 3948 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:46:10.0640 3948 AsyncMac - ok
20:46:10.0671 3948 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
20:46:10.0906 3948 atapi - ok
20:46:10.0921 3948 Atdisk - ok
20:46:11.0031 3948 [ C8A62F6C8040A06423844464EDBB9703 ] Ati HotKey Poller C:\WINDOWS\System32\Ati2evxx.exe
20:46:11.0140 3948 Ati HotKey Poller - ok
20:46:11.0312 3948 [ 398463076210BE7686893EEEC687A233 ] ATI Smart C:\WINDOWS\system32\ati2sgag.exe
20:46:11.0343 3948 ATI Smart ( UnsignedFile.Multi.Generic ) - warning
20:46:11.0343 3948 ATI Smart - detected UnsignedFile.Multi.Generic (1)
20:46:12.0093 3948 [ 09888385F5D06D327EA99D32B0783DE7 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:46:12.0359 3948 ati2mtag - ok
20:46:12.0437 3948 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:46:12.0703 3948 Atmarpc - ok
20:46:12.0796 3948 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
20:46:13.0046 3948 AudioSrv - ok
20:46:13.0078 3948 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
20:46:13.0328 3948 audstub - ok
20:46:13.0375 3948 [ C997AF59C54D69232FB7BBEA4DAD86E2 ] AVMWAN C:\WINDOWS\system32\DRIVERS\avmwan.sys
20:46:13.0656 3948 AVMWAN - ok
20:46:13.0765 3948 AVP - ok
20:46:13.0812 3948 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
20:46:14.0109 3948 Beep - ok
20:46:14.0187 3948 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
20:46:14.0437 3948 BITS - ok
20:46:14.0515 3948 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
20:46:14.0562 3948 Bonjour Service - ok
20:46:14.0640 3948 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
20:46:14.0734 3948 Browser - ok
20:46:14.0796 3948 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
20:46:15.0062 3948 cbidf2k - ok
20:46:15.0093 3948 cd20xrnt - ok
20:46:15.0125 3948 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
20:46:15.0359 3948 Cdaudio - ok
20:46:15.0390 3948 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
20:46:15.0671 3948 Cdfs - ok
20:46:15.0718 3948 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:46:16.0000 3948 Cdrom - ok
20:46:16.0031 3948 Changer - ok
20:46:16.0109 3948 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
20:46:16.0343 3948 CiSvc - ok
20:46:16.0406 3948 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
20:46:16.0656 3948 ClipSrv - ok
20:46:16.0921 3948 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:46:16.0953 3948 clr_optimization_v2.0.50727_32 - ok
20:46:17.0031 3948 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:46:17.0062 3948 clr_optimization_v4.0.30319_32 - ok
20:46:17.0093 3948 CmdIde - ok
20:46:17.0156 3948 COMSysApp - ok
20:46:17.0203 3948 Cpqarray - ok
20:46:17.0296 3948 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
20:46:17.0515 3948 CryptSvc - ok
20:46:17.0546 3948 dac2w2k - ok
20:46:17.0562 3948 dac960nt - ok
20:46:17.0671 3948 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
20:46:17.0765 3948 DcomLaunch - ok
20:46:17.0828 3948 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
20:46:18.0078 3948 Dhcp - ok
20:46:18.0109 3948 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
20:46:18.0343 3948 Disk - ok
20:46:18.0406 3948 dmadmin - ok
20:46:18.0500 3948 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
20:46:18.0750 3948 dmboot - ok
20:46:18.0781 3948 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
20:46:19.0015 3948 dmio - ok
20:46:19.0046 3948 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
20:46:19.0265 3948 dmload - ok
20:46:19.0312 3948 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
20:46:19.0531 3948 dmserver - ok
20:46:19.0562 3948 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
20:46:19.0828 3948 DMusic - ok
20:46:19.0875 3948 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
20:46:19.0953 3948 Dnscache - ok
20:46:20.0046 3948 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
20:46:20.0296 3948 Dot3svc - ok
20:46:20.0359 3948 [ 3E4B043F8BC6BE1D4820CC6C9C500306 ] Dot4 C:\WINDOWS\system32\DRIVERS\Dot4.sys
20:46:20.0609 3948 Dot4 - ok
20:46:20.0640 3948 [ 77CE63A8A34AE23D9FE4C7896D1DEBE7 ] Dot4Print C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
20:46:20.0875 3948 Dot4Print - ok
20:46:20.0890 3948 dpti2o - ok
20:46:20.0921 3948 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
20:46:21.0140 3948 drmkaud - ok
20:46:21.0234 3948 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
20:46:21.0531 3948 EapHost - ok
20:46:21.0593 3948 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
20:46:21.0812 3948 ERSvc - ok
20:46:22.0156 3948 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
20:46:22.0203 3948 Eventlog - ok
20:46:22.0281 3948 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\System32\es.dll
20:46:22.0359 3948 EventSystem - ok
20:46:22.0406 3948 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
20:46:22.0656 3948 Fastfat - ok
20:46:22.0718 3948 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:46:22.0812 3948 FastUserSwitchingCompatibility - ok
20:46:22.0843 3948 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
20:46:23.0046 3948 Fdc - ok
20:46:23.0078 3948 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
20:46:23.0296 3948 Fips - ok
20:46:23.0687 3948 [ 167D24A045499EBEF438F231976158DF ] FirebirdServerMAGIXInstance C:\Programme\MAGIX\Common\Database\bin\fbserver.exe
20:46:23.0953 3948 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
20:46:23.0953 3948 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
20:46:23.0984 3948 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:46:24.0218 3948 Flpydisk - ok
20:46:24.0250 3948 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
20:46:24.0500 3948 FltMgr - ok
20:46:24.0625 3948 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:46:24.0656 3948 FontCache3.0.0.0 - ok
20:46:24.0703 3948 [ 45B5129AEAE91EA096A9BBEBFF99E098 ] fpcibase C:\WINDOWS\system32\DRIVERS\fpcibase.sys
20:46:24.0921 3948 fpcibase - ok
20:46:24.0937 3948 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:46:25.0171 3948 Fs_Rec - ok
20:46:25.0203 3948 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:46:25.0406 3948 Ftdisk - ok
20:46:25.0437 3948 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:46:25.0453 3948 GEARAspiWDM - ok
20:46:25.0484 3948 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:46:25.0703 3948 Gpc - ok
20:46:25.0812 3948 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:46:26.0046 3948 helpsvc - ok
20:46:26.0140 3948 HidServ - ok
20:46:26.0218 3948 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
20:46:26.0421 3948 hkmsvc - ok
20:46:26.0437 3948 hpn - ok
20:46:26.0515 3948 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
20:46:26.0578 3948 HTTP - ok
20:46:26.0671 3948 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
20:46:26.0875 3948 HTTPFilter - ok
20:46:26.0890 3948 i2omgmt - ok
20:46:26.0906 3948 i2omp - ok
20:46:26.0937 3948 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:46:27.0187 3948 i8042prt - ok
20:46:27.0343 3948 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:46:27.0421 3948 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:46:27.0421 3948 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:46:27.0515 3948 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:46:27.0593 3948 idsvc - ok
20:46:27.0625 3948 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
20:46:27.0796 3948 Imapi - ok
20:46:27.0875 3948 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\System32\imapi.exe
20:46:28.0109 3948 ImapiService - ok
20:46:28.0140 3948 ini910u - ok
20:46:28.0187 3948 IntelIde - ok
20:46:28.0250 3948 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
20:46:28.0437 3948 Ip6Fw - ok
20:46:28.0500 3948 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:46:28.0734 3948 IpFilterDriver - ok
20:46:28.0765 3948 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:46:28.0921 3948 IpInIp - ok
20:46:28.0968 3948 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:46:29.0156 3948 IpNat - ok
20:46:29.0250 3948 [ B84A28B3984185EDA8867541AF14CDDB ] iPod Service C:\Programme\iPod\bin\iPodService.exe
20:46:29.0328 3948 iPod Service - ok
20:46:29.0359 3948 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:46:29.0562 3948 IPSec - ok
20:46:29.0625 3948 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
20:46:29.0703 3948 IRENUM - ok
20:46:29.0765 3948 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:46:29.0984 3948 isapnp - ok
20:46:30.0125 3948 [ 890369AED0DDE1A98F09F7DC239CA2BD ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
20:46:30.0156 3948 JavaQuickStarterService - ok
20:46:30.0203 3948 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:46:30.0390 3948 Kbdclass - ok
20:46:30.0453 3948 [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys
20:46:30.0468 3948 kl1 - ok
20:46:30.0500 3948 [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2 C:\WINDOWS\system32\DRIVERS\kl2.sys
20:46:30.0515 3948 kl2 - ok
20:46:30.0562 3948 [ 5D92A03045A6A98708975B3D77B39A36 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
20:46:30.0625 3948 KLIF - ok
20:46:30.0656 3948 [ 96A7EC308A93DA26DFE481308BAAC2A2 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
20:46:30.0687 3948 klim5 - ok
20:46:30.0734 3948 [ 3959530F69E19DA56F1F24F2C89F1E2C ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
20:46:30.0750 3948 klmouflt - ok
20:46:30.0796 3948 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
20:46:30.0968 3948 kmixer - ok
20:46:31.0000 3948 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
20:46:31.0062 3948 KSecDD - ok
20:46:31.0187 3948 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
20:46:31.0250 3948 lanmanserver - ok
20:46:31.0296 3948 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:46:31.0375 3948 lanmanworkstation - ok
20:46:31.0390 3948 lbrtfdc - ok
20:46:31.0500 3948 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
20:46:31.0656 3948 LmHosts - ok
20:46:31.0812 3948 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
20:46:31.0828 3948 MDM - ok
20:46:31.0921 3948 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
20:46:32.0109 3948 Messenger - ok
20:46:32.0125 3948 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
20:46:32.0296 3948 mnmdd - ok
20:46:32.0328 3948 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
20:46:32.0500 3948 mnmsrvc - ok
20:46:32.0531 3948 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
20:46:32.0687 3948 Modem - ok
20:46:32.0734 3948 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:46:32.0906 3948 Mouclass - ok
20:46:32.0937 3948 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
20:46:33.0109 3948 MountMgr - ok
20:46:33.0125 3948 mraid35x - ok
20:46:33.0156 3948 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:46:33.0328 3948 MRxDAV - ok
20:46:33.0375 3948 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:46:33.0453 3948 MRxSmb - ok
20:46:33.0531 3948 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\System32\msdtc.exe
20:46:33.0671 3948 MSDTC - ok
20:46:33.0734 3948 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
20:46:33.0906 3948 Msfs - ok
20:46:33.0968 3948 MSIServer - ok
20:46:34.0015 3948 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:46:34.0171 3948 MSKSSRV - ok
20:46:34.0187 3948 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:46:34.0359 3948 MSPCLOCK - ok
20:46:34.0390 3948 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
20:46:34.0546 3948 MSPQM - ok
20:46:34.0593 3948 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:46:34.0750 3948 mssmbios - ok
20:46:34.0796 3948 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
20:46:34.0843 3948 Mup - ok
20:46:34.0953 3948 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
20:46:35.0125 3948 napagent - ok
20:46:35.0171 3948 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
20:46:35.0343 3948 NDIS - ok
20:46:35.0390 3948 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:46:35.0468 3948 NdisTapi - ok
20:46:35.0515 3948 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:46:35.0656 3948 Ndisuio - ok
20:46:35.0687 3948 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:46:35.0859 3948 NdisWan - ok
20:46:35.0890 3948 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
20:46:35.0937 3948 NDProxy - ok
20:46:35.0984 3948 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
20:46:36.0140 3948 NetBIOS - ok
20:46:36.0187 3948 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
20:46:36.0359 3948 NetBT - ok
20:46:36.0437 3948 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
20:46:36.0625 3948 NetDDE - ok
20:46:36.0625 3948 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
20:46:36.0796 3948 NetDDEdsdm - ok
20:46:36.0843 3948 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\System32\lsass.exe
20:46:37.0015 3948 Netlogon - ok
20:46:37.0078 3948 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
20:46:37.0250 3948 Netman - ok
20:46:37.0390 3948 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:46:37.0421 3948 NetTcpPortSharing - ok
20:46:37.0453 3948 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:46:37.0625 3948 NIC1394 - ok
20:46:37.0703 3948 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
20:46:37.0765 3948 Nla - ok
20:46:37.0796 3948 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
20:46:37.0921 3948 Npfs - ok
20:46:37.0984 3948 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
20:46:38.0171 3948 Ntfs - ok
20:46:38.0218 3948 [ 15A72D5B8F0B6A718207F14BD5EBB8FF ] NTIDrvr C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
20:46:38.0234 3948 NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
20:46:38.0234 3948 NTIDrvr - detected UnsignedFile.Multi.Generic (1)
20:46:38.0265 3948 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\System32\lsass.exe
20:46:38.0406 3948 NtLmSsp - ok
20:46:38.0562 3948 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
20:46:38.0765 3948 NtmsSvc - ok
20:46:38.0812 3948 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
20:46:38.0953 3948 Null - ok
20:46:39.0015 3948 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:46:39.0156 3948 NwlnkFlt - ok
20:46:39.0171 3948 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:46:39.0328 3948 NwlnkFwd - ok
20:46:39.0359 3948 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:46:39.0531 3948 ohci1394 - ok
20:46:39.0656 3948 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
20:46:39.0687 3948 ose - ok
20:46:39.0718 3948 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
20:46:39.0906 3948 Parport - ok
20:46:39.0937 3948 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
20:46:40.0109 3948 PartMgr - ok
20:46:40.0156 3948 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
20:46:40.0312 3948 ParVdm - ok
20:46:40.0343 3948 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
20:46:40.0500 3948 PCI - ok
20:46:40.0546 3948 PCIDump - ok
20:46:40.0562 3948 PCIIde - ok
20:46:40.0609 3948 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
20:46:40.0781 3948 Pcmcia - ok
20:46:40.0796 3948 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
20:46:40.0828 3948 pcouffin ( UnsignedFile.Multi.Generic ) - warning
20:46:40.0828 3948 pcouffin - detected UnsignedFile.Multi.Generic (1)
20:46:40.0859 3948 PDCOMP - ok
20:46:40.0890 3948 PDFRAME - ok
20:46:40.0906 3948 PDRELI - ok
20:46:40.0937 3948 PDRFRAME - ok
20:46:40.0968 3948 perc2 - ok
20:46:40.0984 3948 perc2hib - ok
20:46:41.0171 3948 [ E0297D369962F00E52BBACE14A554DF5 ] PhotoshopElementsDeviceConnect C:\Programme\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
20:46:41.0203 3948 PhotoshopElementsDeviceConnect ( UnsignedFile.Multi.Generic ) - warning
20:46:41.0203 3948 PhotoshopElementsDeviceConnect - detected UnsignedFile.Multi.Generic (1)
20:46:41.0250 3948 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
20:46:41.0296 3948 PlugPlay - ok
20:46:41.0312 3948 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\System32\lsass.exe
20:46:41.0468 3948 PolicyAgent - ok
20:46:41.0500 3948 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:46:41.0671 3948 PptpMiniport - ok
20:46:41.0703 3948 [ 2CB55427C58679F49AD600FCCBA76360 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
20:46:41.0875 3948 Processor - ok
20:46:41.0906 3948 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:46:42.0046 3948 ProtectedStorage - ok
20:46:42.0062 3948 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
20:46:42.0234 3948 PSched - ok
20:46:42.0250 3948 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:46:42.0406 3948 Ptilink - ok
20:46:42.0453 3948 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:46:42.0468 3948 PxHelp20 - ok
20:46:42.0484 3948 ql1080 - ok
20:46:42.0515 3948 Ql10wnt - ok
20:46:42.0546 3948 ql12160 - ok
20:46:42.0562 3948 ql1240 - ok
20:46:42.0578 3948 ql1280 - ok
20:46:42.0609 3948 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:46:42.0765 3948 RasAcd - ok
20:46:42.0921 3948 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
20:46:43.0109 3948 RasAuto - ok
20:46:43.0187 3948 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:46:43.0343 3948 Rasl2tp - ok
20:46:43.0546 3948 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
20:46:43.0734 3948 RasMan - ok
20:46:43.0796 3948 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:46:43.0968 3948 RasPppoe - ok
20:46:44.0062 3948 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
20:46:44.0218 3948 Raspti - ok
20:46:44.0390 3948 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:46:44.0546 3948 Rdbss - ok
20:46:44.0625 3948 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:46:44.0765 3948 RDPCDD - ok
20:46:44.0968 3948 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
20:46:45.0062 3948 RDPWD - ok
20:46:45.0171 3948 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
20:46:45.0328 3948 RDSessMgr - ok
20:46:45.0375 3948 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
20:46:45.0531 3948 redbook - ok
20:46:45.0625 3948 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
20:46:45.0796 3948 RemoteAccess - ok
20:46:45.0859 3948 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\System32\locator.exe
20:46:46.0031 3948 RpcLocator - ok
20:46:46.0140 3948 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
20:46:46.0203 3948 RpcSs - ok
20:46:46.0281 3948 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\System32\rsvp.exe
20:46:46.0453 3948 RSVP - ok
20:46:46.0484 3948 [ 8B0B3474A8DA1AB41050637CF34C0959 ] RTL8023 C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys
20:46:46.0531 3948 RTL8023 - ok
20:46:46.0562 3948 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
20:46:46.0703 3948 SamSs - ok
20:46:46.0750 3948 [ B244960E5A1DB8E9D5D17086DE37C1E4 ] sbp2port C:\WINDOWS\system32\DRIVERS\sbp2port.sys
20:46:46.0906 3948 sbp2port - ok
20:46:46.0953 3948 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
20:46:47.0109 3948 SCardSvr - ok
20:46:47.0218 3948 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
20:46:47.0375 3948 Schedule - ok
20:46:47.0453 3948 [ 089870DAB7AA277585C475AE09EE4C63 ] scsiscan C:\WINDOWS\system32\DRIVERS\scsiscan.sys
20:46:47.0593 3948 scsiscan - ok
20:46:47.0656 3948 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:46:47.0734 3948 Secdrv - ok
20:46:47.0812 3948 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
20:46:47.0984 3948 seclogon - ok
20:46:48.0078 3948 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
20:46:48.0250 3948 SENS - ok
20:46:48.0296 3948 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
20:46:48.0453 3948 serenum - ok
20:46:48.0484 3948 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
20:46:48.0640 3948 Serial - ok
20:46:48.0765 3948 [ 019AB047B932AD277A4DA2673E5CC19C ] ServiceLayer C:\Programme\PC Connectivity Solution\ServiceLayer.exe
20:46:48.0796 3948 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning
20:46:48.0796 3948 ServiceLayer - detected UnsignedFile.Multi.Generic (1)
20:46:48.0890 3948 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
20:46:49.0046 3948 Sfloppy - ok
20:46:49.0125 3948 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
20:46:49.0328 3948 SharedAccess - ok
20:46:49.0359 3948 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:46:49.0390 3948 ShellHWDetection - ok
20:46:49.0406 3948 Simbad - ok
20:46:49.0484 3948 [ A1ECEEAA5C5E74B2499EB51D38185B84 ] SONYPVU1 C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:46:49.0625 3948 SONYPVU1 - ok
20:46:49.0640 3948 Sparrow - ok
20:46:49.0671 3948 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
20:46:49.0828 3948 splitter - ok
20:46:49.0875 3948 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
20:46:49.0937 3948 Spooler - ok
20:46:49.0984 3948 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
20:46:50.0078 3948 sr - ok
20:46:50.0171 3948 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\System32\srsvc.dll
20:46:50.0265 3948 srservice - ok
20:46:50.0312 3948 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
20:46:50.0390 3948 Srv - ok
20:46:50.0453 3948 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
20:46:50.0562 3948 SSDPSRV - ok
20:46:50.0671 3948 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
20:46:50.0859 3948 stisvc - ok
20:46:50.0890 3948 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
20:46:51.0046 3948 swenum - ok
20:46:51.0093 3948 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
20:46:51.0250 3948 swmidi - ok
20:46:51.0312 3948 SwPrv - ok
20:46:51.0343 3948 symc810 - ok
20:46:51.0375 3948 symc8xx - ok
20:46:51.0390 3948 sym_hi - ok
20:46:51.0421 3948 sym_u3 - ok
20:46:51.0468 3948 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
20:46:51.0625 3948 sysaudio - ok
20:46:51.0718 3948 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
20:46:51.0890 3948 SysmonLog - ok
20:46:52.0000 3948 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
20:46:52.0156 3948 TapiSrv - ok
20:46:52.0203 3948 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:46:52.0265 3948 Tcpip - ok
20:46:52.0296 3948 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
20:46:52.0453 3948 TDPIPE - ok
20:46:52.0468 3948 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
20:46:52.0625 3948 TDTCP - ok
20:46:52.0671 3948 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
20:46:52.0812 3948 TermDD - ok
20:46:52.0921 3948 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
20:46:53.0109 3948 TermService - ok
20:46:53.0171 3948 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
20:46:53.0187 3948 Themes - ok
20:46:53.0203 3948 TosIde - ok
20:46:53.0250 3948 [ F3E2BDE812BCCD6F58751AFFE43269F0 ] TPkd C:\WINDOWS\system32\drivers\TPkd.sys
20:46:53.0281 3948 TPkd ( UnsignedFile.Multi.Generic ) - warning
20:46:53.0281 3948 TPkd - detected UnsignedFile.Multi.Generic (1)
20:46:53.0375 3948 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
20:46:53.0546 3948 TrkWks - ok
20:46:53.0609 3948 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
20:46:53.0781 3948 Udfs - ok
20:46:53.0796 3948 ultra - ok
20:46:53.0859 3948 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
20:46:54.0062 3948 Update - ok
20:46:54.0156 3948 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
20:46:54.0265 3948 upnphost - ok
20:46:54.0328 3948 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
20:46:54.0468 3948 UPS - ok
20:46:54.0515 3948 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:46:54.0671 3948 usbccgp - ok
20:46:54.0718 3948 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:46:54.0875 3948 usbehci - ok
20:46:54.0921 3948 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:46:55.0093 3948 usbhub - ok
20:46:55.0140 3948 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:46:55.0296 3948 usbprint - ok
20:46:55.0343 3948 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:46:55.0500 3948 usbscan - ok
20:46:55.0562 3948 [ A32426D9B14A089EAA1D922E0C5801A9 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:46:55.0703 3948 usbstor - ok
20:46:55.0750 3948 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:46:55.0890 3948 usbuhci - ok
20:46:55.0921 3948 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
20:46:56.0062 3948 VgaSave - ok
20:46:56.0093 3948 [ 4B039BBD037B01F5DB5A144C837F283A ] viaagp1 C:\WINDOWS\system32\DRIVERS\viaagp1.sys
20:46:56.0140 3948 viaagp1 - ok
20:46:56.0203 3948 [ E8C619C6C6BDE90D130DDA87150E1944 ] viagfx C:\WINDOWS\system32\DRIVERS\vtmini.sys
20:46:56.0265 3948 viagfx - ok
20:46:56.0296 3948 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
20:46:56.0453 3948 ViaIde - ok
20:46:56.0484 3948 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
20:46:56.0640 3948 VolSnap - ok
20:46:56.0718 3948 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
20:46:56.0828 3948 VSS - ok
20:46:56.0906 3948 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\System32\w32time.dll
20:46:57.0078 3948 W32Time - ok
20:46:57.0125 3948 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:46:57.0265 3948 Wanarp - ok
20:46:57.0281 3948 WDICA - ok
20:46:57.0328 3948 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
20:46:57.0500 3948 wdmaud - ok
20:46:57.0609 3948 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
20:46:57.0781 3948 WebClient - ok
20:46:57.0859 3948 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
20:46:58.0015 3948 winmgmt - ok
20:46:58.0140 3948 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
20:46:58.0218 3948 WmdmPmSN - ok
20:46:58.0265 3948 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:46:58.0421 3948 WmiApSrv - ok
20:46:58.0484 3948 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
20:46:58.0515 3948 WpdUsb - ok
20:46:58.0687 3948 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:46:58.0765 3948 WPFFontCache_v0400 - ok
20:46:58.0828 3948 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
20:46:59.0000 3948 wscsvc - ok
20:46:59.0093 3948 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
20:46:59.0250 3948 wuauserv - ok
20:46:59.0312 3948 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:46:59.0359 3948 WudfPf - ok
20:46:59.0406 3948 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:46:59.0453 3948 WudfRd - ok
20:46:59.0515 3948 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
20:46:59.0562 3948 WudfSvc - ok
20:46:59.0656 3948 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
20:46:59.0843 3948 WZCSVC - ok
20:46:59.0906 3948 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
20:47:00.0062 3948 xmlprov - ok
20:47:00.0078 3948 ================ Scan global ===============================
20:47:00.0203 3948 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:47:00.0312 3948 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:47:00.0421 3948 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:47:00.0484 3948 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:47:00.0500 3948 [Global] - ok
20:47:00.0500 3948 ================ Scan MBR ==================================
20:47:00.0531 3948 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
20:47:00.0765 3948 \Device\Harddisk0\DR0 - ok
20:47:00.0781 3948 [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk5\DR10
20:47:00.0890 3948 \Device\Harddisk5\DR10 - ok
20:47:00.0906 3948 ================ Scan VBR ==================================
20:47:00.0906 3948 [ D68A33DCFF2DF09F7B4DE4848891D0DD ] \Device\Harddisk0\DR0\Partition1
20:47:00.0906 3948 \Device\Harddisk0\DR0\Partition1 - ok
20:47:00.0937 3948 [ 6AB382A167631ED68E20C26BBD27606D ] \Device\Harddisk5\DR10\Partition1
20:47:00.0937 3948 \Device\Harddisk5\DR10\Partition1 - ok
20:47:00.0937 3948 ============================================================
20:47:00.0937 3948 Scan finished
20:47:00.0937 3948 ============================================================
20:47:01.0078 3940 Detected object count: 10
20:47:01.0078 3940 Actual detected object count: 10

markusg · 24.01.2013, 20:56

log is unvollständig, bitte mal als txt anhängen, falls zu groß, packen.

Siegfried01 · 24.01.2013, 21:03

OK :

markusg · 24.01.2013, 21:23

hi
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Siegfried01 · 24.01.2013, 21:57

Kurz nach Klicken auf ComboFix erscheint Folgendes:

Bitte warten.
ComboFix wird vorbereitet, um ausgeführt zu werden.

Versuche, einen neuen Systemwiederherstellungspunkt zu erstellen.

***

Dieser PC verfügt nicht über die Microsoft-Systemwiederherstellungskonsole.
Ohne diese wird ComboFix die Reparatur einiger schwerer Infizierungen nicht vornehmen. Klicke auf JA um mit ComboFix die Wiederherstellungskonsole herunterzuladen und zu installieren.

NB: Dies benötigt eine funktionierende Internetverbindung.

JA NEIN

markusg · 25.01.2013, 12:23

klicke ja.

Siegfried01 · 25.01.2013, 22:13

OK, JA geklickt,
ComboFix hat losgelegt.

Nach ca. 10 min hab ich blaues Fenster auf leerem Desktop.

Der Bericht im blauen Fenster
hat eine Reihe von "Fertigestellt Stufe_ xx" - Meldungen,
bis "Fertiggestellt Stufe_50.

Darunter steht

"Lösche Dateien,"
es erden einige C:Windows Dateien angezeigt,

dann steht

"Lösche Ordner
C:\Dokumente und Einstellungen\Default User\WINDOWS"

Danach nichts mehr,
blinkender Cursor.

***

Ist ComboFix also fertig ?
Neustart ausführen ?

***

OK, Neustart gemacht.

wo kann ich die C:\Combofix.txt finden ?

markusg · 28.01.2013, 16:29

starteneu, drücke f8 wähle abgesicherter Modus, melde dich in deinem Konto an, führe combofix erneut aus, neustarten, log posten

Siegfried01 · 29.01.2013, 00:14

Abgesicherter Modus geht leider nicht. ComboFix gestartet, ist danach fertig, wieder ohne Hinweis of log file.

Seit dem letzten Mal ist aber das GVU-"Startfenster" weg. Ist der Trojaner damit auch weg ? :-)

22.01.2013, 23:45	#2
markusg /// Malware-holic	GVU Trojaner mit kurzer Gedenksekunde immer wieder da hi finger weg von der systemwiederherstellung bei trojaner befall! das kann mehr probleme verursachen. poste die logs bitte __________________ __________________

25.01.2013, 12:23	#12
markusg /// Malware-holic	GVU Trojaner mit kurzer Gedenksekunde immer wieder da klicke ja. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

GVU Trojaner mit kurzer Gedenksekunde immer wieder da

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner mit kurzer Gedenksekunde immer wieder da