Nach Befall von TR/Kazy.mekml.1 alles wieder sauber?

cosinus · 15.05.2011, 17:10

Und die treten immer wieder neu auf? Auch nach Leeren des Verlaufs?

petersen-bjo · 15.05.2011, 18:31

Leider ja.

cosinus · 15.05.2011, 18:35

Mach nochmal ein frisches OTL-Log.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

petersen-bjo · 15.05.2011, 19:05

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 15.05.2011 19:51:10 - Run 2
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Helihausen\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434,66 Gb Total Space | 319,36 Gb Free Space | 73,47% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 18,94 Gb Free Space | 63,12% Space Free | Partition Type: NTFS
 
Computer Name: BJOERN-PC | User Name: Helihausen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.15 19:44:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Helihausen\Desktop\OTL.exe
PRC - [2011.04.27 19:39:45 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.16 19:28:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.12.09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.11.04 17:30:52 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.31 18:03:04 | 000,329,168 | ---- | M] () -- C:\Programme\Verbindungsassistent\WTGService.exe
PRC - [2010.01.21 14:11:40 | 000,045,056 | ---- | M] (Realtek) -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.24 07:46:18 | 000,495,728 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.10.24 07:46:18 | 000,225,382 | ---- | M] (IDT, Inc.) -- c:\Programme\IDT\WDM\stacsv.exe
PRC - [2009.08.19 16:42:56 | 000,192,000 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.08.05 17:08:40 | 000,413,696 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2009.07.23 22:22:52 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\YouCam\YouCamTray.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.07.07 11:44:44 | 000,343,552 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.05.19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.03.04 10:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
PRC - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.15 19:44:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Helihausen\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.27 19:39:45 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.16 19:28:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.01 09:26:56 | 000,678,920 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto | Stopped] -- C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2010.10.31 18:03:04 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2010.01.21 14:11:40 | 000,045,056 | ---- | M] (Realtek) [Auto | Running] -- C:\Programme\REALTEK\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nSU)
SRV - [2009.10.24 07:46:18 | 000,225,382 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.03.04 10:27:42 | 000,113,152 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2001.11.12 15:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 19:28:43 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.23 22:06:36 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.07.08 07:17:56 | 000,603,240 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.03.10 15:36:54 | 000,605,568 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (PCTV340_801)
DRV - [2010.03.10 15:36:54 | 000,605,568 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009.11.06 12:02:38 | 000,042,496 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009.10.24 07:46:18 | 000,421,376 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.10.13 01:33:28 | 000,067,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2009.10.02 14:33:24 | 000,862,208 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.09.16 19:28:18 | 009,833,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.08.24 11:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\azvusb.sys -- (azvusb)
DRV - [2009.08.06 12:10:00 | 000,313,856 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.20 19:39:20 | 000,116,136 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.05.13 14:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 14:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\x10hid.sys -- (X10Hid)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.07.24 12:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.03.21 19:37:28 | 000,101,520 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\STK02HW2.sys -- (DCamUSBSTK02H)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
 
[2010.10.22 20:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helihausen\AppData\Roaming\mozilla\Extensions
[2010.10.22 20:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helihausen\AppData\Roaming\mozilla\Extensions\{ea278cf8-93cd-484f-b951-57360482d33a}
[2010.08.24 17:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helihausen\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.05.06 20:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helihausen\AppData\Roaming\mozilla\Firefox\Profiles\qve361ud.default\extensions
[2011.03.13 18:24:01 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Users\Helihausen\AppData\Roaming\mozilla\Firefox\Profiles\qve361ud.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2011.03.21 21:21:25 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Helihausen\AppData\Roaming\mozilla\Firefox\Profiles\qve361ud.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010.11.10 00:14:33 | 000,000,000 | ---D | M] (Site Information Tool) -- C:\Users\Helihausen\AppData\Roaming\mozilla\Firefox\Profiles\qve361ud.default\extensions\siteinfo@wmtips
[2011.05.15 16:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.12.30 20:39:25 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\HomeCinema\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BullGuard]  File not found
O4 - HKCU..\Run: [ckvacGUXRMcAmh]  File not found
O4 - Startup: C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Laptop
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{29c22a1b-9c66-11df-9419-001f162822ef}\Shell - "" = AutoRun
O33 - MountPoints2\{29c22a1b-9c66-11df-9419-001f162822ef}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.15 19:44:52 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Helihausen\Desktop\OTL.exe
[2011.05.15 19:36:33 | 000,000,000 | ---D | C] -- C:\Users\Helihausen\AppData\Local\ElevatedDiagnostics
[2011.05.15 18:36:58 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2011.05.15 18:04:39 | 000,000,000 | ---D | C] -- C:\Programme\Feedback Tool
[2011.05.15 16:40:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011.05.14 18:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011.05.14 18:43:13 | 000,000,000 | ---D | C] -- C:\Programme\ImgBurn
[2011.05.12 21:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.05.12 21:34:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.05.12 21:34:09 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.05.12 21:01:53 | 000,000,000 | ---D | C] -- C:\Users\Helihausen\AppData\Local\temp
[2011.05.12 21:00:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.05.12 20:59:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.05.12 20:53:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.05.11 18:32:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.11 18:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.10 04:46:35 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.05.10 04:46:35 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.05.10 04:46:35 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.05.10 04:46:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.05.10 04:45:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.05.10 04:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.05.10 04:35:38 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.05.10 04:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011.05.10 04:32:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2011.05.10 04:32:04 | 000,000,000 | ---D | C] -- C:\Programme\CleanUp!
[2011.05.10 04:15:53 | 000,000,000 | ---D | C] -- C:\Users\Helihausen\AppData\Roaming\Malwarebytes
[2011.05.09 22:39:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.09 22:39:32 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.09 22:02:23 | 000,000,000 | ---D | C] -- C:\Users\Helihausen\testordner
[2011.05.02 20:58:04 | 000,000,000 | ---D | C] -- C:\Users\Helihausen\Desktop\flieger
[2011.05.02 20:51:45 | 000,000,000 | ---D | C] -- C:\Users\Helihausen\Desktop\heli
[2011.05.01 07:35:51 | 000,000,000 | ---D | C] -- C:\Users\Helihausen\AppData\Roaming\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.15 19:52:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3651452335-2646520935-936833019-1003UA.job
[2011.05.15 19:49:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.15 19:44:57 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Helihausen\Desktop\OTL.exe
[2011.05.15 19:29:32 | 000,009,888 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.15 19:29:32 | 000,009,888 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.15 19:27:16 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.15 19:22:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.15 19:21:57 | 2388,291,584 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.15 18:37:55 | 002,211,971 | ---- | M] () -- C:\Users\Helihausen\Desktop\Windows6.1-KB2534366-x86.msu
[2011.05.15 09:23:48 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.15 09:23:48 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.15 09:23:48 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.15 09:23:48 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.05.14 21:52:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3651452335-2646520935-936833019-1003Core.job
[2011.05.14 18:43:14 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011.05.12 21:34:11 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.05.11 18:32:00 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.10 06:23:31 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.05.10 06:11:30 | 000,000,600 | ---- | M] () -- C:\Users\Helihausen\AppData\Roaming\winscp.rnd
[2011.05.10 06:11:29 | 000,001,751 | ---- | M] () -- C:\Users\Helihausen\Desktop\WinSCP.lnk
[2011.05.10 04:35:39 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.10 04:32:06 | 000,000,980 | ---- | M] () -- C:\Users\Helihausen\Desktop\CleanUp!.lnk
[2011.05.05 19:46:22 | 000,013,025 | ---- | M] () -- C:\Users\Helihausen\Desktop\Reklamation.pdf
[2011.04.28 21:38:05 | 000,001,475 | ---- | M] () -- C:\Users\Helihausen\.recently-used.xbel
 
========== Files Created - No Company Name ==========
 
[2011.05.15 18:37:45 | 002,211,971 | ---- | C] () -- C:\Users\Helihausen\Desktop\Windows6.1-KB2534366-x86.msu
[2011.05.14 18:43:14 | 000,001,827 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011.05.14 18:43:14 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011.05.12 21:34:11 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.05.11 18:32:00 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.10 06:11:29 | 000,001,751 | ---- | C] () -- C:\Users\Helihausen\Desktop\WinSCP.lnk
[2011.05.10 04:46:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.05.10 04:46:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.05.10 04:46:35 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.05.10 04:46:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.05.10 04:46:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.05.10 04:35:39 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.05.10 04:35:34 | 000,001,098 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.10 04:35:32 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.10 04:32:06 | 000,000,980 | ---- | C] () -- C:\Users\Helihausen\Desktop\CleanUp!.lnk
[2011.05.05 19:46:22 | 000,013,025 | ---- | C] () -- C:\Users\Helihausen\Desktop\Reklamation.pdf
[2011.04.28 21:38:05 | 000,001,475 | ---- | C] () -- C:\Users\Helihausen\.recently-used.xbel
[2010.12.11 10:39:06 | 000,005,632 | ---- | C] () -- C:\Users\Helihausen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.28 19:31:17 | 000,000,000 | ---- | C] () -- C:\Users\Helihausen\AppData\Roaming\wklnhst.dat
[2010.08.26 19:12:30 | 000,000,600 | ---- | C] () -- C:\Users\Helihausen\AppData\Roaming\winscp.rnd
[2010.08.24 21:28:48 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.15 15:05:26 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.08.15 15:05:26 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2010.02.05 15:12:45 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2010.02.05 14:56:36 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2010.02.05 14:45:03 | 000,000,548 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2010.01.18 15:42:06 | 000,034,666 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.09.30 12:05:48 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nsldap32v60.dll
[2009.08.03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.07.14 10:47:43 | 000,654,166 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,429,472 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,008 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,388 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.10.30 18:00:22 | 000,048,640 | ---- | C] () -- C:\Windows\System32\nsldapssl32v60.dll
[2008.10.30 17:59:24 | 000,025,088 | ---- | C] () -- C:\Windows\System32\nsldappr32v60.dll
[2007.08.23 18:55:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2004.12.14 17:55:22 | 000,000,019 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
 
========== LOP Check ==========
 
[2010.08.15 16:15:19 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\BullGuard
[2011.03.19 14:20:05 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\GARMIN
[2011.04.28 21:38:05 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\gtk-2.0
[2010.10.31 20:05:22 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Nvu
[2010.10.26 20:28:31 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\TeamViewer
[2010.10.28 19:31:19 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Template
[2010.10.31 18:04:11 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Verbindungsassistent
[2010.12.10 09:58:55 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\XnView
[2011.01.31 19:45:19 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\YCanPDF
[2011.05.15 09:38:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.09 21:02:44 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Adobe
[2011.04.04 20:19:33 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Apple Computer
[2011.05.01 07:35:51 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Avira
[2010.08.15 16:15:19 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\BullGuard
[2010.08.24 19:04:58 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\CyberLink
[2011.01.12 19:10:08 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\DivX
[2011.03.19 14:20:05 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\GARMIN
[2011.05.10 06:10:16 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Google
[2011.04.28 21:38:05 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\gtk-2.0
[2010.08.15 16:15:07 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Identities
[2011.01.13 21:03:31 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\InstallShield
[2010.08.15 16:24:42 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Macromedia
[2011.05.10 04:15:53 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Media Center Programs
[2011.05.09 21:02:44 | 000,000,000 | --SD | M] -- C:\Users\Helihausen\AppData\Roaming\Microsoft
[2010.08.23 14:52:39 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Mozilla
[2010.10.31 20:05:22 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Nvu
[2011.05.10 05:21:19 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Skype
[2011.05.09 19:55:30 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\skypePM
[2010.10.26 20:28:31 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\TeamViewer
[2010.10.28 19:31:19 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Template
[2010.10.31 18:04:11 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\Verbindungsassistent
[2011.01.11 21:10:08 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\WinRAR
[2010.12.10 09:58:55 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\XnView
[2011.01.31 19:45:19 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\YCanPDF
 
< %APPDATA%\*.exe /s >
[2010.12.20 18:53:53 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Helihausen\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe
[2010.11.06 09:55:49 | 000,026,694 | R--- | M] () -- C:\Users\Helihausen\AppData\Roaming\Microsoft\Installer\{F920E37C-6305-4288-B4BD-966070403DB9}\_6FEFF9B68218417F98F549.exe
[2010.11.06 09:55:49 | 000,026,694 | R--- | M] () -- C:\Users\Helihausen\AppData\Roaming\Microsoft\Installer\{F920E37C-6305-4288-B4BD-966070403DB9}\_7C2345DEDF1923A792D4EF.exe
[2010.10.31 16:55:01 | 000,274,944 | ---- | M] (Markus B. Weber) -- C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\CONFIG.exe
[2010.10.31 16:55:01 | 000,274,944 | ---- | M] (Markus B. Weber) -- C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\GPRS.exe
[2010.10.31 16:55:01 | 000,274,944 | ---- | M] (Markus B. Weber) -- C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\MWconn.exe
[2010.10.31 16:55:01 | 000,274,944 | ---- | M] (Markus B. Weber) -- C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\MWconn_downdate.exe
[2010.10.31 16:55:01 | 000,274,944 | ---- | M] (Markus B. Weber) -- C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTS.exe
[2010.10.31 16:55:01 | 000,274,944 | ---- | M] (Markus B. Weber) -- C:\Users\Helihausen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MWconn\UMTSGPRS.exe
[2009.01.14 12:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Helihausen\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe
[2009.03.03 13:44:48 | 000,030,160 | ---- | M] () -- C:\Users\Helihausen\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe
[2009.03.03 13:44:55 | 000,251,344 | ---- | M] () -- C:\Users\Helihausen\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe
[2009.03.03 13:45:08 | 000,693,712 | ---- | M] () -- C:\Users\Helihausen\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe
[2009.03.03 13:45:05 | 001,091,024 | ---- | M] () -- C:\Users\Helihausen\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe
[2009.03.03 13:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\Helihausen\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe
[2009.03.04 09:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Helihausen\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe
[2009.03.03 13:45:11 | 000,296,400 | ---- | M] () -- C:\Users\Helihausen\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe
[2009.03.03 13:45:15 | 000,243,152 | ---- | M] () -- C:\Users\Helihausen\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Programme\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 19:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2011.02.24 07:29:55 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
 
<           >

< End of report >

--- --- ---

cosinus · 15.05.2011, 19:22

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [BullGuard]  File not found
O4 - HKCU..\Run: [ckvacGUXRMcAmh]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{29c22a1b-9c66-11df-9419-001f162822ef}\Shell - "" = AutoRun
O33 - MountPoints2\{29c22a1b-9c66-11df-9419-001f162822ef}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2010.08.15 16:15:19 | 000,000,000 | ---D | M] -- C:\Users\Helihausen\AppData\Roaming\BullGuard
:Commands
[purity]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

petersen-bjo · 15.05.2011, 19:38

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\BullGuard deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ckvacGUXRMcAmh deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29c22a1b-9c66-11df-9419-001f162822ef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29c22a1b-9c66-11df-9419-001f162822ef}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29c22a1b-9c66-11df-9419-001f162822ef}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29c22a1b-9c66-11df-9419-001f162822ef}\ not found.
File F:\AutoRun.exe not found.
C:\Users\Helihausen\AppData\Roaming\BullGuard\AppDumps folder moved successfully.
C:\Users\Helihausen\AppData\Roaming\BullGuard\Antivirus\Profiles folder moved successfully.
C:\Users\Helihausen\AppData\Roaming\BullGuard\Antivirus folder moved successfully.
C:\Users\Helihausen\AppData\Roaming\BullGuard folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 05152011_203725

cosinus · 15.05.2011, 20:40

hast du rein zufällig auch einen Router? Wenn ja wurde da das Adminpasswort geändert?
Wenn nicht, setz diesen Router auf Werkseinstellungen zurück und konfiguriere ihn neu. Wichtig ist, dass du das unsichere vordefinierte Adminkennwort zum Router änderst!

petersen-bjo · 16.05.2011, 21:33

Hi,
ich hatte ein vordefiniertes PW. Jetzt habe ich den Router in die Werkseinstellungen zurückgesetzt und vollkommen neu eingerichtet. Es gibt jetzt sozusagen nichts vordefiniertes mehr.

Habe jetzt Avira Antivir Premium statt der freien Version. Momentan habe ich keine wirklichen Probleme mehr aber es bleibt Unsicherheit wegen der noch vorhanden Skriptfehler. Sie kommen unregelmäßig. Im Anhang 5 Screenshots dazu.

cosinus · 16.05.2011, 21:45

Hab keine Idee wo die herkommen.
Mach erstmal ein Komplettupdate des Systems, unten mein Leitfaden dazu.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

petersen-bjo · 17.05.2011, 16:08

Hi,

ich habe alles aktualisiert. Lediglich zwei Dinge ließen sich nicht bewerkstelligen:

Windows 7 Service Pack 1 und
KB2534366

Beide Windows-Updates brechen ab. Immer und immer wieder. Probleme kann ich am System zwar nicht feststellen aber warum diese Updates nicht wollen, bleibt ein Rätzel. Bisher hatte ich damit noch nie Probleme. An meinem Desktop-PC ließen sie sich problemlos installieren.

cosinus · 17.05.2011, 18:08

Lad das komplett SP1 runter und installier es manuell. Vor dem Ausführen unbedingt alle Programme beenden und den Virenscanner deaktivieren!!

Detail Seite Windows 7 und Windows Server 2008 R2 Service Pack 1 (KB976932)

Du brauchst für dein 32-Bit-Win7 diese Datei => windows6.1-KB976932-X86.exe

petersen-bjo · 26.05.2011, 17:08

So, habe inzwischen das SP1 manuell runtergeladen und versucht zu installieren. Nach dem Runterfahren des PC bricht die Installation ab. SP1 lässt sich nicht installieren. Virenscanner und alle anderen Programme waren deaktiviert. Rechner war auch vom Netz dabei.

Was mir zwischenzeichtlich auffiel:
- nach Deinstallation des IE9 startete trotzdem eine Datei iexplorer.exe (gesehen im Taskmanager)
- ab und zu bekomme ich englischesprachige Stimmen zu hören. Klingt wie Radio. Wenn ich dann die iexplorer.exe über den Tastmanager durch Prozesse beenden abschalte, sind die Stimmen weg.
- als ich damals den Befall meines Systems bemerkt hatte, stellte ich das durch Musik fest weshalb ich jetzt davon ausgehe, dass mein Problem nach wie vor besteht. Avira erkennt nichts, Malwarebytes' Anti-Malware auch nicht.

Was kann ich tun? Wieso gibt es diese Datei (iexplorer.exe) noch immer, obwohl ich den IE9 deinstalliert haben und nur noch den Firefox nutze?

cosinus · 26.05.2011, 19:49

Da werkelt noch was ist mein Eindruck. Führ mal ESET aus.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

petersen-bjo · 26.05.2011, 21:59

OK, erledigt! Auch was gefunden! Was mache ich damit jetzt?:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=59073676e3c1e2499b67ad523d7fb9df
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-05-26 08:49:55
# local_time=2011-05-26 10:49:55 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 20052145 20052145 0 0
# compatibility_mode=5893 16776573 100 94 188552 58875369 0 0
# compatibility_mode=8192 67108863 100 0 127 127 0 0
# scanned=192609
# found=1
# cleaned=0
# scan_time=6369
C:\Users\Redakteur\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BXAKDHXI\ven[1].htm JS/Kryptik.AL trojan (unable to clean) 00000000000000000000000000000000 I

cosinus · 27.05.2011, 08:42

Der hat nur noch im Browsercache was gefunden, das Löschen wird wohl kaum etwas bringen. Entweder seh ich den Schädling nicht, oder der wird einfach nicht angezeigt.

Probier mal => http://www.chip.de/downloads/AntiVir..._30971022.html

Wenn das Ding auch ncihts findet, müssen wir wohl mit format c: leben

15.05.2011, 17:10	#46
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? Und die treten immer wieder neu auf? Auch nach Leeren des Verlaufs? __________________ Logfiles bitte immer in CODE-Tags posten

15.05.2011, 20:40	#52
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Nach Befall von TR/Kazy.mekml.1 alles wieder sauber? hast du rein zufällig auch einen Router? Wenn ja wurde da das Adminpasswort geändert? Wenn nicht, setz diesen Router auf Werkseinstellungen zurück und konfiguriere ihn neu. Wichtig ist, dass du das unsichere vordefinierte Adminkennwort zum Router änderst! __________________ Logfiles bitte immer in CODE-Tags posten

Nach Befall von TR/Kazy.mekml.1 alles wieder sauber?

Log-Analyse und Auswertung: Nach Befall von TR/Kazy.mekml.1 alles wieder sauber?