Trojaner-Board - 50€ für Freischaltung der Windows-Sicherheitsblockage

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - 50€ für Freischaltung der Windows-Sicherheitsblockage (https://www.trojaner-board.de/110482-50-freischaltung-windows-sicherheitsblockage.html)

50€ für Freischaltung der Windows-Sicherheitsblockage

Hallo liebe Leute,

Wenn ich mir das Forum so ansehe, bin ich gerade nicht der einizige mit dieser komischen "Zusatz"-Software.

Nur wenn mein Laptop am Internet hängt, dann wird nach einiger Zeit der Bildcshirm schwarz. Dann kommt eine Meldung, dass mein System aus Sicherheitsgründen blockiert wird und ich alles wieder freischalten kann nach einem kleinem Obolus von 50€.

Im abgesichertem Win-Modus tritt dieses Problem nicht auf.

Zusätzlich habe ich noch das Problem, dass alle USB-Ports herumspinnen und im normalen Win-Modus keine USb-Gerät mehr gefunden werden. Zudem kann ich komischerweise auch nicht von irgendwelchen USB-Sticks/-externen CD-Roms booten. Das USB könnte aber auch nur ein Hardware-Problem sein, ich bin mir nicht sicher.

Im Anhang sind die geforderten Log-Dateien.

Vielen Dank im Vorraus!

Hmm, die log-Dateien von dem dds muss ich wohl nochmal erzeugen. Die habe ich wohl ausversehen beim Desktop aufräumen geloscht :headbang:
Die kommen aber gleich.

Selbst, wenn ich mit Defogger wieder anfange, und ich bei dds ankomme, dann startet das PRogramm kurz. Soll heißen die Kommandozeile sieht man kurz aufflackern undgleich wieder verschwinden...

Nun bruache ich echt Hilfe.. :(

dds.com habe ich nun zum scannen bekommen, aber nur wenn ich das Programm direkt über die Kommandozeile aufgerufen habe.

Im Anhang nun die 3 logfiles...

Log-Datei von Malwarebytes, was nun..?

Hallo,

Ich hatte so einen "Bundes"-Trojaner, der nach 50€ gefragt hatte. Den schein ich nach Anleitung von einer anderen i-net-Seite ausgeschaltet zu haben. Danach habe ich Malwarebytes laufen lassen. Das Programm scheint nicht nur diesen einen Bösewicht gelöscht zu haben, sondern noch ein andere unschöne Dinger.

Wie ich hier im Forum gelesen habe, sollte man noch weitere Programme laufen lassen, um wirklich sicher gehen zu können.

Im anhang das Logfile von Malwarebytes.

Grüße

Kokosmatte

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo cosinus,

Danke für das zusammenfügen der Threads. Ich war ein wenig unruhig und hatte verscuht mich auf vielen Internetseite schlau zu machen.

Hier nun die log-Datei von eset:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6d4360d09673c04da140044be76bdf84

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-28 08:40:50

# local_time=2012-02-28 09:40:50 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1797 16775165 100 100 13613 105281610 6384 0

# compatibility_mode=5892 16776573 100 100 17474 167914218 0 0

# compatibility_mode=8192 67108863 100 0 5523 5523 0 0

# scanned=444939

# found=2

# cleaned=0

# scan_time=37004

G:\DL\drivekeeper_Build-228.exe        probably unknown NewHeur_PE virus (unable to clean)        00000000000000000000000000000000        I

G:\DL\drive.keeper\drivekeeper_Build-228.exe        probably unknown NewHeur_PE virus (unable to clean)        00000000000000000000000000000000        I

Ich gehe mal davon aus, dass "drivekeeper" eine vertrauenswürdige Software ist. Die Software habe ich direkt vom Hersteller heruntergeladen.

Weiter bin ich gerne offen für weiter Hilfe oder Tipps.

Grüße

Kokosmatte

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

hier nun das otl-log:

OTL Logfile:

Code:

OTL logfile created on: 28.02.2012 23:16:31 - Run 2

OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\***\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 64,60% Memory free

6,06 Gb Paging File | 4,83 Gb Available in Paging File | 79,58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 72,01 Gb Total Space | 10,36 Gb Free Space | 14,39% Space Free | Partition Type: NTFS

Drive D: | 7,95 Gb Total Space | 1,29 Gb Free Space | 16,29% Space Free | Partition Type: NTFS

Drive F: | 1020,00 Mb Total Space | 1013,84 Mb Free Space | 99,40% Space Free | Partition Type: FAT32

Drive G: | 67,03 Gb Total Space | 8,17 Gb Free Space | 12,19% Space Free | Partition Type: NTFS

Drive I: | 30,07 Gb Total Space | 4,48 Gb Free Space | 14,90% Space Free | Partition Type: FAT32

 

Computer Name: LAPTOP | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.28 23:12:43 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.07.01 20:37:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.05.03 08:45:47 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010.11.02 21:39:49 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.03.30 09:53:32 | 000,153,464 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe

PRC - [2010.03.30 09:52:24 | 000,121,720 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe

PRC - [2010.03.30 09:51:30 | 000,254,328 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe

PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.03.26 16:15:24 | 002,789,672 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe

PRC - [2009.03.20 10:46:00 | 000,114,688 | ---- | M] () -- C:\Program Files\SPECS\SpecsLab2\bin\ObjectServer.exe

PRC - [2009.02.18 23:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2009.02.18 23:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

PRC - [2009.01.13 10:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2008.06.06 13:05:10 | 002,118,952 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero Toolkit\DriveSpeed.exe

PRC - [2008.05.21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe

PRC - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

PRC - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

PRC - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe

PRC - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe

PRC - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe

PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe

PRC - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.03.20 10:46:00 | 000,114,688 | ---- | M] () -- C:\Program Files\SPECS\SpecsLab2\bin\ObjectServer.exe

MOD - [2009.01.06 13:24:58 | 000,118,784 | ---- | M] () -- C:\Program Files\KDiff3\diff_ext_for_kdiff3.dll

MOD - [2001.09.03 09:27:30 | 000,512,000 | ---- | M] () -- C:\Program Files\SPECS\SpecsLab2\bin\omniORB303_rt.dll

MOD - [2001.09.03 09:27:30 | 000,028,672 | ---- | M] () -- C:\Program Files\SPECS\SpecsLab2\bin\omnithread2_rt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] --  -- (dtmdserver)

SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.07.01 20:37:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.05.03 08:45:47 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.03.30 09:53:32 | 000,153,464 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)

SRV - [2010.03.30 09:52:24 | 000,121,720 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv)

SRV - [2010.03.30 09:51:30 | 000,254,328 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike)

SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - [2009.03.26 16:15:24 | 002,789,672 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV - [2009.03.24 08:45:58 | 000,127,656 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\windows\System32\SUPDSvc.exe -- (Samsung UPD Service)

SRV - [2009.02.18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2009.01.13 10:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)

SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)

SRV - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)

SRV - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)

SRV - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)

SRV - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)

SRV - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.08.17 13:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2011.08.17 13:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2011.08.17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2011.08.17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2011.08.17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2011.08.17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2011.07.26 18:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2011.07.01 20:37:44 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.01 20:37:44 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.05.13 17:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV - [2011.05.13 17:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010.11.01 22:01:56 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)

DRV - [2010.03.30 09:51:50 | 000,335,224 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmnwim.sys -- (NWIM)

DRV - [2010.02.24 22:01:45 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2010.02.24 22:01:45 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)

DRV - [2010.02.19 20:36:16 | 000,123,392 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire(TM)

DRV - [2009.07.16 15:22:10 | 000,019,064 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)

DRV - [2009.06.21 16:30:36 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.01.13 10:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2008.12.18 22:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2008.12.18 22:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008.12.18 22:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2008.11.21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2008.11.17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.11.10 14:00:54 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)

DRV - [2008.10.06 10:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV - [2008.08.28 16:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.07.11 10:16:50 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2008.07.03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)

DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)

DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)

DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)

DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)

DRV - [2008.05.14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)

DRV - [2008.05.14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)

DRV - [2008.05.14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)

DRV - [2008.05.14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)

DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)

DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007.02.16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2007.02.15 15:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)

DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2004.02.04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

IE - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage

IE - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.3.2427702\npmathplugin.dll (Wolfram Research, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_5.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_5.0 [2011.11.17 22:30:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.25 21:46:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.25 21:46:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.17 22:30:56 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5021 [2011.08.01 23:19:35 | 000,000,000 | ---D | M]

 

[2010.01.24 15:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2009.05.22 07:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\extensions

[2009.05.22 07:20:10 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2012.02.28 20:06:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epn6rmfp.default\extensions

[2010.05.16 09:49:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epn6rmfp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.01.07 17:16:29 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\11-suche.xml

[2012.01.07 17:16:29 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\englische-ergebnisse.xml

[2012.01.07 17:16:29 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\gmx-suche.xml

[2012.01.07 17:16:29 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\lastminute.xml

[2012.01.07 17:16:29 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\webde-suche.xml

[2010.05.15 14:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010.05.15 14:50:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011.11.17 22:30:52 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION_5.0

[2011.08.01 23:19:35 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\***\APPDATA\ROAMING\5021

() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPN6RMFP.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI

[2011.09.21 14:48:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.05.15 14:49:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2011.05.07 15:48:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.05.07 15:48:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.05.07 15:48:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.05.07 15:48:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.05.07 15:48:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.05.07 15:48:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.01.15 16:10:59 | 000,000,791 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 255.0.0.0 google-analytics.com

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004..\Run: []  File not found

O4 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004..\Run: [Nero DriveSpeed] C:\Program Files\Nero\Nero8\Nero Toolkit\DriveSpeed.exe (Nero AG)

O4 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004..\Run: [NvCplDaemonTool] rundll32.exe  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDAF1AE7-A381-423A-9F66-F8D327DEA4DC}: NameServer = 62.72.64.237,204.152.184.131

O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0d23599a-27b1-11e1-baf8-f95ef5b2340c}\Shell - "" = AutoRun

O33 - MountPoints2\{0d23599a-27b1-11e1-baf8-f95ef5b2340c}\Shell\AutoRun\command - "" = H:\KMDS.exe

O33 - MountPoints2\{a005dc0b-30a0-11e1-bc69-89ed179aea01}\Shell - "" = AutoRun

O33 - MountPoints2\{a005dc0b-30a0-11e1-bc69-89ed179aea01}\Shell\AutoRun\command - "" = H:\KMDS.exe

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.bat

O34 - HKLM BootExecute: (autocheck)

O34 - HKLM BootExecute: (*)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.28 23:12:43 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.02.27 22:51:27 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012.02.27 14:56:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2012.02.27 14:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.02.27 14:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.02.27 14:56:09 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2012.02.27 14:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.02.26 22:07:42 | 000,100,864 | ---- | C] (GMER) -- C:\uxldapow.sys

[2012.02.26 21:30:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.com

[2012.02.26 21:12:00 | 000,000,000 | -H-D | C] -- C:\windows\PIF

[2012.02.26 20:01:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\pdfs

[2012.02.07 22:13:59 | 000,049,536 | ---- | C] (Texas Instruments Incorporated) -- C:\windows\System32\drivers\tiehdusb.sys

[2012.02.07 22:13:24 | 000,021,456 | ---- | C] (Texas Instruments Incorporated) -- C:\windows\System32\drivers\SilvrLnk.sys

[2012.02.07 22:12:12 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MyTIData

[2012.02.02 03:24:28 | 000,000,000 | ---D | C] -- C:\Users\***\.freeplane

[2012.02.02 03:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeplane

[2012.02.02 03:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Freeplane

[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.28 23:12:43 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.02.28 22:27:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.02.28 22:27:00 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.02.28 22:03:36 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.28 22:03:36 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.28 20:07:56 | 000,674,832 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012.02.28 20:07:56 | 000,634,650 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012.02.28 20:07:56 | 000,146,484 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012.02.28 20:07:56 | 000,120,214 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012.02.28 20:03:33 | 3147,055,104 | -HS- | M] () -- C:\hiberfil.sys

[2012.02.28 19:43:58 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat

[2012.02.27 22:51:00 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012.02.27 14:56:12 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.26 22:16:36 | 000,010,624 | ---- | M] () -- C:\Users\***\Desktop\logfiles.zip

[2012.02.26 22:07:42 | 000,100,864 | ---- | M] (GMER) -- C:\uxldapow.sys

[2012.02.26 22:05:50 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\j0t0keyi.exe

[2012.02.26 21:30:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.com

[2012.02.26 21:28:29 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe

[2012.02.26 20:03:24 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable

[2012.02.15 20:25:06 | 000,557,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2012.02.10 00:25:31 | 000,003,896 | ---- | M] () -- C:\Users\***\Documents\view_image.htm

[2012.02.07 22:12:35 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\TI Connect.lnk

[2012.02.06 23:01:29 | 000,208,384 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.05 15:59:06 | 000,000,322 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor***.job

[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.27 14:56:12 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.27 14:52:31 | 3147,055,104 | -HS- | C] () -- C:\hiberfil.sys

[2012.02.26 22:16:36 | 000,010,624 | ---- | C] () -- C:\Users\***\Desktop\logfiles.zip

[2012.02.26 22:05:50 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\j0t0keyi.exe

[2012.02.26 21:28:29 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe

[2012.02.26 20:03:05 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable

[2012.02.10 00:25:31 | 000,003,896 | ---- | C] () -- C:\Users\***\Documents\view_image.htm

[2012.02.07 22:12:35 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\TI Connect.lnk

[2012.01.07 20:39:18 | 000,000,000 | ---- | C] () -- C:\windows\PROTOCOL.INI

[2011.10.12 10:32:08 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI

[2011.10.09 22:11:02 | 000,007,692 | ---- | C] () -- C:\Users\***\AppData\Roaming\.freeciv-client-rc-2.3

[2011.09.02 07:25:28 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat

[2011.08.03 15:21:11 | 000,000,145 | --S- | C] () -- C:\Users\***\AppData\Local\2622104153.dat

[2011.03.15 01:10:35 | 000,057,344 | ---- | C] () -- C:\windows\System32\mupkernps11.dll

[2011.03.03 23:02:23 | 000,000,480 | ---- | C] () -- C:\windows\{3D00025F-C839-4312-A402-5C86723B8AC8}_WiseFW.ini

[2011.03.03 23:00:25 | 000,000,286 | ---- | C] () -- C:\windows\{AC59B86B-4E39-47C8-B79A-3EC33B86FB47}_WiseFW.ini

[2011.01.19 21:48:41 | 000,216,819 | ---- | C] () -- C:\windows\ClipNavigator Uninstaller.exe

[2010.12.25 12:01:53 | 000,006,928 | ---- | C] () -- C:\Users\***\AppData\Roaming\.freeciv-client-rc-2.2

[2010.12.21 19:01:29 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini

[2010.09.15 17:57:51 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll

[2010.06.25 10:20:48 | 000,081,920 | ---- | C] () -- C:\windows\System32\GkSui20.EXE

[2010.04.25 20:55:34 | 000,962,560 | ---- | C] () -- C:\windows\tesseract.exe

 
 ========== LOP Check ==========

 

[2011.11.02 00:36:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.freeciv

[2009.09.22 15:35:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.trackballs

[2011.12.20 10:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\1&1 Mail & Media GmbH

[2011.08.01 23:19:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5021

[2009.06.21 17:11:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite

[2009.11.28 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dev-Cpp

[2010.09.14 23:16:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DynaGeo

[2009.04.27 07:57:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fityk

[2010.01.27 16:14:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Folding@home-x86

[2009.05.22 07:19:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit

[2010.07.25 12:22:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeOrion

[2011.10.28 21:48:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2009.04.25 10:04:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo

[2011.03.19 22:28:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView

[2009.04.25 15:06:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JabRef 2.4.2

[2011.08.01 23:19:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock

[2011.12.28 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice

[2010.09.15 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX

[2011.12.01 22:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software

[2011.07.03 10:39:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia

[2011.07.03 10:39:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite

[2009.04.17 14:54:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2009.04.17 13:09:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera

[2011.11.24 22:17:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite

[2011.02.25 20:33:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\POV-Ray

[2010.04.18 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rainmeter

[2010.01.10 16:52:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RawTherapeeAlpha

[2010.11.01 22:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt

[2009.09.23 08:12:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Turbine

[2011.08.02 10:55:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs

[2011.02.25 21:58:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wings3D

[2011.02.26 10:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode

[2011.08.01 23:19:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm

[2012.02.28 19:43:59 | 000,032,512 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

[/CODE]

Das war kein CustomScan

Hmm, eigentlich war ich mir sicher, dass ich die Parameter aus deiner Codebox an OTL übergaben hatte.

Nun das ganze hoffentlich richtig:

OTL Logfile:

Code:

OTL logfile created on: 28.02.2012 23:49:34 - Run 3

OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\***\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,93 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 63,04% Memory free

6,06 Gb Paging File | 4,80 Gb Available in Paging File | 79,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 72,01 Gb Total Space | 10,36 Gb Free Space | 14,38% Space Free | Partition Type: NTFS

Drive D: | 7,95 Gb Total Space | 1,29 Gb Free Space | 16,29% Space Free | Partition Type: NTFS

Drive F: | 1020,00 Mb Total Space | 1013,84 Mb Free Space | 99,40% Space Free | Partition Type: FAT32

Drive G: | 67,03 Gb Total Space | 8,17 Gb Free Space | 12,19% Space Free | Partition Type: NTFS

Drive I: | 30,07 Gb Total Space | 4,48 Gb Free Space | 14,90% Space Free | Partition Type: FAT32

 

Computer Name: LAPTOP | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.28 23:12:43 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.07.01 20:37:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.05.03 08:45:47 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010.11.02 21:39:49 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010.03.30 09:53:32 | 000,153,464 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe

PRC - [2010.03.30 09:52:24 | 000,121,720 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe

PRC - [2010.03.30 09:51:30 | 000,254,328 | ---- | M] (AVM Berlin) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe

PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.03.26 16:15:24 | 002,789,672 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe

PRC - [2009.03.20 10:46:00 | 000,114,688 | ---- | M] () -- C:\Program Files\SPECS\SpecsLab2\bin\ObjectServer.exe

PRC - [2009.02.18 23:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe

PRC - [2009.02.18 23:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe

PRC - [2009.01.13 10:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2008.06.06 13:05:10 | 002,118,952 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero Toolkit\DriveSpeed.exe

PRC - [2008.05.21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe

PRC - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

PRC - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

PRC - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe

PRC - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe

PRC - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

PRC - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE

PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe

PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe

PRC - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.03.20 10:46:00 | 000,114,688 | ---- | M] () -- C:\Program Files\SPECS\SpecsLab2\bin\ObjectServer.exe

MOD - [2009.01.06 13:24:58 | 000,118,784 | ---- | M] () -- C:\Program Files\KDiff3\diff_ext_for_kdiff3.dll

MOD - [2001.09.03 09:27:30 | 000,512,000 | ---- | M] () -- C:\Program Files\SPECS\SpecsLab2\bin\omniORB303_rt.dll

MOD - [2001.09.03 09:27:30 | 000,028,672 | ---- | M] () -- C:\Program Files\SPECS\SpecsLab2\bin\omnithread2_rt.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] --  -- (dtmdserver)

SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.07.01 20:37:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.05.03 08:45:47 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010.03.30 09:53:32 | 000,153,464 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe -- (nwtsrv)

SRV - [2010.03.30 09:52:24 | 000,121,720 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe -- (certsrv)

SRV - [2010.03.30 09:51:30 | 000,254,328 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!Fernzugang\avmike.exe -- (avmike)

SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2009.04.30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

SRV - [2009.03.26 16:15:24 | 002,789,672 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)

SRV - [2009.03.24 08:45:58 | 000,127,656 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\windows\System32\SUPDSvc.exe -- (Samsung UPD Service)

SRV - [2009.02.18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2009.01.13 10:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)

SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)

SRV - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)

SRV - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)

SRV - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)

SRV - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)

SRV - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)

SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)

SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)

SRV - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.08.17 13:03:58 | 000,137,472 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)

DRV - [2011.08.17 13:03:50 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)

DRV - [2011.08.17 12:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2011.08.17 12:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2011.08.17 12:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2011.08.17 12:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2011.07.26 18:38:28 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2011.07.01 20:37:44 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.07.01 20:37:44 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.05.13 17:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)

DRV - [2011.05.13 17:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)

DRV - [2010.11.01 22:01:56 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)

DRV - [2010.03.30 09:51:50 | 000,335,224 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmnwim.sys -- (NWIM)

DRV - [2010.02.24 22:01:45 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)

DRV - [2010.02.24 22:01:45 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)

DRV - [2010.02.19 20:36:16 | 000,123,392 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire(TM)

DRV - [2009.07.16 15:22:10 | 000,019,064 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Program Files\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32)

DRV - [2009.06.21 16:30:36 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.01.13 10:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2008.12.18 22:44:00 | 000,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2008.12.18 22:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2008.12.18 22:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2008.11.21 20:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2008.11.17 14:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008.11.10 14:00:54 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)

DRV - [2008.10.06 10:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV - [2008.08.28 16:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2008.07.11 10:16:50 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2008.07.03 09:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)

DRV - [2008.05.16 10:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)

DRV - [2008.05.16 10:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)

DRV - [2008.05.16 10:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008.05.16 10:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008.05.16 10:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)

DRV - [2008.05.16 10:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008.05.16 10:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)

DRV - [2008.05.14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)

DRV - [2008.05.14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)

DRV - [2008.05.14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)

DRV - [2008.05.14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)

DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)

DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)

DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007.02.16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2007.02.15 15:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)

DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2004.02.04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

IE - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/tb/ie_startpage

IE - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@wolfram.com/Mathematica: C:\Program Files\Common Files\Wolfram Research\Browser\8.0.3.2427702\npmathplugin.dll (Wolfram Research, Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_5.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_5.0 [2011.11.17 22:30:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.25 21:46:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.25 21:46:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.17 22:30:56 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\***\AppData\Roaming\5021 [2011.08.01 23:19:35 | 000,000,000 | ---D | M]

 

[2010.01.24 15:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2009.05.22 07:20:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\extensions

[2009.05.22 07:20:10 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2012.02.28 20:06:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epn6rmfp.default\extensions

[2010.05.16 09:49:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epn6rmfp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.01.07 17:16:29 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\11-suche.xml

[2012.01.07 17:16:29 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\englische-ergebnisse.xml

[2012.01.07 17:16:29 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\gmx-suche.xml

[2012.01.07 17:16:29 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\lastminute.xml

[2012.01.07 17:16:29 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\webde-suche.xml

[2010.05.15 14:50:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010.05.15 14:50:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011.11.17 22:30:52 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION_5.0

[2011.08.01 23:19:35 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\***\APPDATA\ROAMING\5021

() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPN6RMFP.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI

[2011.09.21 14:48:01 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.05.15 14:49:50 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2011.05.07 15:48:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.05.07 15:48:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.05.07 15:48:36 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.05.07 15:48:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.05.07 15:48:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.05.07 15:48:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.01.15 16:10:59 | 000,000,791 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 255.0.0.0 google-analytics.com

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004..\Run: []  File not found

O4 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004..\Run: [Nero DriveSpeed] C:\Program Files\Nero\Nero8\Nero Toolkit\DriveSpeed.exe (Nero AG)

O4 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004..\Run: [NvCplDaemonTool] rundll32.exe  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDAF1AE7-A381-423A-9F66-F8D327DEA4DC}: NameServer = 62.72.64.237,204.152.184.131

O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\***\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0d23599a-27b1-11e1-baf8-f95ef5b2340c}\Shell - "" = AutoRun

O33 - MountPoints2\{0d23599a-27b1-11e1-baf8-f95ef5b2340c}\Shell\AutoRun\command - "" = H:\KMDS.exe

O33 - MountPoints2\{a005dc0b-30a0-11e1-bc69-89ed179aea01}\Shell - "" = AutoRun

O33 - MountPoints2\{a005dc0b-30a0-11e1-bc69-89ed179aea01}\Shell\AutoRun\command - "" = H:\KMDS.exe

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.bat

O34 - HKLM BootExecute: (autocheck)

O34 - HKLM BootExecute: (*)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe - (InterVideo Inc.)

MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^scandisk.lnk -  - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found

MsConfig - StartUpReg: hpWirelessAssistant - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)

MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

MsConfig - StartUpReg: PDF Complete - hkey= - key= - C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)

MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)

MsConfig - StartUpReg: WatchDog - hkey= - key= - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)

MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found

MsConfig - StartUpReg: {0A5BBD25-2B22-11DE-B5AA-806E6F6E6963} - hkey= - key= -  File not found

MsConfig - State: "startup" - 2

MsConfig - State: "bootini" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\windows\System32\rundll32.exe" "C:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\windows\System32\i420vfw.dll (www.helixcommunity.org)

Drivers32: vidc.yv12 - C:\windows\System32\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.28 23:12:43 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.02.27 22:51:27 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012.02.27 14:56:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2012.02.27 14:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.02.27 14:56:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.02.27 14:56:09 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2012.02.27 14:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.02.26 22:07:42 | 000,100,864 | ---- | C] (GMER) -- C:\uxldapow.sys

[2012.02.26 21:30:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds.com

[2012.02.26 21:12:00 | 000,000,000 | -H-D | C] -- C:\windows\PIF

[2012.02.26 20:01:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\pdfs

[2012.02.07 22:13:59 | 000,049,536 | ---- | C] (Texas Instruments Incorporated) -- C:\windows\System32\drivers\tiehdusb.sys

[2012.02.07 22:13:24 | 000,021,456 | ---- | C] (Texas Instruments Incorporated) -- C:\windows\System32\drivers\SilvrLnk.sys

[2012.02.07 22:12:12 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MyTIData

[2012.02.02 03:24:28 | 000,000,000 | ---D | C] -- C:\Users\***\.freeplane

[2012.02.02 03:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeplane

[2012.02.02 03:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Freeplane

[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.28 23:27:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.02.28 23:12:43 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.02.28 22:27:00 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.02.28 22:03:36 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.28 22:03:36 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.28 20:07:56 | 000,674,832 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012.02.28 20:07:56 | 000,634,650 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012.02.28 20:07:56 | 000,146,484 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012.02.28 20:07:56 | 000,120,214 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012.02.28 20:03:33 | 3147,055,104 | -HS- | M] () -- C:\hiberfil.sys

[2012.02.28 19:43:58 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat

[2012.02.27 22:51:00 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012.02.27 14:56:12 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.26 22:16:36 | 000,010,624 | ---- | M] () -- C:\Users\***\Desktop\logfiles.zip

[2012.02.26 22:07:42 | 000,100,864 | ---- | M] (GMER) -- C:\uxldapow.sys

[2012.02.26 22:05:50 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\j0t0keyi.exe

[2012.02.26 21:30:12 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds.com

[2012.02.26 21:28:29 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe

[2012.02.26 20:03:24 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable

[2012.02.15 20:25:06 | 000,557,752 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2012.02.10 00:25:31 | 000,003,896 | ---- | M] () -- C:\Users\***\Documents\view_image.htm

[2012.02.07 22:12:35 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\TI Connect.lnk

[2012.02.06 23:01:29 | 000,208,384 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.05 15:59:06 | 000,000,322 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleFor***.job

[3 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.27 14:56:12 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.27 14:52:31 | 3147,055,104 | -HS- | C] () -- C:\hiberfil.sys

[2012.02.26 22:16:36 | 000,010,624 | ---- | C] () -- C:\Users\***\Desktop\logfiles.zip

[2012.02.26 22:05:50 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\j0t0keyi.exe

[2012.02.26 21:28:29 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe

[2012.02.26 20:03:05 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable

[2012.02.10 00:25:31 | 000,003,896 | ---- | C] () -- C:\Users\***\Documents\view_image.htm

[2012.02.07 22:12:35 | 000,001,216 | ---- | C] () -- C:\Users\Public\Desktop\TI Connect.lnk

[2012.01.07 20:39:18 | 000,000,000 | ---- | C] () -- C:\windows\PROTOCOL.INI

[2011.10.12 10:32:08 | 000,000,127 | ---- | C] () -- C:\windows\System32\MRT.INI

[2011.10.09 22:11:02 | 000,007,692 | ---- | C] () -- C:\Users\***\AppData\Roaming\.freeciv-client-rc-2.3

[2011.09.02 07:25:28 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat

[2011.08.03 15:21:11 | 000,000,145 | --S- | C] () -- C:\Users\***\AppData\Local\2622104153.dat

[2011.03.15 01:10:35 | 000,057,344 | ---- | C] () -- C:\windows\System32\mupkernps11.dll

[2011.03.03 23:02:23 | 000,000,480 | ---- | C] () -- C:\windows\{3D00025F-C839-4312-A402-5C86723B8AC8}_WiseFW.ini

[2011.03.03 23:00:25 | 000,000,286 | ---- | C] () -- C:\windows\{AC59B86B-4E39-47C8-B79A-3EC33B86FB47}_WiseFW.ini

[2011.01.19 21:48:41 | 000,216,819 | ---- | C] () -- C:\windows\ClipNavigator Uninstaller.exe

[2010.12.25 12:01:53 | 000,006,928 | ---- | C] () -- C:\Users\***\AppData\Roaming\.freeciv-client-rc-2.2

[2010.12.21 19:01:29 | 000,000,069 | ---- | C] () -- C:\windows\NeroDigital.ini

[2010.09.15 17:57:51 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll

[2010.06.25 10:20:48 | 000,081,920 | ---- | C] () -- C:\windows\System32\GkSui20.EXE

[2010.04.25 20:55:34 | 000,962,560 | ---- | C] () -- C:\windows\tesseract.exe

 
 ========== LOP Check ==========

 

[2011.11.02 00:36:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.freeciv

[2009.09.22 15:35:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.trackballs

[2011.12.20 10:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\1&1 Mail & Media GmbH

[2011.08.01 23:19:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5021

[2009.06.21 17:11:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite

[2009.11.28 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dev-Cpp

[2010.09.14 23:16:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DynaGeo

[2009.04.27 07:57:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fityk

[2010.01.27 16:14:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Folding@home-x86

[2009.05.22 07:19:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit

[2010.07.25 12:22:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeOrion

[2011.10.28 21:48:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2009.04.25 10:04:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo

[2011.03.19 22:28:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView

[2009.04.25 15:06:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JabRef 2.4.2

[2011.08.01 23:19:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock

[2011.12.28 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice

[2010.09.15 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX

[2011.12.01 22:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software

[2011.07.03 10:39:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia

[2011.07.03 10:39:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite

[2009.04.17 14:54:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2009.04.17 13:09:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera

[2011.11.24 22:17:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite

[2011.02.25 20:33:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\POV-Ray

[2010.04.18 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rainmeter

[2010.01.10 16:52:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RawTherapeeAlpha

[2010.11.01 22:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt

[2009.09.23 08:12:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Turbine

[2011.08.02 10:55:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs

[2011.02.25 21:58:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wings3D

[2011.02.26 10:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode

[2011.08.01 23:19:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm

[2012.02.28 19:43:59 | 000,032,512 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.11.02 00:36:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.freeciv

[2009.09.22 15:35:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.trackballs

[2011.12.20 10:47:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\1&1 Mail & Media GmbH

[2011.08.01 23:19:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\5021

[2011.02.17 21:15:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe

[2011.08.10 13:51:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira

[2009.05.08 19:38:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Corel

[2009.06.21 17:11:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite

[2009.11.28 19:28:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dev-Cpp

[2010.06.16 02:46:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss

[2010.09.14 23:16:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DynaGeo

[2009.04.27 07:57:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fityk

[2010.01.27 16:14:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Folding@home-x86

[2009.05.22 07:19:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit

[2010.07.25 12:22:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeOrion

[2011.10.28 21:48:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2011.10.21 14:59:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hewlett-Packard

[2010.03.09 14:14:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HPQLOG

[2012.02.07 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HpUpdate

[2009.04.17 11:34:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities

[2009.04.17 11:00:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield

[2009.04.25 10:04:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo

[2011.03.19 22:28:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView

[2009.04.25 15:06:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JabRef 2.4.2

[2011.08.01 23:19:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock

[2011.12.28 16:15:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice

[2009.04.17 20:05:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech

[2009.04.17 11:09:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia

[2010.09.15 18:21:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX

[2012.02.27 14:56:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2011.07.21 21:52:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MathematicaPlayer

[2009.05.29 11:19:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MathWorks

[2012.02.27 18:50:15 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft

[2010.01.24 15:50:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla

[2009.10.22 10:45:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero

[2011.12.01 22:49:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nik Software

[2011.07.03 10:39:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia

[2011.07.03 10:39:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite

[2009.04.17 14:54:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org

[2009.04.17 13:09:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera

[2011.11.24 22:17:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite

[2011.02.25 20:33:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\POV-Ray

[2010.04.18 22:59:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rainmeter

[2010.01.10 16:52:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RawTherapeeAlpha

[2009.07.23 17:04:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio

[2010.11.01 22:06:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt

[2009.09.23 08:12:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Turbine

[2011.08.02 10:55:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs

[2009.04.27 20:23:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UltraVNC

[2012.01.29 19:09:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc

[2010.07.28 22:53:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Winamp

[2011.02.25 21:58:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wings3D

[2012.02.27 19:27:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WTablet

[2011.02.26 10:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode

[2011.08.01 23:19:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm

 
 < %APPDATA%\*.exe /s >

[2008.10.30 23:00:12 | 000,048,948 | ---- | M] () -- C:\Users\***\AppData\Roaming\JabRef 2.4.2\JabRef.exe

[2009.04.25 15:06:27 | 000,062,542 | ---- | M] (JabRef Team) -- C:\Users\***\AppData\Roaming\JabRef 2.4.2\uninstall.exe

[2010.09.03 12:42:34 | 000,029,184 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{5DC36978-AB9A-4A23-9C12-D90D2BB781B7}\Icon37C19C2D1.exe

[2010.01.27 16:14:38 | 000,098,477 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_2377D972A0372FCB34E3F7.exe

[2010.01.27 16:14:38 | 000,098,477 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_6FEFF9B68218417F98F549.exe

[2010.01.27 16:14:38 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{6B755EC3-C709-4F5C-BC58-BC0D3967B6B6}\_D153F602E769D1960CE13B.exe

[2011.02.25 20:34:27 | 000,121,334 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\ARPPRODUCTICON.exe

[2011.02.25 20:34:27 | 000,159,744 | R--- | M] (Macrovision Corporation) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\NewShortcut2_D0CE053E0E5E4C129BAED0F36021E911.exe

[2011.02.25 20:34:27 | 000,159,744 | R--- | M] (Macrovision Corporation) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}\PVEngine.ProgramMe_D0CE053E0E5E4C129BAED0F36021E911.exe

[2011.05.25 13:50:17 | 071,727,088 | ---- | M] () -- C:\Users\***\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe

[2009.05.29 00:11:40 | 003,196,744 | ---- | M] (Persistence of Vision Raytracer Pty. Ltd.) -- C:\Users\***\AppData\Roaming\POV-Ray\v3.6\bin\pvengine-sse2.exe

[2009.05.29 00:11:16 | 003,061,576 | ---- | M] (Persistence of Vision Raytracer Pty. Ltd.) -- C:\Users\***\AppData\Roaming\POV-Ray\v3.6\bin\pvengine.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys

[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[1999.10.02 09:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Program Files\MATLAB\R2007b\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll

 
 < MD5 for: IASTOR.SYS  >

[2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Swsetup\Drivers\64\HDD\IaStor.sys

[2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Swsetup\Drivers\Global\INTELMSM\Winall\Driver64\IaStor.sys

[2008.04.15 18:54:16 | 000,388,120 | ---- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_6917e7b0\iaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Swsetup\Drivers\32\HDD\IaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Swsetup\Drivers\Global\INTELMSM\Winall\Driver\IaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\drivers\iaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_77c04a30\iaStor.sys

[2008.04.15 18:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_054cd65f\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 03:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 03:33:13 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:34:35 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2008.05.14 01:36:18 | 000,108,752 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\SafeBoot.sys

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:31:11 | 015,716,352 | ---- | M] () -- C:\windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:31:01 | 000,102,400 | ---- | M] () -- C:\windows\System32\config\DEFAULT.SAV

[2008.01.21 04:31:12 | 000,020,480 | ---- | M] () -- C:\windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[3 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 

< End of report >

--- --- ---

[/CODE]

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

IE - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb

IE - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.web.de/tb/ie_startpage

IE - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

[2009.05.22 07:20:10 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

[2012.02.28 20:06:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epn6rmfp.default\extensions

[2010.05.16 09:49:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\epn6rmfp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012.01.07 17:16:29 | 000,000,933 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\11-suche.xml

[2012.01.07 17:16:29 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\englische-ergebnisse.xml

[2012.01.07 17:16:29 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\gmx-suche.xml

[2012.01.07 17:16:29 | 000,002,457 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\lastminute.xml

[2012.01.07 17:16:29 | 000,005,508 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\webde-suche.xml

[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

[2011.08.01 23:19:35 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\***\APPDATA\ROAMING\5021

() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EPN6RMFP.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI

O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)

O3 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O4 - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004..\Run: []  File not found

O4 - HKU\S-1-5-21-88407965-2068556758-1658813726-1004..\Run: [NvCplDaemonTool] rundll32.exe  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0d23599a-27b1-11e1-baf8-f95ef5b2340c}\Shell - "" = AutoRun

O33 - MountPoints2\{0d23599a-27b1-11e1-baf8-f95ef5b2340c}\Shell\AutoRun\command - "" = H:\KMDS.exe

O33 - MountPoints2\{a005dc0b-30a0-11e1-bc69-89ed179aea01}\Shell - "" = AutoRun

O33 - MountPoints2\{a005dc0b-30a0-11e1-bc69-89ed179aea01}\Shell\AutoRun\command - "" = H:\KMDS.exe

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.bat

MsConfig - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^scandisk.lnk -  - File not found

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found

MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found

MsConfig - StartUpReg: {0A5BBD25-2B22-11DE-B5AA-806E6F6E6963} - hkey= - key= -  File not found

:Files

C:\Users\***\AppData\Roaming\50??

C:\Users\***\AppData\Roaming\UAs

C:\Users\***\AppData\Roaming\xmldm

C:\Users\***\AppData\Roaming\kock

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo Cosinus,

Irgendwann hat sich OTL beim scannen aufgehängt. Windows musste ich dann neustarten. Beim ersten Neustart ist Windows auch nicht richtig gestartet und irgendwann war den Bildschirm schwarz bis auf einen blinkenden Cursor.
Jetzt hat Windows normal gestartet und das einizige was an lgo-file da war ist folgendens:

Code:



Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Ich wüsste nicht wo sonst noch eine log-Datei angelegt worden wäre.

GRüße

Kokosmatte

Wiederhol den Fix im abgesicherten Modus

so, nun mal das logfile, nach dem fixen im abgesichertem modus. wie es aussieht wurde beim ersten mal schon einiges verschoben...

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-88407965-2068556758-1658813726-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-88407965-2068556758-1658813726-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-88407965-2068556758-1658813726-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

Folder C:\Users\svend\AppData\Roaming\mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.

Folder C:\Users\svend\AppData\Roaming\mozilla\Firefox\Profiles\epn6rmfp.default\extensions\ not found.

Folder C:\Users\svend\AppData\Roaming\mozilla\Firefox\Profiles\epn6rmfp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.

File C:\Users\svend\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\11-suche.xml not found.

File C:\Users\svend\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\englische-ergebnisse.xml not found.

File C:\Users\svend\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\gmx-suche.xml not found.

File C:\Users\svend\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\lastminute.xml not found.

File C:\Users\svend\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\searchplugins\webde-suche.xml not found.

File C:\Program Files\mozilla firefox\plugins\npwachk.dll not found.

Folder C:\USERS\svend\APPDATA\ROAMING\5021\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.

File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3134413B-49B4-425C-98A5-893C1F195601}\ not found.

File C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.

File C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}\ not found.

File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.

File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}\ not found.

File c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.

File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.

File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C424171E-592A-415a-9EB1-DFD6D95D3530} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415a-9EB1-DFD6D95D3530}\ not found.

File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found.

Registry value HKEY_USERS\S-1-5-21-88407965-2068556758-1658813726-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_USERS\S-1-5-21-88407965-2068556758-1658813726-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.

File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.

Registry value HKEY_USERS\S-1-5-21-88407965-2068556758-1658813726-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.

File C:\Program Files\WEB.DE Toolbar\IE\uitb.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

Registry value HKEY_USERS\S-1-5-21-88407965-2068556758-1658813726-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

Registry value HKEY_USERS\S-1-5-21-88407965-2068556758-1658813726-1004\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemonTool not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowLegacyWebView not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowUnhashedWebView not found.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun not found.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutorun not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d23599a-27b1-11e1-baf8-f95ef5b2340c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d23599a-27b1-11e1-baf8-f95ef5b2340c}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d23599a-27b1-11e1-baf8-f95ef5b2340c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d23599a-27b1-11e1-baf8-f95ef5b2340c}\ not found.

File H:\KMDS.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a005dc0b-30a0-11e1-bc69-89ed179aea01}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a005dc0b-30a0-11e1-bc69-89ed179aea01}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a005dc0b-30a0-11e1-bc69-89ed179aea01}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a005dc0b-30a0-11e1-bc69-89ed179aea01}\ not found.

File H:\KMDS.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.

File K:\autorun.bat not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Adobe Reader Speed Launcher\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Windows Defender\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\{0A5BBD25-2B22-11DE-B5AA-806E6F6E6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A5BBD25-2B22-11DE-B5AA-806E6F6E6963}\ not found.

========== FILES ==========

File\Folder C:\Users\svend\AppData\Roaming\50?? not found.

File\Folder C:\Users\svend\AppData\Roaming\UAs not found.

File\Folder C:\Users\svend\AppData\Roaming\xmldm not found.

File\Folder C:\Users\svend\AppData\Roaming\kock not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: svend

->Temp folder emptied: 597386 bytes

->Temporary Internet Files folder emptied: 223797 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 3769 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 326341954 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 312,00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.33.2 log created on 03022012_184037
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Fünf mögliche Gefahren wurden erkannt. Mit den Datei-Namen kann ich nichts anfangen.

Code:

23:23:53.0051 8212        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39

23:23:53.0085 8212        ============================================================

23:23:53.0085 8212        Current date / time: 2012/03/06 23:23:53.0085

23:23:53.0085 8212        SystemInfo:

23:23:53.0085 8212        

23:23:53.0085 8212        OS Version: 6.0.6002 ServicePack: 2.0

23:23:53.0085 8212        Product type: Workstation

23:23:53.0086 8212        ComputerName: LAPTOP

23:23:53.0086 8212        UserName: svend

23:23:53.0086 8212        Windows directory: C:\windows

23:23:53.0086 8212        System windows directory: C:\windows

23:23:53.0086 8212        Processor architecture: Intel x86

23:23:53.0086 8212        Number of processors: 2

23:23:53.0086 8212        Page size: 0x1000

23:23:53.0086 8212        Boot type: Normal boot

23:23:53.0086 8212        ============================================================

23:23:53.0543 8212        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

23:23:53.0546 8212        \Device\Harddisk0\DR0:

23:23:53.0577 8212        MBR used

23:23:53.0577 8212        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x90077C0

23:23:53.0659 8212        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x9008000, BlocksNum 0x8610800

23:23:53.0659 8212        \Device\Harddisk0\DR0\Partition2: MBR, Type 0xC, StartLBA 0x11618800, BlocksNum 0x200000

23:23:53.0659 8212        \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x11818EB0, BlocksNum 0xFE3FF8

23:23:53.0899 8212        Initialize success

23:23:53.0899 8212        ============================================================

23:24:02.0052 8524        ============================================================

23:24:02.0052 8524        Scan started

23:24:02.0052 8524        Mode: Manual; SigCheck; TDLFS; 

23:24:02.0052 8524        ============================================================

23:24:03.0768 8524        Accelerometer   (cc1f1d3d70dc13c2c281488d347d4415) C:\windows\system32\DRIVERS\Accelerometer.sys

23:24:03.0877 8524        Accelerometer - ok

23:24:04.0064 8524        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\windows\system32\drivers\acpi.sys

23:24:04.0095 8524        ACPI - ok

23:24:04.0142 8524        ADIHdAudAddService (364a903711e84eb1386fa04106681b7a) C:\windows\system32\drivers\ADIHdAud.sys

23:24:04.0267 8524        ADIHdAudAddService - ok

23:24:04.0438 8524        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\windows\system32\drivers\adp94xx.sys

23:24:04.0501 8524        adp94xx - ok

23:24:04.0641 8524        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\windows\system32\drivers\adpahci.sys

23:24:04.0672 8524        adpahci - ok

23:24:04.0704 8524        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\windows\system32\drivers\adpu160m.sys

23:24:04.0719 8524        adpu160m - ok

23:24:04.0750 8524        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\windows\system32\drivers\adpu320.sys

23:24:04.0766 8524        adpu320 - ok

23:24:04.0906 8524        AFD             (3911b972b55fea0478476b2e777b29fa) C:\windows\system32\drivers\afd.sys

23:24:05.0016 8524        AFD - ok

23:24:05.0218 8524        AgereSoftModem  (3712986cc3abf0dc656b43525b9d1279) C:\windows\system32\DRIVERS\AGRSM.sys

23:24:05.0468 8524        AgereSoftModem - ok

23:24:05.0640 8524        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\windows\system32\drivers\agp440.sys

23:24:05.0655 8524        agp440 - ok

23:24:05.0686 8524        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\windows\system32\drivers\djsvs.sys

23:24:05.0702 8524        aic78xx - ok

23:24:05.0780 8524        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\windows\system32\drivers\aliide.sys

23:24:05.0796 8524        aliide - ok

23:24:05.0842 8524        amdagp          (c47344bc706e5f0b9dce369516661578) C:\windows\system32\drivers\amdagp.sys

23:24:05.0858 8524        amdagp - ok

23:24:05.0874 8524        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\windows\system32\drivers\amdide.sys

23:24:05.0889 8524        amdide - ok

23:24:05.0905 8524        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\windows\system32\drivers\amdk7.sys

23:24:06.0030 8524        AmdK7 - ok

23:24:06.0201 8524        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\windows\system32\DRIVERS\amdk8.sys

23:24:06.0264 8524        AmdK8 - ok

23:24:06.0435 8524        arc             (5d2888182fb46632511acee92fdad522) C:\windows\system32\drivers\arc.sys

23:24:06.0451 8524        arc - ok

23:24:06.0466 8524        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\windows\system32\drivers\arcsas.sys

23:24:06.0482 8524        arcsas - ok

23:24:06.0607 8524        AsyncMac        (53b202abee6455406254444303e87be1) C:\windows\system32\DRIVERS\asyncmac.sys

23:24:06.0638 8524        AsyncMac - ok

23:24:06.0685 8524        atapi           (2d9c903dc76a66813d350a562de40ed9) C:\windows\system32\drivers\atapi.sys

23:24:06.0685 8524        atapi - ok

23:24:06.0794 8524        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

23:24:06.0825 8524        avgio - ok

23:24:06.0934 8524        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys

23:24:07.0044 8524        avgntflt - ok

23:24:07.0106 8524        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys

23:24:07.0168 8524        avipbb - ok

23:24:07.0356 8524        b57nd60x        (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\windows\system32\DRIVERS\b57nd60x.sys

23:24:07.0402 8524        b57nd60x - ok

23:24:07.0636 8524        BCM43XX         (3f5e7621cdf6867d3d8417d13a098277) C:\windows\system32\DRIVERS\bcmwl6.sys

23:24:07.0777 8524        BCM43XX - ok

23:24:07.0886 8524        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\windows\system32\drivers\Beep.sys

23:24:07.0933 8524        Beep - ok

23:24:08.0042 8524        blbdrive        (d4df28447741fd3d953526e33a617397) C:\windows\system32\drivers\blbdrive.sys

23:24:08.0104 8524        blbdrive - ok

23:24:08.0182 8524        bowser          (35f376253f687bde63976ccb3f2108ca) C:\windows\system32\DRIVERS\bowser.sys

23:24:08.0229 8524        bowser - ok

23:24:08.0385 8524        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\drivers\brfiltlo.sys

23:24:08.0494 8524        BrFiltLo - ok

23:24:08.0619 8524        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\drivers\brfiltup.sys

23:24:08.0666 8524        BrFiltUp - ok

23:24:08.0728 8524        Brserid         (b304e75cff293029eddf094246747113) C:\windows\system32\drivers\brserid.sys

23:24:08.0931 8524        Brserid - ok

23:24:09.0103 8524        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\system32\drivers\brserwdm.sys

23:24:09.0165 8524        BrSerWdm - ok

23:24:09.0368 8524        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\system32\drivers\brusbmdm.sys

23:24:09.0430 8524        BrUsbMdm - ok

23:24:09.0540 8524        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\system32\drivers\brusbser.sys

23:24:09.0618 8524        BrUsbSer - ok

23:24:09.0789 8524        BthEnum         (6d39c954799b63ba866910234cf7d726) C:\windows\system32\DRIVERS\BthEnum.sys

23:24:09.0852 8524        BthEnum - ok

23:24:09.0945 8524        BTHMODEM        (9a966a8e86d1771911ae34a20d11bff3) C:\windows\system32\DRIVERS\bthmodem.sys

23:24:09.0976 8524        BTHMODEM - ok

23:24:10.0132 8524        BthPan          (5904efa25f829bf84ea6fb045134a1d8) C:\windows\system32\DRIVERS\bthpan.sys

23:24:10.0195 8524        BthPan - ok

23:24:10.0320 8524        BTHPORT         (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\windows\system32\Drivers\BTHport.sys

23:24:10.0413 8524        BTHPORT - ok

23:24:10.0585 8524        BTHUSB          (d330803eab2a15caec7f011f1d4cb30e) C:\windows\system32\Drivers\BTHUSB.sys

23:24:10.0616 8524        BTHUSB - ok

23:24:10.0772 8524        btwaudio        (99aeea7cefdfc6e4151a8f620d682088) C:\windows\system32\drivers\btwaudio.sys

23:24:10.0866 8524        btwaudio - ok

23:24:11.0006 8524        btwavdt         (195872e48a7fb01f8bc9b800f70f4054) C:\windows\system32\drivers\btwavdt.sys

23:24:11.0068 8524        btwavdt - ok

23:24:11.0240 8524        btwrchid        (0724e7d6c9b6a289eddda33fa8176e80) C:\windows\system32\DRIVERS\btwrchid.sys

23:24:11.0318 8524        btwrchid - ok

23:24:11.0365 8524        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\windows\system32\DRIVERS\cdfs.sys

23:24:11.0412 8524        cdfs - ok

23:24:11.0568 8524        cdrom           (6b4bffb9becd728097024276430db314) C:\windows\system32\DRIVERS\cdrom.sys

23:24:11.0614 8524        cdrom - ok

23:24:11.0802 8524        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\windows\system32\drivers\circlass.sys

23:24:11.0848 8524        circlass - ok

23:24:11.0989 8524        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\windows\system32\CLFS.sys

23:24:12.0036 8524        CLFS - ok

23:24:12.0160 8524        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\windows\system32\DRIVERS\CmBatt.sys

23:24:12.0176 8524        CmBatt - ok

23:24:12.0223 8524        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\windows\system32\drivers\cmdide.sys

23:24:12.0238 8524        cmdide - ok

23:24:12.0254 8524        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\windows\system32\DRIVERS\compbatt.sys

23:24:12.0270 8524        Compbatt - ok

23:24:12.0301 8524        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\windows\system32\drivers\crcdisk.sys

23:24:12.0316 8524        crcdisk - ok

23:24:12.0426 8524        Crusoe          (1f07becdca750766a96cda811ba86410) C:\windows\system32\drivers\crusoe.sys

23:24:12.0488 8524        Crusoe - ok

23:24:12.0613 8524        CVirtA          (b5ecadf7708960f1818c7fa015f4c239) C:\windows\system32\DRIVERS\CVirtA.sys

23:24:12.0675 8524        CVirtA - ok

23:24:12.0800 8524        CVPNDRVA        (d46b2e0eeaf349f2085f8b164e462156) C:\windows\system32\Drivers\CVPNDRVA.sys

23:24:12.0816 8524        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning

23:24:12.0816 8524        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)

23:24:13.0050 8524        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\windows\system32\Drivers\dfsc.sys

23:24:13.0143 8524        DfsC - ok

23:24:13.0252 8524        DgiVecp - ok

23:24:13.0315 8524        disk            (5d4aefc3386920236a548271f8f1af6a) C:\windows\system32\drivers\disk.sys

23:24:13.0330 8524        disk - ok

23:24:13.0377 8524        DNE             (694616f813fb627a32c9e32dec133078) C:\windows\system32\DRIVERS\dne2000.sys

23:24:13.0393 8524        DNE - ok

23:24:13.0596 8524        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\windows\system32\drivers\drmkaud.sys

23:24:13.0611 8524        drmkaud - ok

23:24:13.0798 8524        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\windows\System32\drivers\dxgkrnl.sys

23:24:13.0830 8524        DXGKrnl - ok

23:24:13.0954 8524        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\windows\system32\DRIVERS\E1G60I32.sys

23:24:14.0017 8524        E1G60 - ok

23:24:14.0079 8524        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\windows\system32\drivers\ecache.sys

23:24:14.0110 8524        Ecache - ok

23:24:14.0235 8524        elxstor         (23b62471681a124889978f6295b3f4c6) C:\windows\system32\drivers\elxstor.sys

23:24:14.0266 8524        elxstor - ok

23:24:14.0298 8524        ErrDev          (3db974f3935483555d7148663f726c61) C:\windows\system32\drivers\errdev.sys

23:24:14.0344 8524        ErrDev - ok

23:24:14.0485 8524        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\windows\system32\drivers\exfat.sys

23:24:14.0578 8524        exfat - ok

23:24:14.0719 8524        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\windows\system32\drivers\fastfat.sys

23:24:14.0781 8524        fastfat - ok

23:24:14.0937 8524        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\windows\system32\DRIVERS\fdc.sys

23:24:15.0015 8524        fdc - ok

23:24:15.0140 8524        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\windows\system32\drivers\fileinfo.sys

23:24:15.0156 8524        FileInfo - ok

23:24:15.0171 8524        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\windows\system32\drivers\filetrace.sys

23:24:15.0218 8524        Filetrace - ok

23:24:15.0421 8524        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\windows\system32\DRIVERS\flpydisk.sys

23:24:15.0483 8524        flpydisk - ok

23:24:15.0717 8524        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\windows\system32\drivers\fltmgr.sys

23:24:15.0733 8524        FltMgr - ok

23:24:15.0889 8524        fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys

23:24:15.0904 8524        fssfltr - ok

23:24:15.0951 8524        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\windows\system32\drivers\Fs_Rec.sys

23:24:15.0998 8524        Fs_Rec - ok

23:24:16.0185 8524        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\windows\system32\drivers\gagp30kx.sys

23:24:16.0216 8524        gagp30kx - ok

23:24:16.0310 8524        ggflt           (007aea2e06e7cef7372e40c277163959) C:\windows\system32\DRIVERS\ggflt.sys

23:24:16.0372 8524        ggflt - ok

23:24:16.0466 8524        ggsemc          (c73de35960ca75c5ab4ae636b127c64e) C:\windows\system32\DRIVERS\ggsemc.sys

23:24:16.0560 8524        ggsemc - ok

23:24:16.0762 8524        HBtnKey         (e19bc597a0b13bbe6a7e3612f6f8d8a6) C:\windows\system32\DRIVERS\cpqbttn.sys

23:24:16.0778 8524        HBtnKey - ok

23:24:16.0950 8524        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\windows\system32\drivers\HdAudio.sys

23:24:17.0028 8524        HdAudAddService - ok

23:24:17.0184 8524        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\windows\system32\DRIVERS\HDAudBus.sys

23:24:17.0246 8524        HDAudBus - ok

23:24:17.0371 8524        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\windows\system32\drivers\hidbth.sys

23:24:17.0449 8524        HidBth - ok

23:24:17.0574 8524        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\windows\system32\drivers\hidir.sys

23:24:17.0652 8524        HidIr - ok

23:24:17.0745 8524        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\windows\system32\DRIVERS\hidusb.sys

23:24:17.0792 8524        HidUsb - ok

23:24:17.0854 8524        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\windows\system32\drivers\hpcisss.sys

23:24:17.0870 8524        HpCISSs - ok

23:24:18.0026 8524        hpdskflt        (4ef10b866c62abbeaf7511cdd05a19be) C:\windows\system32\DRIVERS\hpdskflt.sys

23:24:18.0042 8524        hpdskflt - ok

23:24:18.0198 8524        HpqKbFiltr      (35956140e686d53bf676cf0c778880fc) C:\windows\system32\DRIVERS\HpqKbFiltr.sys

23:24:18.0244 8524        HpqKbFiltr - ok

23:24:18.0400 8524        HTTP            (0eeeca26c8d4bde2a4664db058a81937) C:\windows\system32\drivers\HTTP.sys

23:24:18.0494 8524        HTTP - ok

23:24:18.0572 8524        HWiNFO32        (adfa0d6f486612eeb13e86aec7d2a25d) C:\Program Files\HWiNFO32\HWiNFO32.SYS

23:24:18.0650 8524        HWiNFO32 - ok

23:24:18.0837 8524        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\windows\system32\drivers\i2omp.sys

23:24:18.0853 8524        i2omp - ok

23:24:18.0946 8524        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\windows\system32\DRIVERS\i8042prt.sys

23:24:18.0978 8524        i8042prt - ok

23:24:19.0134 8524        iaStor          (db0cc620b27a928d968c1a1e9cd9cb87) C:\windows\system32\drivers\iastor.sys

23:24:19.0196 8524        iaStor - ok

23:24:19.0352 8524        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\windows\system32\drivers\iastorv.sys

23:24:19.0368 8524        iaStorV - ok

23:24:19.0648 8524        igfx            (d97e70e4e243c9660f91c1112e36c73b) C:\windows\system32\DRIVERS\igdkmd32.sys

23:24:19.0836 8524        igfx - ok

23:24:19.0976 8524        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\windows\system32\drivers\iirsp.sys

23:24:19.0992 8524        iirsp - ok

23:24:20.0038 8524        intelide        (83aa759f3189e6370c30de5dc5590718) C:\windows\system32\drivers\intelide.sys

23:24:20.0054 8524        intelide - ok

23:24:20.0116 8524        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\windows\system32\DRIVERS\intelppm.sys

23:24:20.0148 8524        intelppm - ok

23:24:20.0194 8524        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\windows\system32\DRIVERS\ipfltdrv.sys

23:24:20.0241 8524        IpFilterDriver - ok

23:24:20.0319 8524        IpInIp - ok

23:24:20.0428 8524        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\windows\system32\drivers\ipmidrv.sys

23:24:20.0491 8524        IPMIDRV - ok

23:24:20.0631 8524        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\windows\system32\DRIVERS\ipnat.sys

23:24:20.0662 8524        IPNAT - ok

23:24:20.0756 8524        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\windows\system32\drivers\irenum.sys

23:24:20.0818 8524        IRENUM - ok

23:24:20.0881 8524        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\windows\system32\drivers\isapnp.sys

23:24:20.0896 8524        isapnp - ok

23:24:20.0959 8524        iScsiPrt        (232fa340531d940aac623b121a595034) C:\windows\system32\DRIVERS\msiscsi.sys

23:24:20.0990 8524        iScsiPrt - ok

23:24:21.0021 8524        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\windows\system32\drivers\iteatapi.sys

23:24:21.0037 8524        iteatapi - ok

23:24:21.0130 8524        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\windows\system32\drivers\iteraid.sys

23:24:21.0162 8524        iteraid - ok

23:24:21.0255 8524        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\windows\system32\DRIVERS\kbdclass.sys

23:24:21.0271 8524        kbdclass - ok

23:24:21.0318 8524        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\windows\system32\DRIVERS\kbdhid.sys

23:24:21.0349 8524        kbdhid - ok

23:24:21.0598 8524        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\windows\system32\Drivers\ksecdd.sys

23:24:21.0630 8524        KSecDD - ok

23:24:21.0770 8524        LHidFilt        (8b30311241f97b35167afe68d79e8530) C:\windows\system32\DRIVERS\LHidFilt.Sys

23:24:21.0848 8524        LHidFilt - ok

23:24:22.0051 8524        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\windows\system32\DRIVERS\lltdio.sys

23:24:22.0098 8524        lltdio - ok

23:24:22.0207 8524        LMouFilt        (48d7422a6c4eec886b56ac534cfa3acf) C:\windows\system32\DRIVERS\LMouFilt.Sys

23:24:22.0285 8524        LMouFilt - ok

23:24:22.0394 8524        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\windows\system32\drivers\lsi_fc.sys

23:24:22.0425 8524        LSI_FC - ok

23:24:22.0597 8524        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\windows\system32\drivers\lsi_sas.sys

23:24:22.0612 8524        LSI_SAS - ok

23:24:22.0644 8524        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\windows\system32\drivers\lsi_scsi.sys

23:24:22.0659 8524        LSI_SCSI - ok

23:24:22.0706 8524        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\windows\system32\drivers\luafv.sys

23:24:22.0737 8524        luafv - ok

23:24:22.0815 8524        LUsbFilt        (0b808ff2f17c8396fb2ae202f75aed37) C:\windows\system32\Drivers\LUsbFilt.Sys

23:24:22.0878 8524        LUsbFilt - ok

23:24:22.0956 8524        megasas         (0001ce609d66632fa17b84705f658879) C:\windows\system32\drivers\megasas.sys

23:24:22.0956 8524        megasas - ok

23:24:23.0049 8524        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\windows\system32\drivers\megasr.sys

23:24:23.0065 8524        MegaSR - ok

23:24:23.0236 8524        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\windows\system32\drivers\modem.sys

23:24:23.0268 8524        Modem - ok

23:24:23.0299 8524        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\windows\system32\DRIVERS\monitor.sys

23:24:23.0330 8524        monitor - ok

23:24:23.0517 8524        mouclass        (5bf6a1326a335c5298477754a506d263) C:\windows\system32\DRIVERS\mouclass.sys

23:24:23.0533 8524        mouclass - ok

23:24:23.0580 8524        mouhid          (93b8d4869e12cfbe663915502900876f) C:\windows\system32\DRIVERS\mouhid.sys

23:24:23.0611 8524        mouhid - ok

23:24:23.0798 8524        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\windows\system32\drivers\mountmgr.sys

23:24:23.0814 8524        MountMgr - ok

23:24:23.0860 8524        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\windows\system32\drivers\mpio.sys

23:24:23.0892 8524        mpio - ok

23:24:23.0907 8524        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\windows\system32\drivers\mpsdrv.sys

23:24:23.0954 8524        mpsdrv - ok

23:24:24.0094 8524        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\windows\system32\drivers\mraid35x.sys

23:24:24.0126 8524        Mraid35x - ok

23:24:24.0266 8524        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\windows\system32\drivers\mrxdav.sys

23:24:24.0328 8524        MRxDAV - ok

23:24:24.0469 8524        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\windows\system32\DRIVERS\mrxsmb.sys

23:24:24.0531 8524        mrxsmb - ok

23:24:24.0718 8524        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\windows\system32\DRIVERS\mrxsmb10.sys

23:24:24.0765 8524        mrxsmb10 - ok

23:24:24.0968 8524        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\windows\system32\DRIVERS\mrxsmb20.sys

23:24:25.0015 8524        mrxsmb20 - ok

23:24:25.0202 8524        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\windows\system32\drivers\msahci.sys

23:24:25.0233 8524        msahci - ok

23:24:25.0264 8524        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\windows\system32\drivers\msdsm.sys

23:24:25.0280 8524        msdsm - ok

23:24:25.0358 8524        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\windows\system32\drivers\Msfs.sys

23:24:25.0405 8524        Msfs - ok

23:24:25.0467 8524        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\windows\system32\drivers\msisadrv.sys

23:24:25.0498 8524        msisadrv - ok

23:24:25.0623 8524        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\windows\system32\drivers\MSKSSRV.sys

23:24:25.0686 8524        MSKSSRV - ok

23:24:25.0810 8524        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\windows\system32\drivers\MSPCLOCK.sys

23:24:25.0857 8524        MSPCLOCK - ok

23:24:25.0966 8524        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\windows\system32\drivers\MSPQM.sys

23:24:25.0998 8524        MSPQM - ok

23:24:26.0076 8524        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\windows\system32\drivers\MsRPC.sys

23:24:26.0091 8524        MsRPC - ok

23:24:26.0200 8524        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\windows\system32\DRIVERS\mssmbios.sys

23:24:26.0216 8524        mssmbios - ok

23:24:26.0278 8524        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\windows\system32\drivers\MSTEE.sys

23:24:26.0310 8524        MSTEE - ok

23:24:26.0372 8524        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\windows\system32\Drivers\mup.sys

23:24:26.0403 8524        Mup - ok

23:24:26.0512 8524        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\windows\system32\DRIVERS\nwifi.sys

23:24:26.0575 8524        NativeWifiP - ok

23:24:26.0700 8524        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\windows\system32\drivers\ndis.sys

23:24:26.0762 8524        NDIS - ok

23:24:26.0809 8524        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\windows\system32\DRIVERS\ndistapi.sys

23:24:26.0856 8524        NdisTapi - ok

23:24:27.0012 8524        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\windows\system32\DRIVERS\ndisuio.sys

23:24:27.0043 8524        Ndisuio - ok

23:24:27.0105 8524        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\windows\system32\DRIVERS\ndiswan.sys

23:24:27.0152 8524        NdisWan - ok

23:24:27.0261 8524        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\windows\system32\drivers\NDProxy.sys

23:24:27.0308 8524        NDProxy - ok

23:24:27.0355 8524        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\windows\system32\DRIVERS\netbios.sys

23:24:27.0370 8524        NetBIOS - ok

23:24:27.0448 8524        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\windows\system32\DRIVERS\netbt.sys

23:24:27.0480 8524        netbt - ok

23:24:28.0041 8524        NETw5v32        (8de67bd902095a13329fd82c85a1fa09) C:\windows\system32\DRIVERS\NETw5v32.sys

23:24:28.0338 8524        NETw5v32 - ok

23:24:28.0525 8524        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\windows\system32\drivers\nfrd960.sys

23:24:28.0556 8524        nfrd960 - ok

23:24:28.0665 8524        nmwcd           (b0a67de1a128389aea4d42c5a56215fd) C:\windows\system32\drivers\ccdcmb.sys

23:24:28.0728 8524        nmwcd - ok

23:24:28.0837 8524        nmwcdc          (025c54f9f8c8bc1894ea38529c742c54) C:\windows\system32\drivers\ccdcmbo.sys

23:24:28.0884 8524        nmwcdc - ok

23:24:28.0962 8524        nmwcdnsu        (4f0de685a96dc843ccc8a861b3fac12d) C:\windows\system32\drivers\nmwcdnsu.sys

23:24:29.0008 8524        nmwcdnsu - ok

23:24:29.0086 8524        nmwcdnsuc       (578117c0c0cf10d99c8853e83c4bc63c) C:\windows\system32\drivers\nmwcdnsuc.sys

23:24:29.0133 8524        nmwcdnsuc - ok

23:24:29.0258 8524        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\windows\system32\drivers\Npfs.sys

23:24:29.0289 8524        Npfs - ok

23:24:29.0554 8524        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\windows\system32\drivers\nsiproxy.sys

23:24:29.0601 8524        nsiproxy - ok

23:24:29.0929 8524        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\windows\system32\drivers\Ntfs.sys

23:24:30.0007 8524        Ntfs - ok

23:24:30.0163 8524        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\windows\system32\drivers\ntrigdigi.sys

23:24:30.0241 8524        ntrigdigi - ok

23:24:30.0288 8524        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\windows\system32\drivers\Null.sys

23:24:30.0334 8524        Null - ok

23:24:30.0459 8524        nvraid          (2edf9e7751554b42cbb60116de727101) C:\windows\system32\drivers\nvraid.sys

23:24:30.0490 8524        nvraid - ok

23:24:30.0537 8524        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\windows\system32\drivers\nvstor.sys

23:24:30.0553 8524        nvstor - ok

23:24:30.0584 8524        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\windows\system32\drivers\nv_agp.sys

23:24:30.0600 8524        nv_agp - ok

23:24:30.0724 8524        NWIM            (4a0adb15b198a1222eb6b9d31bf818fc) C:\windows\system32\DRIVERS\avmnwim.sys

23:24:30.0771 8524        NWIM - ok

23:24:30.0927 8524        NwlnkFlt - ok

23:24:30.0990 8524        NwlnkFwd - ok

23:24:31.0177 8524        ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\windows\system32\DRIVERS\ohci1394.sys

23:24:31.0208 8524        ohci1394 - ok

23:24:31.0380 8524        Parport         (8a79fdf04a73428597e2caf9d0d67850) C:\windows\system32\DRIVERS\parport.sys

23:24:31.0411 8524        Parport - ok

23:24:31.0489 8524        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\windows\system32\drivers\partmgr.sys

23:24:31.0504 8524        partmgr - ok

23:24:31.0614 8524        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\windows\system32\DRIVERS\parvdm.sys

23:24:31.0676 8524        Parvdm - ok

23:24:31.0738 8524        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\windows\system32\DRIVERS\pccsmcfd.sys

23:24:31.0801 8524        pccsmcfd - ok

23:24:31.0941 8524        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\windows\system32\drivers\pci.sys

23:24:31.0972 8524        pci - ok

23:24:32.0035 8524        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\windows\system32\drivers\pciide.sys

23:24:32.0035 8524        pciide - ok

23:24:32.0175 8524        pcmcia          (b7c5a8769541900f6dfa6fe0c5e4d513) C:\windows\system32\DRIVERS\pcmcia.sys

23:24:32.0191 8524        pcmcia - ok

23:24:32.0300 8524        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\windows\system32\drivers\peauth.sys

23:24:32.0456 8524        PEAUTH - ok

23:24:32.0659 8524        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\windows\system32\DRIVERS\raspptp.sys

23:24:32.0690 8524        PptpMiniport - ok

23:24:32.0784 8524        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\windows\system32\drivers\processr.sys

23:24:32.0799 8524        Processor - ok

23:24:32.0940 8524        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\windows\system32\DRIVERS\pacer.sys

23:24:32.0971 8524        PSched - ok

23:24:33.0080 8524        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\windows\system32\Drivers\PxHelp20.sys

23:24:33.0158 8524        PxHelp20 - ok

23:24:33.0392 8524        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\windows\system32\drivers\ql2300.sys

23:24:33.0454 8524        ql2300 - ok

23:24:33.0610 8524        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\windows\system32\drivers\ql40xx.sys

23:24:33.0626 8524        ql40xx - ok

23:24:33.0688 8524        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\windows\system32\drivers\qwavedrv.sys

23:24:33.0751 8524        QWAVEdrv - ok

23:24:33.0876 8524        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\windows\system32\DRIVERS\rasacd.sys

23:24:33.0922 8524        RasAcd - ok

23:24:33.0969 8524        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\windows\system32\DRIVERS\rasl2tp.sys

23:24:34.0000 8524        Rasl2tp - ok

23:24:34.0110 8524        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\windows\system32\DRIVERS\raspppoe.sys

23:24:34.0172 8524        RasPppoe - ok

23:24:34.0250 8524        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\windows\system32\DRIVERS\rassstp.sys

23:24:34.0281 8524        RasSstp - ok

23:24:34.0359 8524        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\windows\system32\DRIVERS\rdbss.sys

23:24:34.0406 8524        rdbss - ok

23:24:34.0515 8524        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\windows\system32\DRIVERS\RDPCDD.sys

23:24:34.0546 8524        RDPCDD - ok

23:24:34.0749 8524        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\windows\system32\drivers\rdpdr.sys

23:24:34.0780 8524        rdpdr - ok

23:24:34.0999 8524        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\windows\system32\drivers\rdpencdd.sys

23:24:35.0061 8524        RDPENCDD - ok

23:24:35.0139 8524        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\windows\system32\drivers\RDPWD.sys

23:24:35.0202 8524        RDPWD - ok

23:24:35.0373 8524        RFCOMM          (6482707f9f4da0ecbab43b2e0398a101) C:\windows\system32\DRIVERS\rfcomm.sys

23:24:35.0436 8524        RFCOMM - ok

23:24:35.0638 8524        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\windows\system32\DRIVERS\rspndr.sys

23:24:35.0670 8524        rspndr - ok

23:24:35.0701 8524        RsvLock         (3beefe509c414f3a6e55e5c7c4024581) C:\windows\system32\drivers\RsvLock.sys

23:24:35.0763 8524        RsvLock - ok

23:24:35.0888 8524        s0016bus        (59509ad6cbc28f2c73056268985b3e48) C:\windows\system32\DRIVERS\s0016bus.sys

23:24:35.0966 8524        s0016bus - ok

23:24:36.0013 8524        s0016mdfl       (b98c3a6f91f4fba285af9606a240c6b4) C:\windows\system32\DRIVERS\s0016mdfl.sys

23:24:36.0075 8524        s0016mdfl - ok

23:24:36.0247 8524        s0016mdm        (8a83426f4fb7b5212825d9de76368b1a) C:\windows\system32\DRIVERS\s0016mdm.sys

23:24:36.0294 8524        s0016mdm - ok

23:24:36.0340 8524        s0016mgmt       (7a78bba97feb5e6d24c49e93a3bf7287) C:\windows\system32\DRIVERS\s0016mgmt.sys

23:24:36.0403 8524        s0016mgmt - ok

23:24:36.0543 8524        s0016nd5        (34ef7b5f611957b73e7219dd5a222ad1) C:\windows\system32\DRIVERS\s0016nd5.sys

23:24:36.0637 8524        s0016nd5 - ok

23:24:36.0715 8524        s0016obex       (36792935847143e4a3cda0dc87248487) C:\windows\system32\DRIVERS\s0016obex.sys

23:24:36.0777 8524        s0016obex - ok

23:24:36.0980 8524        s0016unic       (927208754fb27fc3e7a659e77500c5d1) C:\windows\system32\DRIVERS\s0016unic.sys

23:24:37.0074 8524        s0016unic - ok

23:24:37.0183 8524        SafeBoot        (2a5eedcb22a5d6bb0231e38a38e7a7d9) C:\windows\system32\drivers\SafeBoot.sys

23:24:37.0183 8524        Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 2a5eedcb22a5d6bb0231e38a38e7a7d9

23:24:37.0183 8524        SafeBoot ( LockedFile.Multi.Generic ) - warning

23:24:37.0183 8524        SafeBoot - detected LockedFile.Multi.Generic (1)

23:24:37.0245 8524        SbAlg           (52dcde2d1787217e15ffdca1cbf8cce9) C:\windows\system32\drivers\SbAlg.sys

23:24:37.0323 8524        SbAlg - ok

23:24:37.0588 8524        SbFsLock        (69a5af9ce49a0982e7ae7c7d62bdb2b1) C:\windows\system32\drivers\SbFsLock.sys

23:24:37.0666 8524        SbFsLock - ok

23:24:37.0900 8524        sbp2port        (3ce8f073a557e172b330109436984e30) C:\windows\system32\drivers\sbp2port.sys

23:24:37.0947 8524        sbp2port - ok

23:24:38.0119 8524        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

23:24:38.0166 8524        secdrv - ok

23:24:38.0275 8524        seehcri         (e5b56569a9f79b70314fede6c953641e) C:\windows\system32\DRIVERS\seehcri.sys

23:24:38.0306 8524        seehcri ( UnsignedFile.Multi.Generic ) - warning

23:24:38.0306 8524        seehcri - detected UnsignedFile.Multi.Generic (1)

23:24:38.0400 8524        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\windows\system32\DRIVERS\serenum.sys

23:24:38.0431 8524        Serenum - ok

23:24:38.0665 8524        Serial          (6d663022db3e7058907784ae14b69898) C:\windows\system32\DRIVERS\serial.sys

23:24:38.0696 8524        Serial - ok

23:24:38.0946 8524        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\windows\system32\drivers\sermouse.sys

23:24:39.0008 8524        sermouse - ok

23:24:39.0164 8524        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\windows\system32\drivers\sffdisk.sys

23:24:39.0226 8524        sffdisk - ok

23:24:39.0273 8524        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\windows\system32\drivers\sffp_mmc.sys

23:24:39.0304 8524        sffp_mmc - ok

23:24:39.0398 8524        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\windows\system32\drivers\sffp_sd.sys

23:24:39.0445 8524        sffp_sd - ok

23:24:39.0492 8524        sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\windows\system32\DRIVERS\sfloppy.sys

23:24:39.0554 8524        sfloppy - ok

23:24:39.0632 8524        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\windows\system32\drivers\sisagp.sys

23:24:39.0663 8524        sisagp - ok

23:24:39.0710 8524        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\windows\system32\drivers\sisraid2.sys

23:24:39.0710 8524        SiSRaid2 - ok

23:24:39.0741 8524        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\windows\system32\drivers\sisraid4.sys

23:24:39.0741 8524        SiSRaid4 - ok

23:24:39.0804 8524        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\windows\system32\DRIVERS\smb.sys

23:24:39.0835 8524        Smb - ok

23:24:40.0006 8524        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\windows\system32\drivers\spldr.sys

23:24:40.0022 8524        spldr - ok

23:24:40.0116 8524        sptd            (d15da1ba189770d93eea2d7e18f95af9) C:\windows\System32\Drivers\sptd.sys

23:24:40.0209 8524        sptd - ok

23:24:40.0490 8524        srv             (41987f9fc0e61adf54f581e15029ad91) C:\windows\system32\DRIVERS\srv.sys

23:24:40.0568 8524        srv - ok

23:24:40.0693 8524        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\windows\system32\DRIVERS\srv2.sys

23:24:40.0740 8524        srv2 - ok

23:24:40.0896 8524        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\windows\system32\DRIVERS\srvnet.sys

23:24:40.0942 8524        srvnet - ok

23:24:41.0036 8524        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys

23:24:41.0052 8524        ssmdrv - ok

23:24:41.0176 8524        SSPORT          (ef3458337d7341a05169cefc73709264) C:\windows\system32\Drivers\SSPORT.sys

23:24:41.0223 8524        SSPORT ( UnsignedFile.Multi.Generic ) - warning

23:24:41.0223 8524        SSPORT - detected UnsignedFile.Multi.Generic (1)

23:24:41.0286 8524        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\windows\system32\DRIVERS\swenum.sys

23:24:41.0301 8524        swenum - ok

23:24:41.0364 8524        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\windows\system32\drivers\symc8xx.sys

23:24:41.0364 8524        Symc8xx - ok

23:24:41.0395 8524        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\windows\system32\drivers\sym_hi.sys

23:24:41.0395 8524        Sym_hi - ok

23:24:41.0410 8524        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\windows\system32\drivers\sym_u3.sys

23:24:41.0426 8524        Sym_u3 - ok

23:24:41.0644 8524        SynTP           (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\windows\system32\DRIVERS\SynTP.sys

23:24:41.0816 8524        SynTP - ok

23:24:42.0144 8524        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\windows\system32\drivers\tcpip.sys

23:24:42.0237 8524        Tcpip - ok

23:24:42.0612 8524        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\windows\system32\DRIVERS\tcpip.sys

23:24:42.0690 8524        Tcpip6 - ok

23:24:42.0924 8524        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\windows\system32\drivers\tcpipreg.sys

23:24:43.0002 8524        tcpipreg - ok

23:24:43.0142 8524        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\windows\system32\drivers\tdpipe.sys

23:24:43.0220 8524        TDPIPE - ok

23:24:43.0267 8524        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\windows\system32\drivers\tdtcp.sys

23:24:43.0298 8524        TDTCP - ok

23:24:43.0345 8524        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\windows\system32\DRIVERS\tdx.sys

23:24:43.0407 8524        tdx - ok

23:24:43.0470 8524        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\windows\system32\DRIVERS\termdd.sys

23:24:43.0470 8524        TermDD - ok

23:24:43.0563 8524        TIEHDUSB        (a1124ebc672aa3ae1b327096c1dcc346) C:\windows\system32\drivers\tiehdusb.sys

23:24:43.0579 8524        TIEHDUSB ( UnsignedFile.Multi.Generic ) - warning

23:24:43.0579 8524        TIEHDUSB - detected UnsignedFile.Multi.Generic (1)

23:24:43.0719 8524        TPM             (cb258c2f726f1be73c507022be33ebb3) C:\windows\system32\drivers\tpm.sys

23:24:43.0719 8524        TPM - ok

23:24:43.0844 8524        truecrypt       (be45dad1c73a3216edc8c485916f6594) C:\windows\system32\drivers\truecrypt.sys

23:24:43.0922 8524        truecrypt - ok

23:24:44.0203 8524        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\windows\system32\DRIVERS\tssecsrv.sys

23:24:44.0234 8524        tssecsrv - ok

23:24:44.0328 8524        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\windows\system32\DRIVERS\tunmp.sys

23:24:44.0406 8524        tunmp - ok

23:24:44.0484 8524        tunnel          (300db877ac094feab0be7688c3454a9c) C:\windows\system32\DRIVERS\tunnel.sys

23:24:44.0515 8524        tunnel - ok

23:24:44.0608 8524        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\windows\system32\drivers\uagp35.sys

23:24:44.0624 8524        uagp35 - ok

23:24:44.0733 8524        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\windows\system32\DRIVERS\udfs.sys

23:24:44.0749 8524        udfs - ok

23:24:44.0889 8524        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\windows\system32\drivers\uliagpkx.sys

23:24:44.0905 8524        uliagpkx - ok

23:24:44.0983 8524        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\windows\system32\drivers\uliahci.sys

23:24:45.0014 8524        uliahci - ok

23:24:45.0170 8524        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\windows\system32\drivers\ulsata.sys

23:24:45.0217 8524        UlSata - ok

23:24:45.0295 8524        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\windows\system32\drivers\ulsata2.sys

23:24:45.0310 8524        ulsata2 - ok

23:24:45.0357 8524        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\windows\system32\DRIVERS\umbus.sys

23:24:45.0404 8524        umbus - ok

23:24:45.0466 8524        upperdev        (78b74af8727a28c128e164e9b53a5413) C:\windows\system32\DRIVERS\usbser_lowerflt.sys

23:24:45.0513 8524        upperdev - ok

23:24:45.0669 8524        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\windows\system32\DRIVERS\usbccgp.sys

23:24:45.0716 8524        usbccgp - ok

23:24:45.0966 8524        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\windows\system32\drivers\usbcir.sys

23:24:46.0044 8524        usbcir - ok

23:24:46.0402 8524        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\windows\system32\DRIVERS\usbehci.sys

23:24:46.0480 8524        usbehci - ok

23:24:46.0621 8524        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\windows\system32\DRIVERS\usbhub.sys

23:24:46.0668 8524        usbhub - ok

23:24:46.0699 8524        usbohci         (7bdb7b0e7d45ac0402d78b90789ef47c) C:\windows\system32\DRIVERS\usbohci.sys

23:24:46.0730 8524        usbohci - ok

23:24:46.0870 8524        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\windows\system32\drivers\usbprint.sys

23:24:46.0948 8524        usbprint - ok

23:24:47.0167 8524        usbser          (0733452d5e6c0882df51712e4427cfba) C:\windows\system32\drivers\usbser.sys

23:24:47.0229 8524        usbser - ok

23:24:47.0385 8524        UsbserFilt      (4f8fbc51a1c0a17310846b417a447f91) C:\windows\system32\DRIVERS\usbser_lowerfltj.sys

23:24:47.0463 8524        UsbserFilt - ok

23:24:47.0494 8524        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\windows\system32\DRIVERS\USBSTOR.SYS

23:24:47.0557 8524        USBSTOR - ok

23:24:47.0682 8524        USBTINSP        (6112ecb865b57ebada4e06c167943ee6) C:\windows\system32\DRIVERS\tinspusb.sys

23:24:47.0728 8524        USBTINSP - ok

23:24:47.0760 8524        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\windows\system32\DRIVERS\usbuhci.sys

23:24:47.0775 8524        usbuhci - ok

23:24:47.0978 8524        vga             (87b06e1f30b749a114f74622d013f8d4) C:\windows\system32\DRIVERS\vgapnp.sys

23:24:48.0025 8524        vga - ok

23:24:48.0040 8524        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\windows\System32\drivers\vga.sys

23:24:48.0072 8524        VgaSave - ok

23:24:48.0087 8524        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\windows\system32\drivers\viaagp.sys

23:24:48.0103 8524        viaagp - ok

23:24:48.0118 8524        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\windows\system32\drivers\viac7.sys

23:24:48.0165 8524        ViaC7 - ok

23:24:48.0446 8524        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\windows\system32\drivers\viaide.sys

23:24:48.0477 8524        viaide - ok

23:24:48.0540 8524        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\windows\system32\drivers\volmgr.sys

23:24:48.0571 8524        volmgr - ok

23:24:48.0696 8524        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\windows\system32\drivers\volmgrx.sys

23:24:48.0727 8524        volmgrx - ok

23:24:48.0820 8524        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\windows\system32\drivers\volsnap.sys

23:24:48.0852 8524        volsnap - ok

23:24:48.0930 8524        vsmraid         (587253e09325e6bf226b299774b728a9) C:\windows\system32\drivers\vsmraid.sys

23:24:48.0945 8524        vsmraid - ok

23:24:49.0086 8524        wacmoumonitor   (9a03558c37e919b9d6a50864aea0a168) C:\windows\system32\DRIVERS\wacmoumonitor.sys

23:24:49.0101 8524        wacmoumonitor - ok

23:24:49.0210 8524        wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\windows\system32\DRIVERS\wacommousefilter.sys

23:24:49.0226 8524        wacommousefilter - ok

23:24:49.0288 8524        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\windows\system32\drivers\wacompen.sys

23:24:49.0351 8524        WacomPen - ok

23:24:49.0507 8524        wacomvhid       (6843fd7db708b14ea4d8092abb464244) C:\windows\system32\DRIVERS\wacomvhid.sys

23:24:49.0522 8524        wacomvhid - ok

23:24:49.0632 8524        WacomVKHid      (889459833432b161cb99cfdf84a1a9bb) C:\windows\system32\DRIVERS\WacomVKHid.sys

23:24:49.0663 8524        WacomVKHid - ok

23:24:49.0694 8524        Wanarp          (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys

23:24:49.0741 8524        Wanarp - ok

23:24:49.0741 8524        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\windows\system32\DRIVERS\wanarp.sys

23:24:49.0756 8524        Wanarpv6 - ok

23:24:49.0834 8524        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\windows\system32\drivers\wd.sys

23:24:49.0850 8524        Wd - ok

23:24:49.0975 8524        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

23:24:50.0022 8524        Wdf01000 - ok

23:24:50.0193 8524        WinDriver6      (451f905bc7bff9e1cff2e7ae76196b2c) C:\windows\system32\drivers\windrvr6.sys

23:24:50.0256 8524        WinDriver6 - ok

23:24:50.0427 8524        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\windows\system32\DRIVERS\wmiacpi.sys

23:24:50.0474 8524        WmiAcpi - ok

23:24:50.0646 8524        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\windows\system32\DRIVERS\wpdusb.sys

23:24:50.0708 8524        WpdUsb - ok

23:24:50.0895 8524        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\windows\system32\drivers\ws2ifsl.sys

23:24:50.0926 8524        ws2ifsl - ok

23:24:51.0145 8524        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys

23:24:51.0192 8524        WudfPf - ok

23:24:51.0316 8524        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys

23:24:51.0332 8524        WUDFRd - ok

23:24:51.0426 8524        yukonwlh        (f72d4bffa37e857d195048c498afc61b) C:\windows\system32\DRIVERS\yk60x86.sys

23:24:51.0472 8524        yukonwlh - ok

23:24:51.0504 8524        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

23:24:52.0377 8524        \Device\Harddisk0\DR0 - ok

23:24:52.0393 8524        Boot (0x1200)   (934f55c98941d61e0874607f53232a19) \Device\Harddisk0\DR0\Partition0

23:24:52.0408 8524        \Device\Harddisk0\DR0\Partition0 - ok

23:24:52.0455 8524        Boot (0x1200)   (ea0dc05dd7599e0882356f7f15db1f98) \Device\Harddisk0\DR0\Partition1

23:24:52.0471 8524        \Device\Harddisk0\DR0\Partition1 - ok

23:24:52.0518 8524        Boot (0x1200)   (5381a6e886fe1acd1e3e1e0532c96d04) \Device\Harddisk0\DR0\Partition2

23:24:52.0518 8524        \Device\Harddisk0\DR0\Partition2 - ok

23:24:52.0564 8524        Boot (0x1200)   (8c0fdc305c4a070bb9d41b2344bf6bf0) \Device\Harddisk0\DR0\Partition3

23:24:52.0611 8524        \Device\Harddisk0\DR0\Partition3 - ok

23:24:52.0611 8524        ============================================================

23:24:52.0611 8524        Scan finished

23:24:52.0611 8524        ============================================================

23:24:52.0627 8516        Detected object count: 5

23:24:52.0627 8516        Actual detected object count: 5

23:25:19.0490 8516        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:19.0490 8516        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:25:19.0490 8516        SafeBoot ( LockedFile.Multi.Generic ) - skipped by user

23:25:19.0490 8516        SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip 

23:25:19.0490 8516        seehcri ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:19.0490 8516        seehcri ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:25:19.0490 8516        SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:19.0490 8516        SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:25:19.0490 8516        TIEHDUSB ( UnsignedFile.Multi.Generic ) - skipped by user

23:25:19.0490 8516        TIEHDUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:25:31.0720 8452        Deinitialize success

Grüße

Kokosmatte

Das sind legitime Einträge, nix schädlich

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

hier das combofix-log:

Code:

Combofix Logfile:
 

        Code:


        
ComboFix 12-03-09.05 - *** 09.03.2012  23:32:08.1.2 - x86

Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.3000.1565 [GMT 1:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\hpeC986.dll

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20100425215353.log

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe

c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico

c:\users\***\4.0

c:\users\***\AppData\Roaming\AcroIEHelpe.txt

c:\users\***\AppData\Roaming\srvblck2.tmp

c:\windows\unin0407.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-02-09 bis 2012-03-09  ))))))))))))))))))))))))))))))

.

.

2012-03-09 22:42 . 2012-03-09 22:46        --------        d-----w-        c:\users\***\AppData\Local\temp

2012-03-09 22:42 . 2012-03-09 22:42        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-03-09 19:40 . 2012-02-08 06:03        6552120        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{13B3000B-EF3F-488F-8907-0A7CF07F8A76}\mpengine.dll

2012-03-09 19:30 . 2012-03-09 19:30        --------        d-----w-        c:\users\***\AppData\Roaming\Avira

2012-03-09 19:24 . 2012-01-31 07:56        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2012-03-09 19:24 . 2012-01-31 07:56        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-03-09 19:24 . 2011-09-16 15:08        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2012-03-09 19:24 . 2012-03-09 19:24        --------        d-----w-        c:\programdata\Avira

2012-03-09 19:24 . 2012-03-09 19:24        --------        d-----w-        c:\program files\Avira

2012-02-29 23:40 . 2012-02-29 23:40        --------        d-----w-        C:\_OTL

2012-02-29 18:43 . 2012-02-29 18:50        --------        d-----w-        c:\users\***\.tfo4

2012-02-27 13:56 . 2012-02-27 13:56        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes

2012-02-27 13:56 . 2012-02-27 13:56        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-27 13:56 . 2012-02-27 13:56        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-02-27 13:56 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-26 21:07 . 2012-02-26 21:07        100864        ----a-w-        C:\uxldapow.sys

2012-02-26 20:12 . 2012-02-26 20:12        --------        d--h--w-        c:\windows\PIF

2012-02-18 16:06 . 2011-12-20 10:56        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2012-02-14 22:48 . 2012-01-12 19:52        2044416        ----a-w-        c:\windows\system32\win32k.sys

2012-02-14 22:48 . 2011-12-14 16:17        680448        ----a-w-        c:\windows\system32\msvcrt.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-23 08:18 . 2009-10-06 12:12        237072        ------w-        c:\windows\system32\MpSigStub.exe

2011-12-16 06:50 . 2011-05-23 14:03        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-09-21 13:48 . 2011-05-07 14:48        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

2006-05-03 09:06        163328        --sh--r-        c:\windows\System32\flvDX.dll

2007-02-21 10:47        31232        --sh--r-        c:\windows\System32\msfDX.dll

2008-03-16 12:30        216064        --sh--r-        c:\windows\System32\nbDX.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-12-12 1840424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-17 809488]

ObjectServer.lnk - c:\program files\SPECS\SpecsLab2\bin\ObjectServer.exe [2009-3-20 114688]

VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-5-15 6144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=APSHook.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck\0autochk\0*

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages        REG_MULTI_SZ           scecli ASWLNPkg

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk

backup=c:\windows\pss\BTTray.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DVD Check.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk

backup=c:\windows\pss\DVD Check.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2008-04-15 21:51        488752        ----a-w-        c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2008-04-18 13:53        178712        ----a-w-        c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]

2008-05-12 13:28        318488        ----a-w-        c:\program files\PDF Complete\pdfsty.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2009-09-24 13:41        434176        ----a-w-        c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]

2008-04-21 18:21        197904        ----a-w-        c:\program files\InterVideo\DVD Check\DVDCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-88407965-2068556758-1658813726-1004]

"EnableNotificationsRef"=dword:00000001

.

S2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [2007-05-15 182576]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - SSMDRV

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork        REG_MULTI_SZ           PLA DPS BFE mpssvc

Cognizance        REG_MULTI_SZ           ASBroker ASChannel

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

bthsvcs        REG_MULTI_SZ           BthServ

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-03-18 00:56        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 08:54]

.

2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-28 08:54]

.

2012-03-07 c:\windows\Tasks\HPCeeScheduleFor***.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-12 22:07]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

mStart Page = 

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: Interfaces\{FDAF1AE7-A381-423A-9F66-F8D327DEA4DC}: NameServer = 62.72.64.237,204.152.184.131

Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - 

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\epn6rmfp.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.web.de/

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel

AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe

AddRemove-{108A39BF-4ED1-4293-B11A-06BD521FB8F7} - c:\progra~2\TARMAI~1\{108A3~1\Setup.exe

.

.

.

**************************************************************************

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]

"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'lsass.exe'(748)

c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll

c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll

.

- - - - - - - > 'Explorer.exe'(3796)

c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll

c:\program files\Hewlett-Packard\File Sanitizer\HPPMDesktopIcon.dll

c:\windows\system32\btncopy.dll

c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr

c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\program files\WinSCP\DragExt.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\Avira\AntiVir Desktop\avguard.exe

c:\program files\Avira\AntiVir Desktop\avshadow.exe

c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe

c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe

c:\windows\system32\Hpservice.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Avira\AntiVir Desktop\sched.exe

c:\windows\System32\lpksetup.exe

c:\windows\system32\AEADISRV.EXE

c:\program files\ActivIdentity\ActivClient\acevents.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\FRITZ!Fernzugang\avmike.exe

c:\program files\Microsoft\BingBar\BBSvc.EXE

c:\program files\Microsoft\BingBar\SeaPort.EXE

c:\program files\FRITZ!Fernzugang\certsrv.exe

c:\program files\Cisco Systems\VPN Client\cvpnd.exe

c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe

c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\FRITZ!Fernzugang\nwtsrv.exe

c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

c:\program files\PDF Complete\pdfsvc.exe

c:\windows\system32\Wacom_Tablet.exe

c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\servicing\TrustedInstaller.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\windows\system32\WTablet\Wacom_TabletUser.exe

c:\windows\system32\Wacom_Tablet.exe

c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe

c:\windows\system32\conime.exe

c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-03-09  23:55:26 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-03-09 22:54

.

Vor Suchlauf: 11 Verzeichnis(se), 14.585.663.488 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 14.313.697.280 Bytes frei

.

- - End Of File - - 3B916069F34002454385B5BC48A1F5DD

 
--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).