Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Security Center. Auch bei mir 100 Euro (https://www.trojaner-board.de/111619-windows-security-center-mir-100-euro.html)

Gambler01 15.03.2012 21:05
Windows Security Center. Auch bei mir 100 Euro
 
Hallo, nun denn, dann reihe ich mich in den Reigen ein. Auch ich habe mir gestern Abend den Trojaner eingefangen. Zwar hat mein AV Programm noch kurz eine "mor.exe" als infiziert gemeldet, aber zu spät. Der Trojaner hatte schon die Kontrolle übernommen und die bekannte Seite des KBAs mit den entsprechenden Angaben und Forderungen (100 Euro) eingeblendet.

Auch ich habe bereits den OTL Scan durchgeführt und die beiden Dateien angehängt.

Ich hoffe ihr könnt mir weiterhelfen und das Teil wieder von meinem PC entfernen.

cosinus 16.03.2012 18:21
Zitat:
Boot Mode: SafeMode with Networking |
na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Gambler01 16.03.2012 22:11
OK. MBAM ist durch. Hier kommt der LOG. ESET werde ich dann starten und das Log später posten.

Code:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.16.04

Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Ulli :: ULLI-PC [Administrator]

16.03.2012 20:04:22
mbam-log-2012-03-16 (20-04-22).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 706321
Laufzeit: 1 Stunde(n), 40 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 8
C:\Data\SW_Sammlung\Tools\PantsOff_V2.03\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Games\Downloads\Gothic3\G3TuningUtility\G3TuningUtility.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Games\Downloads\TitanQuest\Trainer\chtnitrn.exe (Malware.Packer.as) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ulli\AppData\Local\Temp\0.2650551077254636h7i.exe (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ulli\AppData\Local\Temp\0.4960761479902942.exe (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\74a0a427-25c53e79 (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.2650551077254636h7i.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.4960761479902942.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Ich hoffe das klappt mit dem "Code".

Gambler01 17.03.2012 06:10
Hier ist der ESET-Log.
Code:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e11f39a74b0d3d48bd31dcc694f10d6a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-17 12:15:20
# local_time=2012-03-17 01:15:20 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775166 100 100 183097 106833587 175874 0
# compatibility_mode=5892 16776573 100 56 97477 169457329 0 0
# compatibility_mode=8192 67108863 100 0 3765 3765 0 0
# scanned=496532
# found=21
# cleaned=0
# scan_time=9896
C:\Users\Ulli\AppData\Local\Temp\jar_cache7619071857140877640.tmp        a variant of Java/Exploit.CVE-2011-3544.B trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\Local\Temp\SetupDataMngr_Searchqu.exe        Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\Local\Temp\vlcsetup.exe        a variant of Win32/Foxferi.A trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\Local\Temp\NERO02000056\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\Local\Temp\NERO1005263\unit_app_75\Toolbar.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\Local\Temp\NERO1005266\unit_app_75\Toolbar.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\Local\Temp\plugtmp-11\plugin-pdf2.php        PDF/Exploit.Pidief.PGA.Gen trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\650a6ecc-29547fe5        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\b77f2d2-6c941a4c        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2578ccd9-65244fa1        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\82ff49a-6caf24ff        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1db9d5e-6080cf94        Java/Agent.DW trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\5b56fce1-41bd8792        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\20de4ee3-6015e6c4        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\4cd19764-29631125        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\1edd016a-28969184        a variant of Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\6b544dfb-2eb00bed        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Users\Ulli\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\4864fe7f-18e024d2        multiple threats (unable to clean)        00000000000000000000000000000000        I
F:\noch eine kopie\Daten_done\Downloads_done\Programme\Nero\Nero-9.4.12.3d_free.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I
F:\noch eine kopie\Daten_done\Downloads_done\Programme\Nero\Nero_BackItUp-4.2.16.0d_update.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I
F:\noch eine kopie\Daten_done\Downloads_done\Programme\Nero\Nero_BackItUpAndBurn-1.0.5_trial.exe        Win32/Toolbar.AskSBar application (unable to clean)        00000000000000000000000000000000        I

cosinus 17.03.2012 15:02
Funktioniert der nromale Modus wieder?

Gambler01 17.03.2012 15:13
Hallo,

habe gerade gebootet im Normalmode. Sowie es aussieht bin ich wieder Herr im Hause. Keiner will Geld von mir. Meine Taskleiste zeigt auch wieder alles an, der Taskmanager lässt sich starten und bleibt auch offen, was er vorher nicht getan hat. Der Windows Updater hat sich auch schon gemeldet. Avira Antivir hat sein Update durchgeführt.

So weit so gut. War´s das ?

Gruß,

Ulli

cosinus 17.03.2012 15:51
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Gambler01 17.03.2012 16:50
Hier ist der OTL CustomScan Log. Ziemlich lang. Ich hoffe ichhabe nichts falsch gemacht.

OTL Logfile:
Code:
OTL logfile created on: 17.03.2012 16:08:51 - Run 2
OTL by OldTimer - Version 3.2.37.0    Folder = C:\Users\Ulli\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 58,51% Memory free
8,19 Gb Paging File | 6,55 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 91,93 Gb Free Space | 30,84% Space Free | Partition Type: NTFS
Drive D: | 18,94 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 732,42 Gb Total Space | 695,23 Gb Free Space | 94,92% Space Free | Partition Type: NTFS
Drive F: | 664,84 Gb Total Space | 622,87 Gb Free Space | 93,69% Space Free | Partition Type: NTFS
 
Computer Name: ULLI-PC | User Name: Ulli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.14 13:00:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Ulli\Desktop\OTL.exe
PRC - [2012.03.13 21:42:50 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.03.01 01:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.06 21:55:18 | 000,704,512 | ---- | M] () -- C:\Program Files (x86)\LXiMediaCenter\lximcbackend.exe
PRC - [2011.07.02 10:30:41 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 18:53:18 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2010.11.09 18:01:18 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.10.31 19:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2008.10.07 22:41:36 | 000,023,552 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2008.10.07 22:37:38 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2008.05.22 15:32:34 | 001,286,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\Drive Xpert\SteelVine.exe
PRC - [2008.05.14 17:42:56 | 005,958,656 | ---- | M] () -- C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe
PRC - [2008.05.09 13:45:18 | 001,423,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2008.04.24 07:57:54 | 000,614,912 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.63\aaCenter.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.13 21:42:49 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.04.29 17:46:49 | 007,083,168 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2008.07.17 13:32:58 | 000,144,896 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2008.05.14 17:42:56 | 005,958,656 | ---- | M] () -- C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe
MOD - [2008.05.09 13:45:18 | 001,423,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
MOD - [2008.04.24 07:57:54 | 000,614,912 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.63\aaCenter.exe
MOD - [2008.04.15 09:07:34 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Six Engine\AsSpindownTimeout.dll
MOD - [2008.02.25 14:08:54 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.dll
MOD - [2008.01.17 09:46:20 | 000,053,248 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.63\cpuutil.dll
MOD - [2007.01.03 21:25:56 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite\AiNap\vvc.dll
MOD - [2006.06.09 14:20:04 | 000,003,072 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL
MOD - [2006.01.10 09:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2005.06.22 10:39:56 | 000,204,851 | R--- | M] () -- C:\Program Files (x86)\ASUS\AASP\1.00.63\PowerDll.dll
MOD - [2005.05.11 15:39:32 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\Six Engine\pngio.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2007.10.19 04:10:30 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2012.03.01 01:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.02.06 21:55:18 | 000,704,512 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\LXiMediaCenter\lximcbackend.exe -- (LXiMediaCenter Backend)
SRV - [2011.07.02 10:30:41 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 18:53:18 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.19 07:44:40 | 000,993,848 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 07:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.04 23:41:00 | 003,670,928 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.05.03 13:54:34 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.04.22 22:45:34 | 000,098,488 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.31 19:04:40 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.05.22 15:32:34 | 001,286,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\Drive Xpert\SteelVine.exe -- (57xx SteelVine Manager)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.18 15:56:08 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012.01.18 15:56:06 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2011.07.02 10:30:41 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.02 10:30:41 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.02.17 00:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010.09.01 09:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.17 08:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 08:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.05.05 18:42:19 | 000,310,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.05.05 18:42:18 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2008.12.18 22:46:36 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.10.08 00:22:36 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2008.10.08 00:22:30 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2008.10.08 00:22:28 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2008.10.08 00:22:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2008.10.08 00:22:24 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2008.10.08 00:22:22 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2008.10.08 00:22:18 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2008.10.08 00:22:14 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2008.10.08 00:22:14 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2008.10.08 00:22:10 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2008.10.08 00:22:10 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2008.10.08 00:22:08 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2008.10.08 00:22:08 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2008.07.22 09:02:26 | 000,175,656 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx)
DRV:64bit: - [2008.03.20 01:44:34 | 000,467,456 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2008.01.21 03:51:07 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2007.12.06 08:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2006.10.31 16:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2009.04.12 22:51:26 | 000,026,216 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3\WNt500x64\sandra.sys -- (SANDRA)
DRV - [2005.01.04 01:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 C9 E5 D2 DB CB C9 01  [binary data]
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\..\SearchScopes\{47F43F50-68E2-4F28-B949-26EE0EC9C505}: "URL" = hxxp://www.buyertools.net/cgi-bin/preispiraten_de/nph.fcgi?qry_str={searchTerms}&category=deutsch&how=and&searchtype=simple&Web=on&wiki_tab=on&wiki_tab_old=+CHECKED&ebay_tab=on&ebay_tab_old=+CHECKED&shoppingcom_tab=on&shoppingcom_tab_old=+CHECKED&pirat_tab=on&pirat_tab_old=+CHECKED&JavaScript=enabled&submit=SUCHEN
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.losstarten.de/"
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.13 21:42:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.14 19:44:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.18 22:46:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\firejump@firejump.net
 
[2010.11.13 10:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulli\AppData\Roaming\mozilla\Extensions
[2010.11.13 10:19:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulli\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.03.02 18:20:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions
[2011.12.08 19:45:32 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.01.19 22:19:15 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012.01.17 22:07:48 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2009.05.03 14:20:30 | 000,000,000 | ---D | M] (Preispiraten 4 Kontextmenü) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}
[2011.10.01 18:22:40 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012.03.02 18:20:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.05.03 14:19:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\jyct6os8.default\extensions
[2009.05.03 14:19:35 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\jyct6os8.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2009.05.03 14:12:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\jyct6os8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.03.02 21:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions
[2011.12.09 09:29:07 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012.01.20 21:42:57 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2012.01.18 19:26:52 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2011.10.09 17:43:05 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2011.10.09 17:43:01 | 000,000,000 | ---D | M] (Preispiraten 4 Kontextmenü) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}
[2011.10.09 17:43:01 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2012.03.02 21:43:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.12.23 13:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.01.17 16:28:35 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Program Files (x86)\mozilla firefox\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2009.07.05 09:31:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.03.13 21:42:50 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.12.23 13:26:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.23 13:26:59 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.23 13:26:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.23 13:26:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2007.01.08 13:48:12 | 000,009,095 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SP_preispiraten_de.xml
[2011.12.23 13:26:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.23 13:26:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~2\PREISP~1\IEBUTT~1.DLL ()
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [UpdateUSB] C:\Windows\inf\UpdateUSB.exe (AsusTek Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cobian Backup 10] C:\Program Files (x86)\Cobian Backup 10\Cobian.exe (Luis Cobian, CobianSoft)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Drive Xpert] C:\Program Files (x86)\ASUS\Drive Xpert\DriveXpert.exe (Silicon Image, Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [QFan Help] C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [SoundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\.DEFAULT..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [CtxfiReg] C:\Windows\SysWow64\CTxfiReg.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000..\Run: [Kalender] C:\Program Files (x86)\Kalender_UK\Kalender.exe (Ulrich Krebs)
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000..\Run: [Timerle] C:\Program Files (x86)\Timerle\Timerle.exe (JFSoftware)
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html ()
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html ()
O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A5A88A0-2873-401A-B18B-00E5AE6F6E81}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ulli\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ulli\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{786e7e48-3749-11de-9b9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{786e7e48-3749-11de-9b9d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.16 22:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.16 22:27:31 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Ulli\Desktop\esetsmartinstaller_enu.exe
[2012.03.16 22:27:03 | 002,322,184 | ---- | C] (ESET) -- C:\esetsmartinstaller_enu.exe
[2012.03.16 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Ulli\AppData\Roaming\Malwarebytes
[2012.03.16 20:01:18 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.16 20:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.16 20:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.16 20:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.16 19:59:42 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.60.1.1000.exe
[2012.03.15 20:46:17 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Ulli\Desktop\OTL.exe
[2012.03.15 20:44:49 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\OTL.exe
[2012.03.15 20:18:32 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Ulli\Desktop\dds.com
[2012.03.15 20:17:46 | 000,607,260 | ---- | C] (Swearware) -- C:\dds.com
[2012.03.13 22:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.03.13 22:23:02 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.13 22:23:02 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.02.19 21:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LXiMediaCenter
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.17 15:04:12 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 15:04:12 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.17 15:04:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.17 09:04:13 | 000,001,356 | ---- | M] () -- C:\Users\Ulli\AppData\Local\d3d9caps.dat
[2012.03.16 20:01:19 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.16 19:59:40 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.60.1.1000.exe
[2012.03.16 19:13:56 | 000,256,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.15 20:37:37 | 000,086,528 | ---- | M] () -- C:\Users\Ulli\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.15 20:16:54 | 000,000,000 | ---- | M] () -- C:\Users\Ulli\defogger_reenable
[2012.03.14 21:59:49 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
[2012.03.14 21:59:49 | 000,061,616 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
[2012.03.14 21:59:49 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000001-00001102-00000005-00211102}.rfx
[2012.03.14 21:54:48 | 000,000,128 | ---- | M] () -- C:\ProgramData\sandra.ldb
[2012.03.14 13:00:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Ulli\Desktop\OTL.exe
[2012.03.14 13:00:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
[2012.03.12 19:40:48 | 000,639,176 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.12 19:40:48 | 000,604,770 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.12 19:40:48 | 000,108,102 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.12 19:40:47 | 001,474,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.12 19:40:47 | 000,131,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.01 01:02:00 | 000,068,928 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.03.01 01:02:00 | 000,061,248 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.03.01 01:02:00 | 000,011,770 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.02.29 13:26:56 | 000,416,064 | ---- | M] () -- C:\Windows\SysWow64\nvStreaming.exe
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.16 20:01:19 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.15 20:16:54 | 000,000,000 | ---- | C] () -- C:\Users\Ulli\defogger_reenable
[2012.03.15 20:16:00 | 000,050,477 | ---- | C] () -- C:\Users\Ulli\Desktop\Defogger.exe
[2012.03.15 20:15:09 | 000,050,477 | ---- | C] () -- C:\Defogger.exe
[2012.03.14 21:23:19 | 000,000,128 | ---- | C] () -- C:\ProgramData\sandra.ldb
[2012.03.13 22:23:00 | 000,011,770 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.19 21:28:02 | 000,001,878 | ---- | C] () -- C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LXiMediaCenter Frontend.lnk
[2011.03.14 20:57:14 | 000,000,092 | ---- | C] () -- C:\Users\Ulli\AppData\Local\fusioncache.dat
[2011.03.14 20:53:31 | 001,502,086 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.07 20:30:50 | 000,001,356 | ---- | C] () -- C:\Users\Ulli\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2011.02.05 13:31:34 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Canon
[2009.05.11 20:27:35 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\FOG Downloader
[2012.02.12 15:40:53 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\FreeCommander
[2009.05.05 18:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Games
[2011.08.05 16:00:00 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\gtk-2.0
[2011.08.14 20:28:32 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\IrfanView
[2012.02.05 17:15:15 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\KeePass
[2010.06.18 18:58:40 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Leadertech
[2010.01.17 16:28:39 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\metaspinner net GmbH
[2010.08.27 09:33:38 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\NCH Swift Sound
[2009.05.04 23:14:11 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\OpenOffice.org
[2010.10.11 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\PFStaticIP
[2009.05.05 20:15:11 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\ProtectDisc
[2009.05.05 20:15:44 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\The Games Company
[2010.11.13 10:19:27 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Thunderbird
[2011.01.14 10:40:09 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Timerle
[2009.05.03 16:43:13 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\TMP
[2012.02.09 08:25:47 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\TS3Client
[2009.05.09 16:09:57 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\TwoWorldsCP
[2012.03.17 16:05:56 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\UK's Kalender
[2012.02.09 22:26:48 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\uTorrent
[2012.03.14 21:59:42 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.28 13:25:42 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Adobe
[2009.05.03 09:42:23 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Ahead
[2010.11.09 17:52:01 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Avira
[2011.02.05 13:31:34 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Canon
[2009.05.11 20:27:35 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\FOG Downloader
[2012.02.12 15:40:53 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\FreeCommander
[2009.05.05 18:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Games
[2011.01.03 21:16:35 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Google
[2011.08.05 16:00:00 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\gtk-2.0
[2009.05.02 19:57:53 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Identities
[2010.02.25 07:32:30 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\IGN_DLM
[2009.05.03 16:36:37 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\InstallShield
[2011.08.14 20:28:32 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\IrfanView
[2012.02.05 17:15:15 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\KeePass
[2010.06.18 18:58:40 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Leadertech
[2009.05.03 20:53:49 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Macromedia
[2012.03.16 20:01:27 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Media Center Programs
[2010.01.17 16:28:39 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\metaspinner net GmbH
[2012.03.08 22:14:20 | 000,000,000 | --SD | M] -- C:\Users\Ulli\AppData\Roaming\Microsoft
[2011.03.17 23:39:40 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Mozilla
[2010.08.27 09:33:38 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\NCH Swift Sound
[2009.09.12 10:43:02 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Nero
[2012.02.05 00:09:42 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\NVIDIA
[2009.05.04 23:14:11 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\OpenOffice.org
[2010.10.11 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\PFStaticIP
[2009.05.05 20:15:11 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\ProtectDisc
[2009.05.03 22:20:39 | 000,000,000 | RH-D | M] -- C:\Users\Ulli\AppData\Roaming\SecuROM
[2010.02.05 22:24:15 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Talkback
[2010.01.04 16:24:34 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\teamspeak2
[2009.05.05 20:15:44 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\The Games Company
[2010.11.13 10:19:27 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Thunderbird
[2011.01.14 10:40:09 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Timerle
[2009.05.03 16:43:13 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\TMP
[2012.02.09 08:25:47 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\TS3Client
[2009.05.09 16:09:57 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\TwoWorldsCP
[2012.03.17 16:05:56 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\UK's Kalender
[2012.02.09 22:26:48 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\uTorrent
[2011.10.17 21:25:09 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\vlc
[2012.03.12 22:19:23 | 000,000,000 | ---D | M] -- C:\Users\Ulli\AppData\Roaming\Winamp
 
< %APPDATA%\*.exe /s >
[2009.05.09 16:09:13 | 000,165,888 | R--- | M] () -- C:\Users\Ulli\AppData\Roaming\Microsoft\Installer\{6EEEF30E-0AD2-4AD9-B854-22F1488637C7}\IconC202CEA6.exe
[2008.04.15 13:04:00 | 000,131,584 | ---- | M] () -- C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}\chrome\preispiraten.exe
[2008.04.15 13:09:00 | 000,131,584 | ---- | M] () -- C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}\chrome\preispiraten.exe
[2008.04.15 13:04:00 | 000,131,584 | ---- | M] () -- C:\Users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}\chrome\preispiraten.exe
 
< %SYSTEMDRIVE%\*.exe >
[2010.02.23 16:26:25 | 000,050,477 | ---- | M] () -- C:\Defogger.exe
[2011.02.23 14:26:46 | 002,322,184 | ---- | M] (ESET) -- C:\esetsmartinstaller_enu.exe
[2012.03.16 19:59:40 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\mbam-setup-1.60.1.1000.exe
[2012.03.14 13:00:14 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\OTL.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
--- --- ---

--- --- ---

[/code]


Gruß,

Ulli

cosinus 19.03.2012 15:04
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.ht
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 C9 E5 D2 DB CB C9 01  [binary data]
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\..\SearchScopes\{47F43F50-68E2-4F28-B949-26EE0EC9C505}: "URL" = http://www.buyertools.net/cgi-bin/preispiraten_de/nph.fcgi?qry_str={searchTerms}&category=deutsch&how=and&searchtype=simple&Web=on&wiki_tab=on&wiki_tab_old=+CHECKED&ebay_tab=on&ebay_tab_old=+CHECKED&shoppingcom_tab=on&shoppingcom_tab_old=+CHECKED&pirat_tab=on&pirat_tab_old=+CHECKED&JavaScript=enabled&submit=SUCHEN
[2009.05.03 14:20:30 | 000,000,000 | ---D | M] (Preispiraten 4 Kontextmenü) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}
[2009.05.03 14:12:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\jyct6os8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.10.09 17:43:05 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2011.10.09 17:43:01 | 000,000,000 | ---D | M] (Preispiraten 4 Kontextmenü) -- C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}
[2010.01.17 16:28:35 | 000,000,000 | ---D | M] (Preispiraten) -- C:\Program Files (x86)\mozilla firefox\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}
[2009.07.05 09:31:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2007.01.08 13:48:12 | 000,009,095 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SP_preispiraten_de.xml
O2 - BHO: (Preispiraten) - {E9E027BF-C3F3-4022-8F6B-8F6D39A59684} - C:\PROGRA~2\PREISP~1\IEBUTT~1.DLL ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-1831856272-1523139597-2499426101-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html ()
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html ()
O9 - Extra Button: Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe ()
O9 - Extra 'Tools' menuitem : Preispiraten - {350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF} - C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{786e7e48-3749-11de-9b9d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{786e7e48-3749-11de-9b9d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Gambler01 19.03.2012 20:24
Mmh. Das wurde jetzt etwas seltsam beendet. Am unteren Rand von OTL waren immer wieder grüne Fortschrittsbalken zu sehen. Irgendwann kam die (Windows-)Meldung das OTL nicht mehr funktioniert und beendet wird. Ich würde benachrichtigt werden wenn eine Lösung bereitstünde. Eine Bestätigung der Meldung hat OTL dann auch beendet. Beim Neutstart von OTL hat sich dann das Log unten geöffnet. Das Verzeichnis _OTL existiert und enthält auch einige Verzeichnisse unter "Moved_Files". Ein Reboot des PCs hat nicht stattgefunden.

Code:

Files\Folders moved on Reboot...
File move failed. C:\PROGRA~2\PREISP~1\IEBUTT~1.DLL scheduled to be moved on reboot.
File\Folder C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html not found!

Registry entries deleted on Reboot...
Gruß

Ulli

cosinus 20.03.2012 16:06
Wiederhol den Fix im abgesicherten Modus bitte

Gambler01 20.03.2012 19:39
Sehr schön. Jetzt ist durchgelaufen. Reboot wurde angefordert und durchgeführt (bin wieder im abgesicherten Mode).
Hier das Log:

Code:

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1831856272-1523139597-2499426101-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-1831856272-1523139597-2499426101-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1831856272-1523139597-2499426101-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1831856272-1523139597-2499426101-1000\Software\Microsoft\Internet Explorer\SearchScopes\{47F43F50-68E2-4F28-B949-26EE0EC9C505}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47F43F50-68E2-4F28-B949-26EE0EC9C505}\ not found.
Folder C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\cfvh6cm8.Ulli\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}\ not found.
Folder C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\jyct6os8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\ not found.
Folder C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}\ not found.
Folder C:\Users\Ulli\AppData\Roaming\mozilla\Firefox\Profiles\v8fnasbz.Spezial\extensions\{D2A8BC29-8CA3-4C0A-A206-631C44E9620F}\ not found.
Folder C:\Program Files (x86)\mozilla firefox\extensions\{C8D3D3BE-7ADC-4109-BF8C-6330A9F58B0C}\ not found.
Folder C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ not found.
File C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\SP_preispiraten_de.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9E027BF-C3F3-4022-8F6B-8F6D39A59684}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9E027BF-C3F3-4022-8F6B-8F6D39A59684}\ not found.
File C:\PROGRA~2\PREISP~1\IEBUTT~1.DLL not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent not found.
File C:\Program Files (x86)\Winamp\winampa.exe not found.
Registry value HKEY_USERS\S-1-5-21-1831856272-1523139597-2499426101-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Preispiratensuche nach markiertem Text\ not found.
File C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Preispiratensuche nach markiertem Text\ not found.
File C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
File C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{350F4DA2-3886-4BB8-A1A8-D7F57B56DFFF}\ not found.
File C:\Program Files (x86)\Preispiraten6\preispiraten3ie.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{786e7e48-3749-11de-9b9d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{786e7e48-3749-11de-9b9d-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{786e7e48-3749-11de-9b9d-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{786e7e48-3749-11de-9b9d-806e6f6e6963}\ not found.
File D:\.\Bin\Assetup.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Ulli
->Temp folder emptied: 2655 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 3923955 bytes
->FireFox cache emptied: 107580769 bytes
->Flash cache emptied: 118846 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
 
User: UpdatusUser.Ulli-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1165412452 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.220,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.37.0 log created on 03202012_193250

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Gruß

Ulli

cosinus 21.03.2012 14:32
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Gambler01 21.03.2012 19:11
Hallo,

hier der Log von tdsskiller:

Code:
19:07:42.0892 3224        TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51
19:07:43.0095 3224        ============================================================
19:07:43.0095 3224        Current date / time: 2012/03/21 19:07:43.0095
19:07:43.0095 3224        SystemInfo:
19:07:43.0095 3224       
19:07:43.0095 3224        OS Version: 6.0.6002 ServicePack: 2.0
19:07:43.0095 3224        Product type: Workstation
19:07:43.0095 3224        ComputerName: ULLI-PC
19:07:43.0095 3224        UserName: Ulli
19:07:43.0095 3224        Windows directory: C:\Windows
19:07:43.0095 3224        System windows directory: C:\Windows
19:07:43.0095 3224        Running under WOW64
19:07:43.0095 3224        Processor architecture: Intel x64
19:07:43.0095 3224        Number of processors: 4
19:07:43.0095 3224        Page size: 0x1000
19:07:43.0095 3224        Boot type: Normal boot
19:07:43.0095 3224        ============================================================
19:07:43.0906 3224        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:43.0937 3224        Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:07:43.0937 3224        \Device\Harddisk0\DR0:
19:07:43.0937 3224        MBR used
19:07:43.0937 3224        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
19:07:43.0937 3224        \Device\Harddisk1\DR1:
19:07:43.0937 3224        MBR used
19:07:43.0937 3224        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x5B8D8000
19:07:43.0937 3224        \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x5B8D8800, BlocksNum 0x531AE000
19:07:44.0062 3224        Initialize success
19:07:44.0062 3224        ============================================================
19:08:35.0012 3004        ============================================================
19:08:35.0012 3004        Scan started
19:08:35.0012 3004        Mode: Manual; SigCheck; TDLFS;
19:08:35.0012 3004        ============================================================
19:08:35.0807 3004        ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:08:35.0885 3004        ACPI - ok
19:08:35.0932 3004        ADIHdAudAddService (4a30fa79f8253134d398251db614e3c9) C:\Windows\system32\drivers\ADIHdAud.sys
19:08:35.0994 3004        ADIHdAudAddService - ok
19:08:36.0057 3004        adp94xx        (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:08:36.0072 3004        adp94xx - ok
19:08:36.0182 3004        adpahci        (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:08:36.0197 3004        adpahci - ok
19:08:36.0213 3004        adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:08:36.0228 3004        adpu160m - ok
19:08:36.0244 3004        adpu320        (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:08:36.0260 3004        adpu320 - ok
19:08:36.0322 3004        AFD            (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
19:08:36.0431 3004        AFD - ok
19:08:36.0478 3004        agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:08:36.0478 3004        agp440 - ok
19:08:36.0525 3004        aic78xx        (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:08:36.0525 3004        aic78xx - ok
19:08:36.0556 3004        aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:08:36.0556 3004        aliide - ok
19:08:36.0572 3004        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:08:36.0587 3004        amdide - ok
19:08:36.0603 3004        AmdK8          (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:08:36.0759 3004        AmdK8 - ok
19:08:36.0806 3004        arc            (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:08:36.0821 3004        arc - ok
19:08:36.0852 3004        arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:08:36.0852 3004        arcsas - ok
19:08:36.0868 3004        AsIO - ok
19:08:36.0915 3004        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:08:36.0946 3004        AsyncMac - ok
19:08:36.0993 3004        atapi          (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:08:37.0008 3004        atapi - ok
19:08:37.0071 3004        atksgt          (54494b93bb5ad74c807100144ec30d64) C:\Windows\system32\DRIVERS\atksgt.sys
19:08:37.0102 3004        atksgt - ok
19:08:37.0149 3004        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
19:08:37.0149 3004        avgntflt - ok
19:08:37.0196 3004        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
19:08:37.0211 3004        avipbb - ok
19:08:37.0242 3004        blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:08:37.0289 3004        blbdrive - ok
19:08:37.0352 3004        bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:08:37.0414 3004        bowser - ok
19:08:37.0445 3004        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:08:37.0523 3004        BrFiltLo - ok
19:08:37.0554 3004        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:08:37.0570 3004        BrFiltUp - ok
19:08:37.0601 3004        Brserid        (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:08:37.0742 3004        Brserid - ok
19:08:37.0757 3004        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:08:37.0820 3004        BrSerWdm - ok
19:08:37.0835 3004        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:08:37.0898 3004        BrUsbMdm - ok
19:08:37.0913 3004        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:08:37.0960 3004        BrUsbSer - ok
19:08:37.0991 3004        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:08:38.0038 3004        BTHMODEM - ok
19:08:38.0085 3004        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:08:38.0116 3004        cdfs - ok
19:08:38.0178 3004        cdrom          (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:08:38.0225 3004        cdrom - ok
19:08:38.0256 3004        circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:08:38.0303 3004        circlass - ok
19:08:38.0381 3004        CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:08:38.0412 3004        CLFS - ok
19:08:38.0444 3004        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:08:38.0459 3004        cmdide - ok
19:08:38.0506 3004        Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
19:08:38.0522 3004        Compbatt - ok
19:08:38.0553 3004        crcdisk        (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:08:38.0568 3004        crcdisk - ok
19:08:38.0631 3004        CT20XUT        (9eeb6baba033ccca0be1f1882ecb4d03) C:\Windows\system32\drivers\CT20XUT.SYS
19:08:38.0662 3004        CT20XUT - ok
19:08:38.0818 3004        CT20XUT.SYS    (9eeb6baba033ccca0be1f1882ecb4d03) C:\Windows\System32\drivers\CT20XUT.SYS
19:08:38.0818 3004        CT20XUT.SYS - ok
19:08:38.0849 3004        ctac32k        (3295516329ea2aecadde7a33872d3816) C:\Windows\system32\drivers\ctac32k.sys
19:08:38.0865 3004        ctac32k - ok
19:08:38.0896 3004        ctaud2k        (a2dda894e68b746c83153428107ad8a7) C:\Windows\system32\drivers\ctaud2k.sys
19:08:38.0912 3004        ctaud2k - ok
19:08:38.0943 3004        CTEXFIFX        (5afee6c282c3b2f1ba7cf2784663080f) C:\Windows\system32\drivers\CTEXFIFX.SYS
19:08:38.0990 3004        CTEXFIFX - ok
19:08:39.0005 3004        CTEXFIFX.SYS    (5afee6c282c3b2f1ba7cf2784663080f) C:\Windows\System32\drivers\CTEXFIFX.SYS
19:08:39.0036 3004        CTEXFIFX.SYS - ok
19:08:39.0068 3004        CTHWIUT        (37f04666c5c325d1864d36b260a7248b) C:\Windows\system32\drivers\CTHWIUT.SYS
19:08:39.0068 3004        CTHWIUT - ok
19:08:39.0099 3004        CTHWIUT.SYS    (37f04666c5c325d1864d36b260a7248b) C:\Windows\System32\drivers\CTHWIUT.SYS
19:08:39.0099 3004        CTHWIUT.SYS - ok
19:08:39.0114 3004        ctprxy2k        (24d416647168617bb19dbd1a3624be4d) C:\Windows\system32\drivers\ctprxy2k.sys
19:08:39.0114 3004        ctprxy2k - ok
19:08:39.0130 3004        ctsfm2k        (3e7177437bfa1ba61ca1a85bacf442a0) C:\Windows\system32\drivers\ctsfm2k.sys
19:08:39.0130 3004        ctsfm2k - ok
19:08:39.0208 3004        DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:08:39.0239 3004        DfsC - ok
19:08:39.0302 3004        disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:08:39.0317 3004        disk - ok
19:08:39.0348 3004        drmkaud        (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:08:39.0411 3004        drmkaud - ok
19:08:39.0536 3004        dump_wmimmc - ok
19:08:39.0598 3004        DXGKrnl        (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:08:39.0629 3004        DXGKrnl - ok
19:08:39.0692 3004        E1G60          (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:08:39.0723 3004        E1G60 - ok
19:08:39.0801 3004        Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:08:39.0801 3004        Ecache - ok
19:08:39.0832 3004        elxstor        (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:08:39.0848 3004        elxstor - ok
19:08:39.0926 3004        emupia          (660dedf9ae7c414b74480b484c7ba300) C:\Windows\system32\drivers\emupia2k.sys
19:08:39.0941 3004        emupia - ok
19:08:39.0957 3004        ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:08:39.0988 3004        ErrDev - ok
19:08:40.0050 3004        exfat          (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:08:40.0082 3004        exfat - ok
19:08:40.0144 3004        fastfat        (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:08:40.0222 3004        fastfat - ok
19:08:40.0238 3004        fdc            (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:08:40.0269 3004        fdc - ok
19:08:40.0284 3004        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:08:40.0284 3004        FileInfo - ok
19:08:40.0316 3004        Filetrace      (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:08:40.0347 3004        Filetrace - ok
19:08:40.0362 3004        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:08:40.0394 3004        flpydisk - ok
19:08:40.0440 3004        FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:08:40.0456 3004        FltMgr - ok
19:08:40.0472 3004        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:08:40.0534 3004        Fs_Rec - ok
19:08:40.0550 3004        gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:08:40.0565 3004        gagp30kx - ok
19:08:40.0612 3004        ha20x2k        (c8df6024abea766f2d735b35d109ee7e) C:\Windows\system32\drivers\ha20x2k.sys
19:08:40.0643 3004        ha20x2k - ok
19:08:40.0737 3004        HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
19:08:40.0815 3004        HdAudAddService - ok
19:08:40.0877 3004        HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:08:40.0955 3004        HDAudBus - ok
19:08:40.0986 3004        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:08:41.0049 3004        HidBth - ok
19:08:41.0080 3004        HidIr          (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:08:41.0142 3004        HidIr - ok
19:08:41.0205 3004        HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:08:41.0236 3004        HidUsb - ok
19:08:41.0283 3004        HpCISSs        (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:08:41.0283 3004        HpCISSs - ok
19:08:41.0376 3004        HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:08:41.0423 3004        HTTP - ok
19:08:41.0486 3004        i2omp          (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:08:41.0486 3004        i2omp - ok
19:08:41.0532 3004        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:08:41.0579 3004        i8042prt - ok
19:08:41.0595 3004        iaStorV        (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:08:41.0610 3004        iaStorV - ok
19:08:41.0642 3004        iirsp          (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:08:41.0642 3004        iirsp - ok
19:08:41.0688 3004        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:08:41.0688 3004        intelide - ok
19:08:41.0704 3004        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:08:41.0735 3004        intelppm - ok
19:08:41.0782 3004        IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:08:41.0813 3004        IpFilterDriver - ok
19:08:41.0829 3004        IpInIp - ok
19:08:41.0844 3004        IPMIDRV        (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:08:41.0891 3004        IPMIDRV - ok
19:08:41.0907 3004        IPNAT          (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:08:41.0954 3004        IPNAT - ok
19:08:41.0969 3004        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:08:42.0016 3004        IRENUM - ok
19:08:42.0047 3004        isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:08:42.0063 3004        isapnp - ok
19:08:42.0125 3004        iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:08:42.0141 3004        iScsiPrt - ok
19:08:42.0141 3004        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:08:42.0156 3004        iteatapi - ok
19:08:42.0172 3004        iteraid        (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:08:42.0172 3004        iteraid - ok
19:08:42.0188 3004        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:08:42.0188 3004        kbdclass - ok
19:08:42.0250 3004        kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:08:42.0266 3004        kbdhid - ok
19:08:42.0328 3004        KSecDD          (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
19:08:42.0359 3004        KSecDD - ok
19:08:42.0390 3004        ksthunk        (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:08:42.0437 3004        ksthunk - ok
19:08:42.0515 3004        L8042Kbd        (c44f9121831f90b0e5385d786591b480) C:\Windows\system32\DRIVERS\L8042Kbd.sys
19:08:42.0531 3004        L8042Kbd - ok
19:08:42.0562 3004        LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:08:42.0562 3004        LHidFilt - ok
19:08:42.0609 3004        lirsgt          (8e4ca9afd55ef6b509c80a8715abf8c6) C:\Windows\system32\DRIVERS\lirsgt.sys
19:08:42.0609 3004        lirsgt - ok
19:08:42.0640 3004        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:08:42.0671 3004        lltdio - ok
19:08:42.0687 3004        LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:08:42.0702 3004        LMouFilt - ok
19:08:42.0718 3004        LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:08:42.0718 3004        LSI_FC - ok
19:08:42.0749 3004        LSI_SAS        (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:08:42.0749 3004        LSI_SAS - ok
19:08:42.0780 3004        LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:08:42.0796 3004        LSI_SCSI - ok
19:08:42.0812 3004        luafv          (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:08:42.0843 3004        luafv - ok
19:08:42.0905 3004        megasas        (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:08:42.0905 3004        megasas - ok
19:08:42.0968 3004        MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:08:42.0983 3004        MegaSR - ok
19:08:43.0030 3004        Modem          (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:08:43.0092 3004        Modem - ok
19:08:43.0124 3004        monitor        (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:08:43.0170 3004        monitor - ok
19:08:43.0202 3004        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:08:43.0202 3004        mouclass - ok
19:08:43.0217 3004        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:08:43.0264 3004        mouhid - ok
19:08:43.0264 3004        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:08:43.0280 3004        MountMgr - ok
19:08:43.0311 3004        mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:08:43.0311 3004        mpio - ok
19:08:43.0342 3004        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:08:43.0373 3004        mpsdrv - ok
19:08:43.0389 3004        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:08:43.0389 3004        Mraid35x - ok
19:08:43.0451 3004        MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:08:43.0482 3004        MRxDAV - ok
19:08:43.0529 3004        mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:08:43.0560 3004        mrxsmb - ok
19:08:43.0623 3004        mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:08:43.0654 3004        mrxsmb10 - ok
19:08:43.0670 3004        mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:08:43.0670 3004        mrxsmb20 - ok
19:08:43.0701 3004        msahci          (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:08:43.0701 3004        msahci - ok
19:08:43.0732 3004        msdsm          (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:08:43.0748 3004        msdsm - ok
19:08:43.0779 3004        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:08:43.0810 3004        Msfs - ok
19:08:43.0857 3004        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:08:43.0857 3004        msisadrv - ok
19:08:43.0888 3004        MSKSSRV        (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:08:43.0919 3004        MSKSSRV - ok
19:08:43.0950 3004        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:08:43.0966 3004        MSPCLOCK - ok
19:08:43.0997 3004        MSPQM          (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:08:44.0028 3004        MSPQM - ok
19:08:44.0106 3004        MsRPC          (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:08:44.0106 3004        MsRPC - ok
19:08:44.0122 3004        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:08:44.0122 3004        mssmbios - ok
19:08:44.0138 3004        MSTEE          (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:08:44.0184 3004        MSTEE - ok
19:08:44.0247 3004        MTsensor        (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
19:08:44.0247 3004        MTsensor - ok
19:08:44.0262 3004        Mup            (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:08:44.0262 3004        Mup - ok
19:08:44.0325 3004        mv61xx          (ddde02cf363d4a202df6b82777ee5f45) C:\Windows\system32\DRIVERS\mv61xx.sys
19:08:44.0325 3004        mv61xx - ok
19:08:44.0403 3004        NativeWifiP    (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:08:44.0418 3004        NativeWifiP - ok
19:08:44.0496 3004        NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:08:44.0543 3004        NDIS - ok
19:08:44.0559 3004        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:08:44.0574 3004        NdisTapi - ok
19:08:44.0637 3004        Ndisuio        (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:08:44.0684 3004        Ndisuio - ok
19:08:44.0746 3004        NdisWan        (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:08:44.0777 3004        NdisWan - ok
19:08:44.0793 3004        NDProxy        (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:08:44.0840 3004        NDProxy - ok
19:08:44.0840 3004        NetBIOS        (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:08:44.0902 3004        NetBIOS - ok
19:08:44.0949 3004        netbt          (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:08:44.0980 3004        netbt - ok
19:08:45.0011 3004        nfrd960        (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:08:45.0027 3004        nfrd960 - ok
19:08:45.0074 3004        Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:08:45.0105 3004        Npfs - ok
19:08:45.0120 3004        NPPTNT2 - ok
19:08:45.0136 3004        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:08:45.0167 3004        nsiproxy - ok
19:08:45.0245 3004        Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:08:45.0276 3004        Ntfs - ok
19:08:45.0292 3004        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:08:45.0323 3004        Null - ok
19:08:45.0604 3004        nvlddmkm        (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:08:46.0041 3004        nvlddmkm - ok
19:08:46.0181 3004        nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:08:46.0197 3004        nvraid - ok
19:08:46.0244 3004        nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:08:46.0244 3004        nvstor - ok
19:08:46.0322 3004        nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:08:46.0337 3004        nv_agp - ok
19:08:46.0337 3004        NwlnkFlt - ok
19:08:46.0337 3004        NwlnkFwd - ok
19:08:46.0400 3004        ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
19:08:46.0431 3004        ohci1394 - ok
19:08:46.0493 3004        ossrv          (71e4ef433b137256c4810c6f8337680b) C:\Windows\system32\drivers\ctoss2k.sys
19:08:46.0509 3004        ossrv - ok
19:08:46.0524 3004        Parport        (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:08:46.0571 3004        Parport - ok
19:08:46.0634 3004        partmgr        (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:08:46.0634 3004        partmgr - ok
19:08:46.0649 3004        pci            (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:08:46.0665 3004        pci - ok
19:08:46.0696 3004        pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
19:08:46.0696 3004        pciide - ok
19:08:46.0712 3004        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:08:46.0727 3004        pcmcia - ok
19:08:46.0758 3004        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:08:46.0899 3004        PEAUTH - ok
19:08:46.0977 3004        PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:08:47.0008 3004        PptpMiniport - ok
19:08:47.0039 3004        Processor      (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
19:08:47.0086 3004        Processor - ok
19:08:47.0164 3004        PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:08:47.0180 3004        PSched - ok
19:08:47.0242 3004        PSI            (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys
19:08:47.0242 3004        PSI - ok
19:08:47.0273 3004        pwdrvio        (ff40216a382b30cc39372b889ae1f785) C:\Windows\system32\pwdrvio.sys
19:08:47.0289 3004        pwdrvio - ok
19:08:47.0320 3004        pwdspio        (bd08a9cdf23502b1c141d52d9d6a6648) C:\Windows\system32\pwdspio.sys
19:08:47.0336 3004        pwdspio - ok
19:08:47.0382 3004        ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:08:47.0414 3004        ql2300 - ok
19:08:47.0507 3004        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:08:47.0523 3004        ql40xx - ok
19:08:47.0538 3004        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:08:47.0585 3004        QWAVEdrv - ok
19:08:47.0616 3004        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:08:47.0648 3004        RasAcd - ok
19:08:47.0726 3004        Rasl2tp        (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:08:47.0772 3004        Rasl2tp - ok
19:08:47.0804 3004        RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:08:47.0835 3004        RasPppoe - ok
19:08:47.0882 3004        RasSstp        (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:08:47.0882 3004        RasSstp - ok
19:08:47.0944 3004        rdbss          (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:08:47.0975 3004        rdbss - ok
19:08:48.0006 3004        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:08:48.0022 3004        RDPCDD - ok
19:08:48.0053 3004        rdpdr          (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:08:48.0084 3004        rdpdr - ok
19:08:48.0100 3004        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:08:48.0147 3004        RDPENCDD - ok
19:08:48.0209 3004        RDPWD          (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
19:08:48.0240 3004        RDPWD - ok
19:08:48.0287 3004        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:08:48.0318 3004        rspndr - ok
19:08:48.0396 3004        SANDRA          (993380d8f17822a3c91efb71ea238ce1) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP3\WNt500x64\Sandra.sys
19:08:48.0396 3004        SANDRA - ok
19:08:48.0443 3004        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:08:48.0443 3004        sbp2port - ok
19:08:48.0474 3004        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:08:48.0506 3004        secdrv - ok
19:08:48.0552 3004        Serenum        (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
19:08:48.0599 3004        Serenum - ok
19:08:48.0630 3004        Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
19:08:48.0662 3004        Serial - ok
19:08:48.0693 3004        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:08:48.0740 3004        sermouse - ok
19:08:48.0755 3004        sffdisk        (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:08:48.0802 3004        sffdisk - ok
19:08:48.0802 3004        sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:08:48.0849 3004        sffp_mmc - ok
19:08:48.0989 3004        sffp_sd        (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:08:49.0067 3004        sffp_sd - ok
19:08:49.0098 3004        sfloppy        (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:08:49.0130 3004        sfloppy - ok
19:08:49.0161 3004        SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:08:49.0161 3004        SiSRaid2 - ok
19:08:49.0192 3004        SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:08:49.0208 3004        SiSRaid4 - ok
19:08:49.0270 3004        Smb            (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:08:49.0301 3004        Smb - ok
19:08:49.0348 3004        spldr          (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:08:49.0364 3004        spldr - ok
19:08:49.0442 3004        srv            (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:08:49.0520 3004        srv - ok
19:08:49.0582 3004        srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:08:49.0598 3004        srv2 - ok
19:08:49.0598 3004        srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:08:49.0629 3004        srvnet - ok
19:08:49.0660 3004        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:08:49.0676 3004        swenum - ok
19:08:49.0691 3004        Symc8xx        (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:08:49.0707 3004        Symc8xx - ok
19:08:49.0738 3004        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:08:49.0738 3004        Sym_hi - ok
19:08:49.0769 3004        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:08:49.0769 3004        Sym_u3 - ok
19:08:49.0878 3004        Tcpip          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
19:08:49.0910 3004        Tcpip - ok
19:08:49.0941 3004        Tcpip6          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
19:08:50.0081 3004        Tcpip6 - ok
19:08:50.0128 3004        tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:08:50.0159 3004        tcpipreg - ok
19:08:50.0190 3004        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:08:50.0222 3004        TDPIPE - ok
19:08:50.0284 3004        TDTCP          (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:08:50.0315 3004        TDTCP - ok
19:08:50.0378 3004        tdx            (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:08:50.0409 3004        tdx - ok
19:08:50.0471 3004        TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:08:50.0471 3004        TermDD - ok
19:08:50.0502 3004        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:08:50.0534 3004        tssecsrv - ok
19:08:50.0580 3004        tunmp          (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:08:50.0612 3004        tunmp - ok
19:08:50.0705 3004        tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:08:50.0736 3004        tunnel - ok
19:08:50.0752 3004        uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:08:50.0752 3004        uagp35 - ok
19:08:50.0783 3004        udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:08:50.0799 3004        udfs - ok
19:08:50.0830 3004        uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:08:50.0830 3004        uliagpkx - ok
19:08:50.0877 3004        uliahci        (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:08:50.0892 3004        uliahci - ok
19:08:50.0924 3004        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:08:50.0924 3004        UlSata - ok
19:08:50.0955 3004        ulsata2        (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:08:50.0970 3004        ulsata2 - ok
19:08:50.0986 3004        umbus          (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:08:51.0017 3004        umbus - ok
19:08:51.0095 3004        usbccgp        (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:08:51.0142 3004        usbccgp - ok
19:08:51.0173 3004        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:08:51.0220 3004        usbcir - ok
19:08:51.0298 3004        usbehci        (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:08:51.0329 3004        usbehci - ok
19:08:51.0345 3004        usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:08:51.0376 3004        usbhub - ok
19:08:51.0407 3004        usbohci        (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
19:08:51.0470 3004        usbohci - ok
19:08:51.0485 3004        usbprint        (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
19:08:51.0548 3004        usbprint - ok
19:08:51.0610 3004        USBSTOR        (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:08:51.0641 3004        USBSTOR - ok
19:08:51.0672 3004        usbuhci        (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:08:51.0704 3004        usbuhci - ok
19:08:51.0735 3004        vga            (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:08:51.0782 3004        vga - ok
19:08:51.0797 3004        VgaSave        (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:08:51.0813 3004        VgaSave - ok
19:08:51.0844 3004        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:08:51.0844 3004        viaide - ok
19:08:51.0906 3004        volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:08:51.0906 3004        volmgr - ok
19:08:52.0000 3004        volmgrx        (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:08:52.0016 3004        volmgrx - ok
19:08:52.0062 3004        volsnap        (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:08:52.0062 3004        volsnap - ok
19:08:52.0094 3004        vsmraid        (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:08:52.0109 3004        vsmraid - ok
19:08:52.0140 3004        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:08:52.0187 3004        WacomPen - ok
19:08:52.0234 3004        Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:08:52.0281 3004        Wanarp - ok
19:08:52.0281 3004        Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:08:52.0296 3004        Wanarpv6 - ok
19:08:52.0328 3004        Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:08:52.0343 3004        Wd - ok
19:08:52.0374 3004        WDC_SAM        (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
19:08:52.0406 3004        WDC_SAM - ok
19:08:52.0452 3004        Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:08:52.0484 3004        Wdf01000 - ok
19:08:52.0515 3004        WmiAcpi        (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
19:08:52.0562 3004        WmiAcpi - ok
19:08:52.0671 3004        WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:08:52.0733 3004        WpdUsb - ok
19:08:52.0764 3004        ws2ifsl        (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:08:52.0796 3004        ws2ifsl - ok
19:08:52.0874 3004        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:08:52.0889 3004        WUDFRd - ok
19:08:52.0967 3004        yukonx64        (2ae06b41b36549fabf0886b2af89a599) C:\Windows\system32\DRIVERS\yk60x64.sys
19:08:52.0998 3004        yukonx64 - ok
19:08:53.0030 3004        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:08:53.0139 3004        \Device\Harddisk0\DR0 - ok
19:08:53.0170 3004        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
19:08:53.0279 3004        \Device\Harddisk1\DR1 - ok
19:08:53.0279 3004        Boot (0x1200)  (4a573ce1140577f909eec5f18b0506be) \Device\Harddisk0\DR0\Partition0
19:08:53.0279 3004        \Device\Harddisk0\DR0\Partition0 - ok
19:08:53.0310 3004        Boot (0x1200)  (c8211d6c9818ae40b125b477fc44c6b7) \Device\Harddisk1\DR1\Partition0
19:08:53.0310 3004        \Device\Harddisk1\DR1\Partition0 - ok
19:08:53.0342 3004        Boot (0x1200)  (c398672e6239de0fe5823f057a4ea5c8) \Device\Harddisk1\DR1\Partition1
19:08:53.0342 3004        \Device\Harddisk1\DR1\Partition1 - ok
19:08:53.0342 3004        ============================================================
19:08:53.0342 3004        Scan finished
19:08:53.0342 3004        ============================================================
19:08:53.0342 3740        Detected object count: 0
19:08:53.0342 3740        Actual detected object count: 0
Gruß,

Ulli

cosinus 22.03.2012 11:29
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Gambler01 22.03.2012 19:04
Weiter gehts mit dem CF Log:

[code]
Combofix Logfile:
Code:
ComboFix 12-03-22.01 - Ulli 22.03.2012  18:46:48.1.4 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4094.2697 [GMT 1:00]
ausgeführt von:: c:\users\Ulli\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml2B1E.tmp
c:\programdata\xml2C18.tmp
c:\programdata\xml2CA6.tmp
c:\programdata\xmlFB27.tmp
c:\programdata\xmlFD98.tmp
c:\programdata\xmlFFE9.tmp
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-22 bis 2012-03-22  ))))))))))))))))))))))))))))))
.
.
2012-03-22 17:52 . 2012-03-22 17:55        --------        d-----w-        c:\users\Ulli\AppData\Local\temp
2012-03-19 19:14 . 2012-03-19 19:14        --------        d-----w-        C:\_OTL
2012-03-18 08:25 . 2012-02-08 07:14        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5165A57-0942-4043-941D-17CA8C0F4FA4}\mpengine.dll
2012-03-16 21:27 . 2012-03-16 21:27        --------        d-----w-        c:\program files (x86)\ESET
2012-03-16 19:01 . 2012-03-16 19:01        --------        d-----w-        c:\users\Ulli\AppData\Roaming\Malwarebytes
2012-03-16 19:01 . 2012-03-16 19:01        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-16 19:01 . 2012-03-16 19:01        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-16 19:01 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-16 18:59 . 2012-03-16 18:59        9502424        ----a-w-        C:\mbam-setup-1.60.1.1000.exe
2012-03-13 21:31 . 2012-03-13 21:32        --------        d-----w-        c:\users\UpdatusUser.Ulli-PC
2012-03-13 21:23 . 2012-03-01 00:02        9717568        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2012-03-13 21:23 . 2012-03-01 00:02        7713088        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2012-03-13 21:23 . 2012-03-01 00:02        68928        ----a-w-        c:\windows\system32\OpenCL.dll
2012-03-13 21:23 . 2012-03-01 00:02        61248        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2012-03-13 21:23 . 2012-03-01 00:02        25543488        ----a-w-        c:\windows\system32\nvoglv64.dll
2012-03-13 21:23 . 2012-03-01 00:02        19444544        ----a-w-        c:\windows\SysWow64\nvoglv32.dll
2012-03-13 21:23 . 2012-03-01 00:02        13626688        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2012-03-13 21:22 . 2012-03-01 00:02        8008000        ----a-w-        c:\windows\system32\nvcuda.dll
2012-03-13 21:22 . 2012-03-01 00:02        5892928        ----a-w-        c:\windows\SysWow64\nvcuda.dll
2012-03-13 21:22 . 2012-03-01 00:02        2872640        ----a-w-        c:\windows\system32\nvcuvenc.dll
2012-03-13 21:22 . 2012-03-01 00:02        2672448        ----a-w-        c:\windows\system32\nvcuvid.dll
2012-03-13 21:22 . 2012-03-01 00:02        2517312        ----a-w-        c:\windows\SysWow64\nvcuvid.dll
2012-03-13 21:22 . 2012-03-01 00:02        2437440        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll
2012-03-13 21:22 . 2012-03-01 00:02        25222976        ----a-w-        c:\windows\system32\nvcompiler.dll
2012-03-13 21:22 . 2012-03-01 00:02        17543488        ----a-w-        c:\windows\SysWow64\nvcompiler.dll
2012-03-13 21:22 . 2012-03-01 00:02        2301248        ----a-w-        c:\windows\SysWow64\nvapi.dll
2012-03-13 20:42 . 2012-03-13 20:42        592824        ----a-w-        c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-13 20:42 . 2012-03-13 20:42        44472        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-02-29 12:26 . 2012-02-29 12:26        416064        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 00:02 . 2011-10-14 22:19        1737536        ----a-w-        c:\windows\system32\nvdispco64.dll
2012-03-01 00:02 . 2011-10-14 22:19        1466176        ----a-w-        c:\windows\system32\nvgenco64.dll
2012-03-01 00:02 . 2011-05-21 04:01        15009600        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2012-03-01 00:02 . 2010-07-03 17:03        2660160        ----a-w-        c:\windows\system32\nvapi64.dll
2012-03-01 00:02 . 2010-01-12 11:03        17642816        ----a-w-        c:\windows\system32\nvd3dumx.dll
2012-02-29 21:00 . 2010-07-09 15:27        3089728        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-02-29 21:00 . 2010-07-09 15:27        6074176        ----a-w-        c:\windows\system32\nvcpl.dll
2012-02-29 20:59 . 2010-07-09 15:27        889664        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-02-29 20:59 . 2010-07-09 15:27        118080        ----a-w-        c:\windows\system32\nvmctray.dll
2012-02-29 20:59 . 2010-06-07 15:21        63296        ----a-w-        c:\windows\system32\nvshext.dll
2012-02-29 20:59 . 2010-06-07 15:21        2561856        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-02-23 08:18 . 2009-10-05 09:53        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-01-18 14:56 . 2012-02-12 13:34        19936        ------w-        c:\windows\system32\pwdrvio.sys
2012-01-18 14:56 . 2012-02-12 13:34        13280        ------w-        c:\windows\system32\pwdspio.sys
2012-01-18 14:56 . 2012-02-12 13:34        1013320        ----a-w-        c:\windows\system32\pwNative.exe
2012-01-12 20:16 . 2012-02-15 19:47        2765824        ----a-w-        c:\windows\system32\win32k.sys
2012-01-03 14:25 . 2012-02-15 19:47        404992        ----a-w-        c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"Kalender"="c:\program files (x86)\Kalender_UK\Kalender.exe" [2010-03-19 933888]
"Timerle"="c:\program files (x86)\Timerle\Timerle.exe" [2006-02-19 160899]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-02-16 3046808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-09 281768]
"SoundTray"="c:\program files (x86)\Analog Devices\SoundMAX\SoundTray.exe" [2008-03-26 143360]
"Ai Nap"="c:\program files (x86)\ASUS\AI Suite\AiNap\AiNap.exe" [2008-05-09 1423360]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"Drive Xpert"="c:\program files (x86)\ASUS\Drive Xpert\DriveXpert.exe" [2008-05-22 10235904]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1302528]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-10-07 23552]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-05-19 136544]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Cobian Backup 10"="c:\program files (x86)\Cobian Backup 10\Cobian.exe" [2010-09-23 421376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2008-10-07 47104]
.
c:\users\Ulli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
S2 57xx SteelVine Manager;57xx SteelVine;c:\program files (x86)\ASUS\Drive Xpert\SteelVine.exe [2008-05-22 1286144]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateUSB"="c:\windows\inf\UpdateUSB.exe" [2006-06-23 30720]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page =
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Ulli\AppData\Roaming\Mozilla\Firefox\Profiles\cfvh6cm8.Ulli\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - about:blank
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-NBKeyScan - c:\program files (x86)\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\uninstaller.exe
AddRemove-Two Worlds - c:\games\TWOWOR~2\Unwise.exe
AddRemove-{0d53cd82-c9e3-4cd1-9b34-b8ed9fdf95d4} - c:\program files (x86)\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1831856272-1523139597-2499426101-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:39,34,3f,65,20,44,f0,82,d8,d8,3c,d8,cd,98,12,49,3a,32,8a,f3,f7,19,f5,
  78,ba,cf,e3,02,56,ec,f1,84,15,8b,7d,ec,a3,34,4e,68,90,ae,6e,09,4f,4a,bb,a9,\
"??"=hex:07,71,14,f5,a3,96,f5,a4,e2,35,45,6d,97,23,93,77
.
[HKEY_USERS\S-1-5-21-1831856272-1523139597-2499426101-1000\Software\SecuROM\License information*]
"datasecu"=hex:45,7d,aa,d0,22,88,e5,48,3a,6e,f9,9f,7e,42,cf,39,47,3b,57,96,5f,
  a9,a6,b1,51,eb,41,d9,01,3d,4c,e1,ca,ab,6b,f8,02,b9,a9,76,de,43,5f,05,32,f7,\
"rkeysecu"=hex:b9,1b,75,dc,75,a9,bf,5c,1e,7d,1e,ec,a0,9b,15,57
.
[HKEY_USERS\S-1-5-21-1831856272-1523139597-2499426101-1000\S/*]
@Allowed: (Read) (RestrictedCode)
"WriteErrorLog"="No"
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\ASUS\AASP\1.00.63\aaCenter.exe
c:\program files (x86)\ASUS\Six Engine\SixEngine.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\LXiMediaCenter\lximcbackend.exe
c:\program files (x86)\Secunia\PSI\sua.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\windows\SysWOW64\Ctxfihlp.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\windows\SysWOW64\CTXFISPI.EXE
c:\program files (x86)\Cobian Backup 10\cbInterface.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-22  19:00:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-22 18:00
.
Vor Suchlauf: 16 Verzeichnis(se), 108.241.547.264 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 108.130.189.312 Bytes frei
.
- - End Of File - - 9A0BFE4AE33C1F47A1280BA8F4FCB46B
--- --- ---


Gruß,

Ulli

cosinus 23.03.2012 20:57
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Gambler01 23.03.2012 21:23
OK. Erledigt.

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-23 21:05:34
-----------------------------
21:05:34.420    OS Version: Windows x64 6.0.6002 Service Pack 2
21:05:34.420    Number of processors: 4 586 0x1707
21:05:34.420    ComputerName: ULLI-PC  UserName: Ulli
21:05:35.605    Initialize success
21:06:53.018    AVAST engine defs: 12032301
21:06:59.273    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
21:06:59.273    Disk 0 Vendor: SAMSUNG_HD322HJ 1AG01113 Size: 305245MB BusType: 3
21:06:59.273    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2
21:06:59.273    Disk 1 Vendor: ST31500341AS SD1A Size: 1430799MB BusType: 3
21:06:59.320    Disk 0 MBR read successfully
21:06:59.336    Disk 0 MBR scan
21:06:59.336    Disk 0 Windows VISTA default MBR code
21:06:59.336    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      305243 MB offset 2048
21:06:59.351    Disk 0 scanning C:\Windows\system32\drivers
21:07:09.039    Service scanning
21:07:30.458    Modules scanning
21:07:30.458    Disk 0 trace - called modules:
21:07:30.473    ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:07:30.988    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e1f790]
21:07:30.988    3 CLASSPNP.SYS[fffffa6000fcec33] -> nt!IofCallDriver -> [0xfffffa8004930e40]
21:07:30.988    5 acpi.sys[fffffa60008f9fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80049224b0]
21:07:32.283    AVAST engine scan C:\Windows
21:07:35.840    AVAST engine scan C:\Windows\system32
21:11:26.267    AVAST engine scan C:\Windows\system32\drivers
21:11:43.770    AVAST engine scan C:\Users\Ulli
21:17:21.822    AVAST engine scan C:\ProgramData
21:18:51.382    Scan finished successfully
21:20:06.886    Disk 0 MBR has been saved successfully to "C:\Users\Ulli\Desktop\MBR.dat"
21:20:06.902    The log file has been saved successfully to "C:\Users\Ulli\Desktop\aswMBR.txt"
Gruß,
Ulli

cosinus 23.03.2012 22:00
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Gambler01 24.03.2012 13:46
Nummer 1: Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.23.04

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Ulli :: ULLI-PC [Administrator]

23.03.2012 22:41:57
mbam-log-2012-03-23 (22-41-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 705899
Laufzeit: 1 Stunde(n), 59 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
und Nummer 2:

Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/24/2012 at 10:15 AM

Application Version : 5.0.1146

Core Rules Database Version : 8377
Trace Rules Database Version: 6189

Scan type      : Complete Scan
Total Scan Time : 03:30:31

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned      : 449
Memory threats detected  : 0
Registry items scanned    : 67289
Registry threats detected : 0
File items scanned        : 397138
File threats detected    : 87

Adware.Tracking Cookie
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@ad.adserver01[1].txt [ /ad.adserver01 ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@ad3.adfarm1.adition[2].txt [ /ad3.adfarm1.adition ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@ads.associatedcontent[1].txt [ /ads.associatedcontent ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@adtech[1].txt [ /adtech ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@adx.chip[2].txt [ /adx.chip ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@associatedcontent.112.2o7[1].txt [ /associatedcontent.112.2o7 ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@bs.serving-sys[1].txt [ /bs.serving-sys ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@de.at.atwola[1].txt [ /de.at.atwola ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@fastclick[2].txt [ /fastclick ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@serving-sys[2].txt [ /serving-sys ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@statcounter[1].txt [ /statcounter ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@tracking.gameforge[2].txt [ /tracking.gameforge ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@tracking.mindshare[1].txt [ /tracking.mindshare ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@traffictrack[2].txt [ /traffictrack ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@tribalfusion[2].txt [ /tribalfusion ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\ulli@www.zanox-affiliate[2].txt [ /www.zanox-affiliate ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\SXNOYTRK.txt [ /advertising.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\S201N03B.txt [ /smartadserver.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\M6IPMJK7.txt [ /tradedoubler.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\QAZ5M53W.txt [ /content.yieldmanager.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\0G0MRUUH.txt [ /ad.yieldmanager.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\IYHVWJYC.txt [ /doubleclick.net ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\JHP26TRI.txt [ /atdmt.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\R6Q5LEB5.txt [ /ad.zanox.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\1EP8949P.txt [ /mediaplex.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\W7Z921PR.txt [ /atwola.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\IQBAUFKN.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\EQA0XPAA.txt [ /tracking.quisma.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\4SVURZES.txt [ /ar.atwola.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\OY6SW01L.txt [ /apmebf.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\2XP4V3OE.txt [ /at.atwola.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\N0U57JMY.txt [ /tracking.gameforge.de ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\JQTOFW6N.txt [ /adfarm1.adition.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\1RQWT2UL.txt [ /tacoda.at.atwola.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\RKAB2OGM.txt [ /zanox.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\COGRWNCQ.txt [ /dyntracker.com ]
        C:\Users\Ulli\AppData\Roaming\Microsoft\Windows\Cookies\DT41L6VK.txt [ /tracking.gameforge.de ]
        C:\USERS\ULLI\AppData\Roaming\Microsoft\Windows\Cookies\KJOD5XTC.txt [ Cookie:ulli@adsonar.com/adserving ]
        C:\USERS\ULLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ulli@tradedoubler[1].txt [ Cookie:ulli@tradedoubler.com/ ]
        C:\USERS\ULLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ulli@adtech[1].txt [ Cookie:ulli@adtech.de/ ]
        C:\USERS\ULLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ulli@traffictrack[1].txt [ Cookie:ulli@traffictrack.de/ ]
        C:\USERS\ULLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ulli@zanox-affiliate[2].txt [ Cookie:ulli@zanox-affiliate.de/ ]
        C:\USERS\ULLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\A56BIUX4.txt [ Cookie:ulli@c.atdmt.com/ ]
        C:\USERS\ULLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ulli@apmebf[1].txt [ Cookie:ulli@apmebf.com/ ]
        C:\USERS\ULLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ulli@adfarm1.adition[2].txt [ Cookie:ulli@adfarm1.adition.com/ ]
        C:\USERS\ULLI\AppData\Roaming\Microsoft\Windows\Cookies\Low\ulli@ww251.smartadserver[1].txt [ Cookie:ulli@ww251.smartadserver.com/ ]
        C:\USERS\ULLI\Cookies\ulli@ad3.adfarm1.adition[2].txt [ Cookie:ulli@ad3.adfarm1.adition.com/ ]
        C:\USERS\ULLI\Cookies\SXNOYTRK.txt [ Cookie:ulli@advertising.com/ ]
        C:\USERS\ULLI\Cookies\S201N03B.txt [ Cookie:ulli@smartadserver.com/ ]
        C:\USERS\ULLI\Cookies\M6IPMJK7.txt [ Cookie:ulli@tradedoubler.com/ ]
        C:\USERS\ULLI\Cookies\ulli@statcounter[1].txt [ Cookie:ulli@statcounter.com/ ]
        C:\USERS\ULLI\Cookies\QAZ5M53W.txt [ Cookie:ulli@content.yieldmanager.com/ ]
        C:\USERS\ULLI\Cookies\ulli@adtech[1].txt [ Cookie:ulli@adtech.de/ ]
        C:\USERS\ULLI\Cookies\0G0MRUUH.txt [ Cookie:ulli@ad.yieldmanager.com/ ]
        C:\USERS\ULLI\Cookies\ulli@www.zanox-affiliate[2].txt [ Cookie:ulli@www.zanox-affiliate.de/ ]
        C:\USERS\ULLI\Cookies\ulli@adx.chip[2].txt [ Cookie:ulli@adx.chip.de/ ]
        C:\USERS\ULLI\Cookies\R6Q5LEB5.txt [ Cookie:ulli@ad.zanox.com/ ]
        C:\USERS\ULLI\Cookies\ulli@traffictrack[2].txt [ Cookie:ulli@traffictrack.de/ ]
        C:\USERS\ULLI\Cookies\IQBAUFKN.txt [ Cookie:ulli@ad2.adfarm1.adition.com/ ]
        C:\USERS\ULLI\Cookies\EQA0XPAA.txt [ Cookie:ulli@tracking.quisma.com/ ]
        C:\USERS\ULLI\Cookies\ulli@bs.serving-sys[1].txt [ Cookie:ulli@bs.serving-sys.com/ ]
        C:\USERS\ULLI\Cookies\4SVURZES.txt [ Cookie:ulli@ar.atwola.com/ ]
        C:\USERS\ULLI\Cookies\OY6SW01L.txt [ Cookie:ulli@apmebf.com/ ]
        C:\USERS\ULLI\Cookies\2XP4V3OE.txt [ Cookie:ulli@at.atwola.com/ ]
        C:\USERS\ULLI\Cookies\KJOD5XTC.txt [ Cookie:ulli@adsonar.com/adserving ]
        C:\USERS\ULLI\Cookies\N0U57JMY.txt [ Cookie:ulli@tracking.gameforge.de/track/ ]
        C:\USERS\ULLI\Cookies\JQTOFW6N.txt [ Cookie:ulli@adfarm1.adition.com/ ]
        C:\USERS\ULLI\Cookies\ulli@fastclick[2].txt [ Cookie:ulli@fastclick.net/ ]
        C:\USERS\ULLI\Cookies\ulli@serving-sys[2].txt [ Cookie:ulli@serving-sys.com/ ]
        C:\USERS\ULLI\Cookies\ulli@tracking.gameforge[2].txt [ Cookie:ulli@tracking.gameforge.de/track/ ]
        C:\USERS\ULLI\Cookies\1RQWT2UL.txt [ Cookie:ulli@tacoda.at.atwola.com/ ]
        C:\USERS\ULLI\Cookies\RKAB2OGM.txt [ Cookie:ulli@zanox.com/ ]
        C:\USERS\ULLI\Cookies\ulli@tribalfusion[2].txt [ Cookie:ulli@tribalfusion.com/ ]
        C:\USERS\ULLI\Cookies\DT41L6VK.txt [ Cookie:ulli@tracking.gameforge.de/track/ ]
        C:\USERS\ULLI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ULLI@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
        C:\USERS\ULLI\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ULLI@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
        .adtech.de [ C:\USERS\ULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYCT6OS8.DEFAULT\COOKIES.SQLITE ]
        .euroclick.com [ C:\USERS\ULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYCT6OS8.DEFAULT\COOKIES.SQLITE ]
        .euroclick.com [ C:\USERS\ULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYCT6OS8.DEFAULT\COOKIES.SQLITE ]
        .euroclick.com [ C:\USERS\ULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYCT6OS8.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\ULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYCT6OS8.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\ULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYCT6OS8.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYCT6OS8.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\ULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYCT6OS8.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\ULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYCT6OS8.DEFAULT\COOKIES.SQLITE ]
        .statcounter.com [ C:\USERS\ULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYCT6OS8.DEFAULT\COOKIES.SQLITE ]
        counter.dieit.de [ C:\USERS\ULLI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JYCT6OS8.DEFAULT\COOKIES.SQLITE ]
Jede Menge Cookies.

Gruß

Ulli

cosinus 24.03.2012 18:50
Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Gambler01 24.03.2012 20:19
Hallo,

also ich kann zur Zeit kein außergewöhnliches Verhalten mehr feststellen.

Bisher war das mein erstes ernsthaftes Problem seit ich online bin, so seit 1991 oder 92 (mit 1200 Baud damals :lach:).
Hoffentlich dauerts wieder 20 Jahre bis zum nächsten Problemfall.

Gruß

Ulli

cosinus 25.03.2012 14:07
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Gambler01 25.03.2012 17:51
Na dann sage ich mal ein ganz ganz großes Danke.
Schön wenn man solche Hilfe findet.

Gruß,

Ulli

PS: Um das Board auch materiell etwas zu unterstützen und damit auch anderen Hilfesuchenden weiter geholfen werden kann, habe ich den Weg zu Paypal gefunden und benutzt.

cosinus 25.03.2012 19:24
Zitat:
habe ich den Weg zu Paypal gefunden und benutzt.
:dankeschoen: :daumenhoc


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131