Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen (https://www.trojaner-board.de/117852-tr-atraps-gen2-tr-sirefef-ag-35-u-tr-small-fi-meldungen.html)

Invi 23.06.2012 21:42

TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen
 
Hey Leute,
auch ich gehöre nun zu den glücklichen, die sich dem Club der befallenen durch diese Trojaner zuzählen dürfen.

Wie bei den andern hier hab auch ich seit einigen Tagen ununterbrochen Meldungen dieser Trojaner, da wiederholtest entfernen/in Quarantäne verschieben keinen Effekt hatte hab ichs irgendwann einfach ignoriert und so gelassen wies war.
Anfangs warens nur die ersten beiden Trojaner, seit gestern ist nun der neue (TR/Small.FI) aufgetaucht, dafür kommen keine Meldungen mehr von den andern beiden... Vielleicht sind sie ja freiwillig gegangen ^^
Naja wäre super wenn man mir helfen könnte.

OTL log
OTL Logfile:
Code:

OTL logfile created on: 23.06.2012 20:31:34 - Run 1
OTL by OldTimer - Version 3.2.52.0    Folder = C:\Dokumente und Einstellungen\Invi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,35 Mb Total Physical Memory | 374,84 Mb Available Physical Memory | 36,95% Memory free
2,39 Gb Paging File | 1,44 Gb Available in Paging File | 60,22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,77 Gb Total Space | 15,07 Gb Free Space | 21,30% Space Free | Partition Type: NTFS
 
Computer Name: BLECHBOX | User Name: Invi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.23 20:20:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Invi\Desktop\OTL.exe
PRC - [2012.06.23 16:53:21 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.02.27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.07.07 10:15:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.05.04 14:22:54 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.01 15:24:17 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.06 13:25:14 | 000,720,704 | ---- | M] (TuneUp Software) -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2010.07.06 13:23:40 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesService32.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.07 15:35:00 | 000,053,544 | ---- | M] (Guillemot Corporation) -- C:\WINDOWS\system32\HerculesWiFiService.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.13 17:59:14 | 000,346,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2007.12.13 17:57:24 | 002,095,640 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2006.11.13 13:50:28 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\wcescomm.exe
PRC - [2006.11.13 13:50:16 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\rapimgr.exe
PRC - [2006.07.14 18:05:32 | 000,503,808 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2006.07.14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2006.07.14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2005.07.19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005.06.08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Video\LogiTray.exe
PRC - [2005.06.08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Video\FxSvr2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.23 16:53:20 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.13 19:30:30 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.05.18 15:34:48 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.05.13 00:45:00 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.13 00:44:48 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.01.05 19:05:05 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2010.07.16 18:52:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\WinRar\RarExt.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
MOD - [2006.07.14 17:35:28 | 000,139,264 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2006.07.14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
MOD - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\PsaSrv.exe -- (PsaSrv)
SRV - [2012.06.23 16:53:20 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.07.07 10:15:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.04 14:22:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.29 12:50:14 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.07.06 13:23:40 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.07.06 13:20:38 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.05.07 15:35:00 | 000,053,544 | ---- | M] (Guillemot Corporation) [Auto | Running] -- C:\WINDOWS\system32\HerculesWiFiService.exe -- (HerculesWiFi)
SRV - [2006.07.14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006.07.14 17:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psadd.sys -- (psadd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Invi\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.07.07 10:15:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.07 10:15:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.15 11:26:24 | 000,583,552 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.09.25 18:35:24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008.08.28 23:45:58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2006.05.10 09:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005.05.27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.10.08 12:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001.08.17 12:14:52 | 000,952,007 | ---- | M] (Eicon Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\disdn\Diwan.sys -- (DiWan)
DRV - [2001.08.17 12:13:52 | 000,091,305 | ---- | M] (Eicon Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\disdn\dimaint.sys -- (DiMaint)
DRV - [2001.08.17 12:13:48 | 000,164,923 | ---- | M] (Eicon Technology) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\disdn\capi20.sys -- (DiCapi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.http: "109.123.126.253"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.23 16:53:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.11 17:18:19 | 000,000,000 | ---D | M]
 
[2010.07.16 23:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Extensions
[2012.06.21 20:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\extensions
[2011.06.29 16:30:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.21 20:56:53 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\extensions\info@djzig.com
[2012.01.07 12:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.06 13:57:53 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INVI\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\88AS021Z.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.15 19:59:05 | 000,182,698 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INVI\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\88AS021Z.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.23 16:53:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2012.06.23 16:53:11 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 16:53:11 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.23 16:53:11 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 16:53:11 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 16:53:11 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 16:53:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.31 12:34:25 | 000,001,017 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKCU..\Run: [Facebook Update] C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Invi\Startmenü\Programme\Autostart\CurseClientStartup.ccip ()
O4 - Startup: C:\Dokumente und Einstellungen\Invi\Startmenü\Programme\Autostart\WiFi Station N.lnk = C:\Programme\Hercules\WiFiStationN\WiFiN.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA1440BA-BAE0-44F7-9E91-7CBF25A5A6D2}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.23 20:34:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2012.06.23 20:34:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun
[2012.06.23 20:20:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Invi\Desktop\OTL.exe
[2012.06.23 20:19:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Invi\Desktop\Virus kram
[2012.06.20 11:40:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2012.06.20 11:39:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2012.06.19 21:40:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.10.26 16:07:46 | 001,382,304 | ---- | C] (DownVision                                                  ) -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\setup.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.23 20:29:05 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\defogger_reenable
[2012.06.23 20:26:41 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\ugsw52w2.exe
[2012.06.23 20:25:43 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.23 20:20:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Invi\Desktop\OTL.exe
[2012.06.23 20:19:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\Defogger.exe
[2012.06.23 19:05:03 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-788714031-3270273673-1796202824-1005UA.job
[2012.06.23 16:49:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.23 16:49:23 | 1063,694,336 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.23 16:05:02 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-788714031-3270273673-1796202824-1005Core.job
[2012.06.17 18:07:12 | 000,055,281 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\itunes-50-de.jpg
[2012.06.16 20:18:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.06.13 19:21:46 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 17:48:40 | 000,527,846 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.13 17:48:40 | 000,502,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.13 17:48:40 | 000,105,808 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.13 17:48:40 | 000,088,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.13 17:34:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.12 17:49:42 | 000,072,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\fischkugel.jpg
[2012.06.11 23:30:41 | 000,035,541 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\dat ass.jpg
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012.06.02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012.06.02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012.06.02 15:19:38 | 000,015,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012.06.02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012.06.02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012.06.02 15:19:28 | 000,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012.06.02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012.06.02 15:18:58 | 000,018,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012.05.31 15:22:01 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.23 20:29:05 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\defogger_reenable
[2012.06.23 20:27:51 | 000,001,648 | ---- | C] () -- C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\00000001.@
[2012.06.23 20:26:39 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\ugsw52w2.exe
[2012.06.23 20:19:38 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\Defogger.exe
[2012.06.21 17:24:51 | 000,012,288 | ---- | C] () -- C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\80000000.@
[2012.06.20 12:45:34 | 000,018,944 | ---- | C] () -- C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\800000cb.@
[2012.06.17 18:07:11 | 000,055,281 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\itunes-50-de.jpg
[2012.06.12 17:49:33 | 000,072,392 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\fischkugel.jpg
[2012.06.11 23:30:39 | 000,035,541 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\dat ass.jpg
[2012.05.18 20:16:40 | 000,073,320 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.04.16 20:13:47 | 000,154,104 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2012.04.16 20:13:46 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2012.04.15 22:58:35 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012.02.15 14:44:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.12 01:46:04 | 000,019,160 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.10.26 16:07:53 | 000,000,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\ea sports online pass.exe.torrent
[2011.10.26 16:07:04 | 000,459,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\promo.exe
[2011.09.24 11:18:39 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\$_hpcst$.hpc
[2011.02.25 19:50:52 | 000,001,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\.recently-used.xbel
[2011.02.09 15:13:27 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\d3d9caps.dat
[2011.01.20 10:39:37 | 000,000,180 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Current.prx
[2011.01.05 19:05:05 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011.01.05 19:05:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010.12.22 09:33:21 | 000,000,019 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\user.PROKISS
[2010.10.09 02:06:16 | 000,000,261 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2010.08.04 18:02:09 | 000,119,296 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.18 01:04:13 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010.07.18 01:04:09 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010.07.17 04:16:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.17 02:10:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.07.16 23:29:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.07.16 20:07:57 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\Procdb.ini
[2010.07.16 19:53:26 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.07.16 19:40:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.07.16 19:11:03 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010.07.16 19:05:54 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2010.07.16 19:03:06 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.07.16 19:02:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010.07.16 19:02:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010.07.16 19:02:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010.07.16 19:02:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010.07.16 19:02:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010.07.16 19:02:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010.07.16 18:57:11 | 000,650,608 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2010.07.16 18:57:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010.07.16 18:56:48 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2010.07.16 18:56:48 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2010.07.16 18:56:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2010.07.16 18:56:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2010.07.16 18:52:17 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2010.07.16 18:46:54 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\DIVAprop.dll
[2010.07.16 18:46:54 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\divasu.dll
[2010.07.16 18:46:54 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\divaci.dll
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\@
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\@

< End of report >

--- --- ---


Extras
OTL Logfile:
Code:

OTL Extras logfile created on: 23.06.2012 20:31:34 - Run 1
OTL by OldTimer - Version 3.2.52.0    Folder = C:\Dokumente und Einstellungen\Invi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,35 Mb Total Physical Memory | 374,84 Mb Available Physical Memory | 36,95% Memory free
2,39 Gb Paging File | 1,44 Gb Available in Paging File | 60,22% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,77 Gb Total Space | 15,07 Gb Free Space | 21,30% Space Free | Partition Type: NTFS
 
Computer Name: BLECHBOX | User Name: Invi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0523EAF4-402C-4435-A0DA-13C40193D811}" = Logitech GamePanel Software 2.02
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54A9A9E1-8C4C-44FE-AA6B-182EA1E779FD}" = Hercules WiFi Station N
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7726CF62-7B45-4E6D-9266-615346816BCA}" = Rescue and Recovery
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"Ext2Ifs_for_NT501" = Ext2 IFS 1.11a for Windows XP
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"JDownloader" = JDownloader
"Macro Express 3" = Macro Express 3
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MouseSuite98" = Mouse Suite
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49b
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Opera 11.01.1190" = Opera 11.01
"Proxifier_is1" = Proxifier version 2.91
"QcDrv" = Logitech® Camera-Treiber
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.1.11
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMCSetup" = Windows Media Connect
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Skat-Online V9" = Skat-Online V9
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.06.2012 16:43:24 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3906
 
Error - 13.06.2012 16:43:24 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3906
 
Error - 15.06.2012 10:15:59 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.06.2012 10:15:59 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1985
 
Error - 15.06.2012 10:15:59 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1985
 
Error - 15.06.2012 10:16:01 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 15.06.2012 10:16:01 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4000
 
Error - 15.06.2012 10:16:01 | Computer Name = BLECHBOX | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4000
 
Error - 19.06.2012 16:05:09 | Computer Name = BLECHBOX | Source = Google Update | ID = 20
Description =
 
Error - 23.06.2012 10:49:45 | Computer Name = BLECHBOX | Source = Google Update | ID = 20
Description =
 
[ System Events ]
Error - 22.06.2012 05:59:04 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 22.06.2012 11:07:26 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 22.06.2012 11:07:26 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
 
Error - 22.06.2012 11:07:26 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 22.06.2012 19:20:10 | Computer Name = BLECHBOX | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 22.06.2012 19:21:30 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 22.06.2012 19:21:30 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
 
Error - 22.06.2012 19:21:30 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 23.06.2012 04:11:25 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 23.06.2012 10:51:04 | Computer Name = BLECHBOX | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
 
< End of report >

--- --- ---


Und Gmer log, der wurde aber abgebrochen nachdem er einen Rootkit auffand
Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-23 22:29:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDS721680PLA380 rev.P21OABBA
Running: ugsw52w2.exe; Driver: C:\DOKUME~1\Invi\LOKALE~1\Temp\uwrdqpog.sys


---- System - GMER 1.0.15 ----

SSDT            F7BF91A4                                                                          ZwClose
SSDT            F7BF915E                                                                          ZwCreateKey
SSDT            F7BF91AE                                                                          ZwCreateSection
SSDT            F7BF9154                                                                          ZwCreateThread
SSDT            F7BF9163                                                                          ZwDeleteKey
SSDT            F7BF916D                                                                          ZwDeleteValueKey
SSDT            F7BF919F                                                                          ZwDuplicateObject
SSDT            F7BF9172                                                                          ZwLoadKey
SSDT            F7BF9140                                                                          ZwOpenProcess
SSDT            F7BF9145                                                                          ZwOpenThread
SSDT            F7BF917C                                                                          ZwReplaceKey
SSDT            F7BF9177                                                                          ZwRestoreKey
SSDT            F7BF91B3                                                                          ZwSetContextThread
SSDT            F7BF9168                                                                          ZwSetValueKey
SSDT            F7BF914F                                                                          ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

?              dimaint.sys                                                                      Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Mozilla Firefox\firefox.exe[3736] ntdll.dll!LdrLoadDll              7C92632D 5 Bytes  JMP 0115FA35 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Programme\Mozilla Firefox\firefox.exe[3736] kernel32.dll!VirtualAlloc          7C809AF1 5 Bytes  JMP 014007C5 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Programme\Mozilla Firefox\firefox.exe[3736] kernel32.dll!MapViewOfFile        7C80B9A5 5 Bytes  JMP 0140079E C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Programme\Mozilla Firefox\firefox.exe[3736] GDI32.dll!CreateDIBSection        77EF9E19 5 Bytes  JMP 01400728 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                          fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library        c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [568]          0x45670000                                                                               
Library        c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1724]  0x45670000                                                                               

---- EOF - GMER 1.0.15 ----

Schonmal danke im vorraus :)

cosinus 26.06.2012 14:50

Zitat:

TR/ATRAPS.Gen2, TR/Sirefef.AG.35 u TR/Small.FI Meldungen
Schön und wo sind die Logs dazu? http://cosgan.de/images/midi/boese/a040.gif

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Invi 26.06.2012 18:07

Sry :D Total vergessen

Hier der Antivir report

Code:


Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Dienstag, 26. Juni 2012  18:49

Es wird nach 3843756 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows XP
Windowsversion : (Service Pack 3)  [5.1.2600]
Boot Modus    : Normal gebootet
Benutzername  : Invi
Computername  : BLECHBOX

Versionsinformationen:
BUILD.DAT      : 10.2.0.707    36070 Bytes  25.01.2012 12:53:00
AVSCAN.EXE    : 10.3.0.7      484008 Bytes  07.07.2011 08:15:42
AVSCAN.DLL    : 10.0.5.0      57192 Bytes  07.07.2011 08:15:42
LUKE.DLL      : 10.3.0.5      45416 Bytes  07.07.2011 08:15:43
LUKERES.DLL    : 10.0.0.0      13672 Bytes  14.01.2010 10:59:47
AVSCPLR.DLL    : 10.3.0.7      119656 Bytes  07.07.2011 08:15:43
AVREG.DLL      : 10.3.0.9      88833 Bytes  18.07.2011 10:51:44
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 08:05:36
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 13:14:25
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 12:47:30
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 11:24:42
VBASE004.VDF  : 7.11.26.44  4329472 Bytes  28.03.2012 10:59:25
VBASE005.VDF  : 7.11.29.136  2166272 Bytes  10.05.2012 10:32:11
VBASE006.VDF  : 7.11.29.137    2048 Bytes  10.05.2012 10:32:15
VBASE007.VDF  : 7.11.29.138    2048 Bytes  10.05.2012 10:32:16
VBASE008.VDF  : 7.11.29.139    2048 Bytes  10.05.2012 10:32:16
VBASE009.VDF  : 7.11.29.140    2048 Bytes  10.05.2012 10:32:17
VBASE010.VDF  : 7.11.29.141    2048 Bytes  10.05.2012 10:32:17
VBASE011.VDF  : 7.11.29.142    2048 Bytes  10.05.2012 10:32:17
VBASE012.VDF  : 7.11.29.143    2048 Bytes  10.05.2012 10:32:18
VBASE013.VDF  : 7.11.29.144    2048 Bytes  10.05.2012 10:32:18
VBASE014.VDF  : 7.11.30.3    198144 Bytes  14.05.2012 10:32:24
VBASE015.VDF  : 7.11.30.69    186368 Bytes  17.05.2012 10:32:28
VBASE016.VDF  : 7.11.30.143  223744 Bytes  21.05.2012 10:34:51
VBASE017.VDF  : 7.11.30.207  287744 Bytes  23.05.2012 14:15:04
VBASE018.VDF  : 7.11.31.57    188416 Bytes  28.05.2012 11:33:01
VBASE019.VDF  : 7.11.31.111  214528 Bytes  30.05.2012 11:33:03
VBASE020.VDF  : 7.11.31.151  116736 Bytes  31.05.2012 12:16:39
VBASE021.VDF  : 7.11.31.205  134144 Bytes  03.06.2012 09:53:50
VBASE022.VDF  : 7.11.32.9    169472 Bytes  05.06.2012 09:53:50
VBASE023.VDF  : 7.11.32.85    155648 Bytes  08.06.2012 21:43:19
VBASE024.VDF  : 7.11.32.133  127488 Bytes  11.06.2012 12:54:34
VBASE025.VDF  : 7.11.32.171  182784 Bytes  12.06.2012 12:54:35
VBASE026.VDF  : 7.11.32.251  119296 Bytes  14.06.2012 12:54:35
VBASE027.VDF  : 7.11.32.252    2048 Bytes  14.06.2012 12:54:36
VBASE028.VDF  : 7.11.32.253    2048 Bytes  14.06.2012 12:54:36
VBASE029.VDF  : 7.11.32.254    2048 Bytes  14.06.2012 12:54:36
VBASE030.VDF  : 7.11.32.255    2048 Bytes  14.06.2012 12:54:36
VBASE031.VDF  : 7.11.33.54    94208 Bytes  17.06.2012 12:54:37
Engineversion  : 8.2.10.92
AEVDF.DLL      : 8.1.2.8      106867 Bytes  07.06.2012 09:53:55
AESCRIPT.DLL  : 8.1.4.26      450939 Bytes  17.06.2012 12:54:54
AESCN.DLL      : 8.1.8.2      131444 Bytes  28.01.2012 12:52:48
AESBX.DLL      : 8.2.5.12      606578 Bytes  17.06.2012 12:54:55
AERDL.DLL      : 8.1.9.15      639348 Bytes  09.09.2011 11:53:54
AEPACK.DLL    : 8.2.16.18    807287 Bytes  17.06.2012 12:54:53
AEOFFICE.DLL  : 8.1.2.36      201082 Bytes  17.06.2012 12:54:50
AEHEUR.DLL    : 8.1.4.46    4923767 Bytes  17.06.2012 12:54:49
AEHELP.DLL    : 8.1.21.0      254326 Bytes  19.05.2012 10:32:38
AEGEN.DLL      : 8.1.5.30      422261 Bytes  17.06.2012 12:54:38
AEEXP.DLL      : 8.1.0.52      82293 Bytes  17.06.2012 12:54:55
AEEMU.DLL      : 8.1.3.0      393589 Bytes  01.12.2010 13:24:17
AECORE.DLL    : 8.1.25.10    201080 Bytes  01.06.2012 12:17:01
AEBB.DLL      : 8.1.1.0        53618 Bytes  16.07.2010 19:51:23
AVWINLL.DLL    : 10.0.0.0      19304 Bytes  14.01.2010 10:59:10
AVPREF.DLL    : 10.0.3.2      44904 Bytes  07.07.2011 08:15:42
AVREP.DLL      : 10.0.0.10    174120 Bytes  21.05.2011 00:05:31
AVARKT.DLL    : 10.0.26.1    255336 Bytes  07.07.2011 08:15:41
AVEVTLOG.DLL  : 10.0.0.9      203112 Bytes  07.07.2011 08:15:42
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 11:57:53
AVSMTP.DLL    : 10.0.0.17      63848 Bytes  16.03.2010 14:38:54
NETNT.DLL      : 10.0.0.0      11624 Bytes  19.02.2010 13:40:55
RCIMAGE.DLL    : 10.0.0.35    2589544 Bytes  07.07.2011 08:15:41
RCTEXT.DLL    : 10.0.64.0      98664 Bytes  07.07.2011 08:15:41

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: ShlExt
Konfigurationsdatei...................: C:\DOKUME~1\Invi\LOKALE~1\Temp\c3a19de8.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: aus
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Intelligente Dateiauswahl
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Dienstag, 26. Juni 2012  18:49

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\WINDOWS'
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\00000001.@
  [FUND]      Ist das Trojanische Pferd TR/Small.FI
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\80000000.@
  [FUND]      Ist das Trojanische Pferd TR/Sirefef.AG.35
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\800000cb.@
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2

Beginne mit der Desinfektion:
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\800000cb.@
  [FUND]      Ist das Trojanische Pferd TR/ATRAPS.Gen2
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5af348b3.qua' verschoben!
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\80000000.@
  [FUND]      Ist das Trojanische Pferd TR/Sirefef.AG.35
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '42646714.qua' verschoben!
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\00000001.@
  [FUND]      Ist das Trojanische Pferd TR/Small.FI
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '103b3dfc.qua' verschoben!


Ende des Suchlaufs: Dienstag, 26. Juni 2012  19:05
Benötigte Zeit: 15:42 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  3412 Verzeichnisse wurden überprüft
  83525 Dateien wurden geprüft
      3 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      3 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
  83522 Dateien ohne Befall
    633 Archive wurden durchsucht
      0 Warnungen
      3 Hinweise


cosinus 26.06.2012 18:31

Ach die Dinger mal wieder...:D...ist auch ne regelrechte Welle gerade

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Invi 27.06.2012 09:36

Naja soweit so gut, danke für die Hilfe...
Jedoch hab ich nun einige Dinge zu beklagen.
Zwar schweigt Antivir seit der verschiebung durch Malwarebytes und bringt keine ständigen Virenmeldungen mehr, jedoch hat Eset trotzdem noch ne Menge gefunden.
Seit der Nutzung von Malwarebytes habe ich außerdem keine Desktopordnung mehr, bei jedem Neustart ist alles in Alphabetischer Reihenfolge links angeordnet, wie in einem normalen Ordner.
Desweiteren habe ich keinen Zugriff auf die Firewall mehr (Hier könnte es allerdings gut sein dass das vorher schon der Fall war, hab schon lange nicht mehr versucht die Einstellungen zu öffnen), wenn ich jetzt versuche sie zu öffnen kommt die Fehlermeldung: Aufgrund eines unbekannten Problems konnten die Einstellungen der Windows Firewall nicht angezeigt werden.
Daher musste ich Eset auch mit aktivierter Firewall durchlaufen lassen.

Hier die beiden Logs:

Malwarebytes
Code:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.26.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.11
Invi :: BLECHBOX [Administrator]

26.06.2012 20:57:06
mbam-log-2012-06-26 (20-57-06).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 354548
Laufzeit: 1 Stunde(n), 30 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\n.) Gut: (wbemess.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\promo.exe (PUP.Soge) -> Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\n (Trojan.Dropper.PE4) -> Löschen bei Neustart.
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\n (Trojan.Dropper.PE4) -> Löschen bei Neustart.
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)





Eset (Hier war ich anscheinend zu doof den richtigen log zu speichern... hier aber wenigstens die Virenmeldungen die Eset brachte)
Code:

C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\promo.exe        Win32/TrojanDownloader.Adload.NIU trojan
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\setup.exe        multiple threats
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Temp\Update_0ae5.exe        a variant of Win32/MessengerPlus.A application
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Temp\msgpl_3353.tmp\MsgPlusSetup.exe        a variant of Win32/MessengerPlus.A application
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Temp\msgpl_3353.tmp\PlusPlusSetup.dat        a variant of Win32/MessengerPlus.A application
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Temp\msgpl_c3ff.tmp\MsgPlusSetup.exe        a variant of Win32/MessengerPlus.A application
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Temp\msgpl_c3ff.tmp\PlusPlusSetup.dat        a variant of Win32/MessengerPlus.A application
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\4410\icq_7.2_build_3129_banner_remover.zip        Win32/Adware.ADON application
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\4410\icq_7.2_build_3129_banner_remover\ICQ 7.2 Build #3129 Banner Remover 1.0 Setup.exe        Win32/Adware.ADON application
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\R487WPM1\new-online-dating_net[1].htm        HTML/ScrInject.B.Gen virus

Hier halte ich die meisten aber für ungefährlich bzw. falsch (ICQ Banner remover und Messenger Plus habe ich seit ewigkeiten und sind nur kleine Messenger Programme), lasse mich jedoch auch gern eines besseren belehren.

cosinus 27.06.2012 13:36

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Invi 27.06.2012 18:36

Hier der neue OTL log

Code:

OTL logfile created on: 27.06.2012 19:18:15 - Run 2
OTL by OldTimer - Version 3.2.52.0    Folder = C:\Dokumente und Einstellungen\Invi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,35 Mb Total Physical Memory | 411,41 Mb Available Physical Memory | 40,56% Memory free
2,39 Gb Paging File | 1,71 Gb Available in Paging File | 71,49% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 70,77 Gb Total Space | 15,05 Gb Free Space | 21,26% Space Free | Partition Type: NTFS
 
Computer Name: BLECHBOX | User Name: Invi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.23 20:20:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Invi\Desktop\OTL.exe
PRC - [2012.02.27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.07.07 10:15:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.09 13:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.05.04 14:22:54 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.01 15:24:17 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.06 13:25:14 | 000,720,704 | ---- | M] (TuneUp Software) -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesApp32.exe
PRC - [2010.07.06 13:23:40 | 001,051,968 | ---- | M] (TuneUp Software) -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesService32.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.07 15:35:00 | 000,053,544 | ---- | M] (Guillemot Corporation) -- C:\WINDOWS\system32\HerculesWiFiService.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.13 17:59:14 | 000,346,648 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2007.12.13 17:57:24 | 002,095,640 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2006.11.13 13:50:28 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\wcescomm.exe
PRC - [2006.11.13 13:50:16 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\rapimgr.exe
PRC - [2006.07.14 18:05:32 | 000,503,808 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2006.07.14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
PRC - [2006.07.14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
PRC - [2005.07.19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005.06.08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Video\LogiTray.exe
PRC - [2005.06.08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\Video\FxSvr2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.13 19:30:30 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.05.13 00:45:00 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.13 00:44:48 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.01.05 19:05:05 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2010.07.16 18:52:12 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2010.01.28 13:57:53 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2006.07.14 17:36:00 | 000,022,016 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\Logger\logmon.exe
MOD - [2006.07.14 17:35:28 | 000,139,264 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\CDRecord.dll
MOD - [2006.07.14 17:24:52 | 000,629,504 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
MOD - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\system32\PsaSrv.exe -- (PsaSrv)
SRV - [2012.06.23 16:53:20 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.07.07 10:15:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.04 14:22:54 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.29 12:50:14 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.07.06 13:23:40 | 001,051,968 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.07.06 13:20:38 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.05.07 15:35:00 | 000,053,544 | ---- | M] (Guillemot Corporation) [Auto | Running] -- C:\WINDOWS\system32\HerculesWiFiService.exe -- (HerculesWiFi)
SRV - [2006.07.14 18:05:24 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2006.07.14 17:24:52 | 000,629,504 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2006.07.14 15:52:48 | 000,045,056 | ---- | M] () [Auto | Running] -- C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe -- (tvtnetwk)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.06 18:13:10 | 000,856,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\psadd.sys -- (psadd)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Invi\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.07.07 10:15:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.07 10:15:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.02.24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.05.15 11:26:24 | 000,583,552 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.09.25 18:35:24 | 000,181,120 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ext2fs.sys -- (Ext2fs)
DRV - [2008.08.28 23:45:58 | 000,051,072 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ifsmount.sys -- (IfsMount)
DRV - [2006.05.10 09:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005.05.27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005.01.07 17:07:16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.10.08 12:59:12 | 000,326,656 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl)
DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\G400m.sys -- (G400)
DRV - [2001.08.17 12:14:52 | 000,952,007 | ---- | M] (Eicon Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\disdn\Diwan.sys -- (DiWan)
DRV - [2001.08.17 12:13:52 | 000,091,305 | ---- | M] (Eicon Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\disdn\dimaint.sys -- (DiMaint)
DRV - [2001.08.17 12:13:48 | 000,164,923 | ---- | M] (Eicon Technology) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\disdn\capi20.sys -- (DiCapi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-788714031-3270273673-1796202824-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkcentre [binary data]
IE - HKU\S-1-5-21-788714031-3270273673-1796202824-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
IE - HKU\S-1-5-21-788714031-3270273673-1796202824-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-788714031-3270273673-1796202824-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-788714031-3270273673-1796202824-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-788714031-3270273673-1796202824-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.http: "109.123.126.253"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.23 16:53:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.11 17:18:19 | 000,000,000 | ---D | M]
 
[2010.07.16 23:29:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Extensions
[2012.06.21 20:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\extensions
[2011.06.29 16:30:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.21 20:56:53 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\extensions\info@djzig.com
[2012.01.07 12:02:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.06 13:57:53 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INVI\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\88AS021Z.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.06.15 19:59:05 | 000,182,698 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\INVI\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\88AS021Z.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.23 16:53:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2012.06.23 16:53:11 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 16:53:11 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.23 16:53:11 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 16:53:11 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 16:53:11 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 16:53:11 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.31 12:34:25 | 000,001,017 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 ar.atwola.com
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDevAgt] C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKU\S-1-5-21-788714031-3270273673-1796202824-1005..\Run: [Facebook Update] C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-788714031-3270273673-1796202824-1005..\Run: [H/PC Connection Agent] C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\Wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-788714031-3270273673-1796202824-1005..\Run: [RocketDock] C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Invi\Startmenü\Programme\Autostart\CurseClientStartup.ccip ()
O4 - Startup: C:\Dokumente und Einstellungen\Invi\Startmenü\Programme\Autostart\WiFi Station N.lnk = C:\Programme\Hercules\WiFiStationN\WiFiN.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-788714031-3270273673-1796202824-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\PrxerNsp.dll (Initex Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\PrxerDrv.dll (Initex Software)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA1440BA-BAE0-44F7-9E91-7CBF25A5A6D2}: NameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 04:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "mnmsrvc"
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.26 23:44:52 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.06.26 20:54:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Malwarebytes
[2012.06.26 20:54:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.26 20:54:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.26 20:54:24 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.26 18:45:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira
[2012.06.23 20:34:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2012.06.23 20:34:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun
[2012.06.23 20:20:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Invi\Desktop\OTL.exe
[2012.06.23 20:19:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Invi\Desktop\Virus kram
[2012.06.20 11:40:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2012.06.20 11:39:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2012.06.19 21:40:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.10.26 16:07:46 | 001,382,304 | ---- | C] (DownVision                                                  ) -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\setup.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.27 19:05:03 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-788714031-3270273673-1796202824-1005UA.job
[2012.06.27 16:05:01 | 000,000,992 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-788714031-3270273673-1796202824-1005Core.job
[2012.06.27 10:19:56 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.27 10:18:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.27 10:18:46 | 1063,694,336 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.26 20:54:29 | 000,000,916 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.23 20:29:05 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\defogger_reenable
[2012.06.23 20:26:41 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\ugsw52w2.exe
[2012.06.23 20:20:42 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Invi\Desktop\OTL.exe
[2012.06.23 20:19:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\Defogger.exe
[2012.06.17 18:07:12 | 000,055,281 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\itunes-50-de.jpg
[2012.06.16 20:18:30 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.06.13 19:21:46 | 000,122,136 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 17:48:40 | 000,527,846 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.13 17:48:40 | 000,502,862 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.13 17:48:40 | 000,105,808 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.13 17:48:40 | 000,088,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.13 17:34:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.12 17:49:42 | 000,072,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\fischkugel.jpg
[2012.06.11 23:30:41 | 000,035,541 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Desktop\dat ass.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.26 20:54:29 | 000,000,916 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.23 20:29:05 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\defogger_reenable
[2012.06.23 20:26:39 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\ugsw52w2.exe
[2012.06.23 20:19:38 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\Defogger.exe
[2012.06.17 18:07:11 | 000,055,281 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\itunes-50-de.jpg
[2012.06.12 17:49:33 | 000,072,392 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\fischkugel.jpg
[2012.06.11 23:30:39 | 000,035,541 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Desktop\dat ass.jpg
[2012.05.18 20:16:40 | 000,419,200 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.04.16 20:13:47 | 000,154,104 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2012.04.16 20:13:46 | 000,007,262 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2012.04.15 22:58:35 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2012.02.15 14:44:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.12 01:46:04 | 000,019,160 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.10.26 16:07:53 | 000,000,544 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\ea sports online pass.exe.torrent
[2011.10.26 16:07:04 | 000,459,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\promo.exe
[2011.09.24 11:18:39 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\$_hpcst$.hpc
[2011.02.25 19:50:52 | 000,001,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\.recently-used.xbel
[2011.02.09 15:13:27 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\d3d9caps.dat
[2011.01.20 10:39:37 | 000,000,180 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Current.prx
[2011.01.05 19:05:05 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011.01.05 19:05:05 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2010.12.22 09:33:21 | 000,000,019 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\user.PROKISS
[2010.10.09 02:06:16 | 000,000,261 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2010.08.04 18:02:09 | 000,119,296 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.18 01:04:13 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2010.07.18 01:04:09 | 000,006,812 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010.07.17 04:16:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.17 02:10:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.07.16 23:29:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.07.16 20:07:57 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\Procdb.ini
[2010.07.16 19:53:26 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.07.16 19:40:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.07.16 19:11:03 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010.07.16 19:05:54 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2010.07.16 19:03:06 | 000,000,156 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.07.16 19:02:22 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010.07.16 19:02:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010.07.16 19:02:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010.07.16 19:02:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010.07.16 19:02:22 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010.07.16 19:02:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010.07.16 18:57:11 | 000,650,608 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2010.07.16 18:57:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010.07.16 18:56:48 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2010.07.16 18:56:48 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2010.07.16 18:56:47 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2010.07.16 18:56:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\FSRremoS.EXE
[2010.07.16 18:52:17 | 000,000,138 | ---- | C] () -- C:\WINDOWS\System32\Softkbd.exe.config
[2010.07.16 18:46:54 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\DIVAprop.dll
[2010.07.16 18:46:54 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\divasu.dll
[2010.07.16 18:46:54 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\divaci.dll
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\@
[2006.01.27 03:01:16 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\@
 
========== LOP Check ==========
 
[2010.07.16 19:59:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lenovo
[2010.07.16 19:16:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ThinkVantage
[2012.04.15 22:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.10.19 00:12:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2010.09.03 00:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DRM
[2010.08.25 15:39:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Insight Software
[2010.08.25 15:33:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Insight Software Solutions
[2010.07.16 19:16:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2012.02.25 12:02:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2011.01.05 19:07:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pdf995
[2010.11.14 21:29:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2010.07.29 12:49:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.02.07 22:03:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.07.29 12:48:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.07.16 19:59:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Lenovo
[2010.07.16 19:16:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\ThinkVantage
[2012.04.15 22:58:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Canneverbe Limited
[2010.10.06 16:24:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.06.29 16:30:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.01.05 19:07:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\GetRightToGo
[2011.02.25 19:50:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\gtk-2.0
[2010.07.31 12:51:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Gutscheinmieze
[2012.05.08 23:27:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\ICQ
[2010.10.03 04:13:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Lenovo
[2010.11.14 13:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\LolClient
[2012.04.29 02:44:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mp3tag
[2010.12.10 16:20:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\ooVoo Details
[2010.09.20 06:07:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\OpenOffice.org
[2010.08.01 17:04:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Opera
[2012.02.11 23:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\redsn0w
[2012.02.21 18:33:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\TeamViewer
[2010.07.16 19:16:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\ThinkVantage
[2010.07.29 12:41:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\TuneUp Software
[2011.02.20 13:10:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\www.rene-zeidler.de
[2010.07.17 17:59:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invictus\Anwendungsdaten\ICQ
[2012.06.27 16:05:01 | 000,000,992 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-788714031-3270273673-1796202824-1005Core.job
[2012.06.27 19:05:03 | 000,001,014 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-788714031-3270273673-1796202824-1005UA.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.05 17:27:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Adobe
[2010.08.01 17:09:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\AdobeUM
[2012.02.27 23:28:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Apple Computer
[2010.10.08 20:33:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Avira
[2012.04.15 22:58:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Canneverbe Limited
[2010.10.06 16:24:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2010.09.30 21:04:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\DivX
[2011.01.03 20:07:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\dvdcss
[2011.06.29 16:30:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.01.05 19:07:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\GetRightToGo
[2011.02.25 19:50:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\gtk-2.0
[2010.07.31 12:51:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Gutscheinmieze
[2012.04.25 17:59:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Help
[2012.05.08 23:27:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\ICQ
[2006.01.26 00:26:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Identities
[2010.07.16 20:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\InstallShield
[2010.10.03 04:13:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Lenovo
[2010.11.14 13:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\LolClient
[2010.07.16 19:27:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Macromedia
[2012.06.26 20:54:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Malwarebytes
[2011.09.24 11:19:20 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Microsoft
[2010.07.16 23:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla
[2012.04.29 02:44:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mp3tag
[2010.12.10 16:20:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\ooVoo Details
[2010.09.20 06:07:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\OpenOffice.org
[2010.08.01 17:04:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Opera
[2012.02.11 23:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\redsn0w
[2012.06.27 19:15:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Skype
[2011.07.19 16:27:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\skypePM
[2010.07.16 23:21:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Sun
[2010.07.16 19:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Symantec
[2010.08.08 19:09:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\teamspeak2
[2012.02.21 18:33:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\TeamViewer
[2010.07.16 19:16:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\ThinkVantage
[2010.07.29 12:41:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\TuneUp Software
[2012.03.25 12:29:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\vlc
[2010.08.02 02:01:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Winamp
[2010.07.19 22:27:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\WinRAR
[2011.02.20 13:10:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\www.rene-zeidler.de
 
< %APPDATA%\*.exe /s >
[2009.10.10 11:07:54 | 000,038,208 | ---- | M] () -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.07.16 20:35:47 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.07.16 20:35:47 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.07.16 20:35:47 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.07.16 20:35:47 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2005.10.11 18:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\I386\user32.dll
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2005.04.01 20:33:14 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=B0B3908F5432F9DBBCD83CA4C33F0D82 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.01.26 20:08:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.01.26 20:08:21 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.01.26 20:08:20 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<          >

< End of report >


cosinus 28.06.2012 12:22

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
FF - user.js - File not found
[2011.06.29 16:30:33 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-788714031-3270273673-1796202824-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
:Files
C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Gutscheinmieze
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\@
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\@
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\n
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\promo.exe
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\setup.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Invi 29.06.2012 13:23

Hier der fix-log

Code:

All processes killed
========== OTL ==========
C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-788714031-3270273673-1796202824-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
========== FILES ==========
C:\Dokumente und Einstellungen\Invi\Anwendungsdaten\Gutscheinmieze folder moved successfully.
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\@ moved successfully.
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\@ moved successfully.
File\Folder C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\n not found.
C:\WINDOWS\Installer\{5574bc6e-bb8b-7b3f-b9a2-0de466ab157f}\U folder moved successfully.
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\promo.exe moved successfully.
C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\setup.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41044 bytes
 
User: Invi
->Temp folder emptied: 770610218 bytes
->Temporary Internet Files folder emptied: 159237207 bytes
->Java cache emptied: 71621577 bytes
->FireFox cache emptied: 668004253 bytes
->Opera cache emptied: 13273167 bytes
->Flash cache emptied: 182626 bytes
 
User: Invictus
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3646983 bytes
->Flash cache emptied: 456 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7132797 bytes
->Java cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 323371 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.616,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Invi
->Flash cache emptied: 0 bytes
 
User: Invictus
 
User: LocalService
->Flash cache emptied: 0 bytes
 
User: NetworkService
 
Total Flash Files Cleaned = 0,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.52.0 log created on 06292012_140338

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


cosinus 29.06.2012 14:38

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Invi 01.07.2012 12:26

Report:

Code:

13:22:41.0765 0308        TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
13:22:42.0062 0308        ============================================================
13:22:42.0062 0308        Current date / time: 2012/07/01 13:22:42.0062
13:22:42.0062 0308        SystemInfo:
13:22:42.0062 0308       
13:22:42.0062 0308        OS Version: 5.1.2600 ServicePack: 3.0
13:22:42.0062 0308        Product type: Workstation
13:22:42.0062 0308        ComputerName: BLECHBOX
13:22:42.0062 0308        UserName: Invi
13:22:42.0062 0308        Windows directory: C:\WINDOWS
13:22:42.0062 0308        System windows directory: C:\WINDOWS
13:22:42.0062 0308        Processor architecture: Intel x86
13:22:42.0062 0308        Number of processors: 2
13:22:42.0062 0308        Page size: 0x1000
13:22:42.0062 0308        Boot type: Normal boot
13:22:42.0062 0308        ============================================================
13:22:44.0046 0308        Drive \Device\Harddisk0\DR0 - Size: 0x12A2480000 (74.54 Gb), SectorSize: 0x200, Cylinders: 0x2602, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:22:44.0078 0308        ============================================================
13:22:44.0078 0308        \Device\Harddisk0\DR0:
13:22:44.0078 0308        MBR partitions:
13:22:44.0078 0308        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8D88857
13:22:44.0078 0308        ============================================================
13:22:44.0109 0308        C: <-> \Device\Harddisk0\DR0\Partition0
13:22:44.0140 0308        ============================================================
13:22:44.0140 0308        Initialize success
13:22:44.0140 0308        ============================================================
13:23:34.0265 2372        ============================================================
13:23:34.0265 2372        Scan started
13:23:34.0265 2372        Mode: Manual; SigCheck; TDLFS;
13:23:34.0265 2372        ============================================================
13:23:34.0437 2372        Abiosdsk - ok
13:23:34.0468 2372        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:23:35.0296 2372        abp480n5 - ok
13:23:35.0312 2372        ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
13:23:35.0453 2372        ac97intc - ok
13:23:35.0515 2372        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:23:35.0703 2372        ACPI - ok
13:23:35.0718 2372        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:23:35.0843 2372        ACPIEC - ok
13:23:35.0906 2372        ADIHdAudAddService (45e7a5e6963fa9d69cb85f50a271e3df) C:\WINDOWS\system32\drivers\ADIHdAud.sys
13:23:35.0953 2372        ADIHdAudAddService - ok
13:23:35.0984 2372        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:23:36.0093 2372        adpu160m - ok
13:23:36.0109 2372        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:23:36.0234 2372        aec - ok
13:23:36.0265 2372        AegisP          (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:23:36.0296 2372        AegisP ( UnsignedFile.Multi.Generic ) - warning
13:23:36.0296 2372        AegisP - detected UnsignedFile.Multi.Generic (1)
13:23:36.0343 2372        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:23:36.0390 2372        AFD - ok
13:23:36.0437 2372        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:23:36.0562 2372        agp440 - ok
13:23:36.0593 2372        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:23:36.0718 2372        agpCPQ - ok
13:23:36.0765 2372        Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:23:36.0812 2372        Aha154x - ok
13:23:36.0828 2372        aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:23:36.0953 2372        aic78u2 - ok
13:23:36.0968 2372        aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:23:37.0078 2372        aic78xx - ok
13:23:37.0125 2372        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
13:23:37.0250 2372        Alerter - ok
13:23:37.0265 2372        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
13:23:37.0375 2372        ALG - ok
13:23:37.0390 2372        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:23:37.0515 2372        AliIde - ok
13:23:37.0531 2372        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:23:37.0656 2372        alim1541 - ok
13:23:37.0671 2372        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:23:37.0796 2372        amdagp - ok
13:23:37.0843 2372        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:23:37.0906 2372        amsint - ok
13:23:38.0031 2372        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
13:23:38.0046 2372        AntiVirSchedulerService - ok
13:23:38.0062 2372        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
13:23:38.0078 2372        AntiVirService - ok
13:23:38.0140 2372        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:23:38.0156 2372        Apple Mobile Device - ok
13:23:38.0203 2372        AppMgmt        (d45960be52c3c610d361977057f98c54) C:\WINDOWS\System32\appmgmts.dll
13:23:38.0328 2372        AppMgmt - ok
13:23:38.0343 2372        asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:23:38.0468 2372        asc - ok
13:23:38.0531 2372        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:23:38.0593 2372        asc3350p - ok
13:23:38.0609 2372        asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:23:38.0718 2372        asc3550 - ok
13:23:38.0875 2372        aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:23:38.0906 2372        aspnet_state - ok
13:23:38.0921 2372        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:23:39.0046 2372        AsyncMac - ok
13:23:39.0062 2372        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:23:39.0187 2372        atapi - ok
13:23:39.0187 2372        Atdisk - ok
13:23:39.0203 2372        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:23:39.0328 2372        Atmarpc - ok
13:23:39.0359 2372        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
13:23:39.0484 2372        AudioSrv - ok
13:23:39.0515 2372        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:23:39.0640 2372        audstub - ok
13:23:39.0671 2372        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:23:39.0671 2372        avgio - ok
13:23:39.0687 2372        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:23:39.0718 2372        avgntflt - ok
13:23:39.0734 2372        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:23:39.0750 2372        avipbb - ok
13:23:39.0796 2372        b57w2k          (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
13:23:39.0843 2372        b57w2k - ok
13:23:39.0859 2372        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:23:40.0000 2372        Beep - ok
13:23:40.0046 2372        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
13:23:40.0187 2372        BITS - ok
13:23:40.0312 2372        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
13:23:40.0343 2372        Bonjour Service - ok
13:23:40.0375 2372        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
13:23:40.0500 2372        Browser - ok
13:23:40.0546 2372        CamDrL          (cba8bce5bf67a3c619d5ce540bed9cf7) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
13:23:40.0625 2372        CamDrL - ok
13:23:40.0656 2372        cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:23:40.0781 2372        cbidf - ok
13:23:40.0796 2372        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:23:40.0906 2372        cbidf2k - ok
13:23:40.0921 2372        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:23:41.0031 2372        CCDECODE - ok
13:23:41.0078 2372        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:23:41.0140 2372        cd20xrnt - ok
13:23:41.0156 2372        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:23:41.0281 2372        Cdaudio - ok
13:23:41.0328 2372        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:23:41.0437 2372        Cdfs - ok
13:23:41.0453 2372        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:23:41.0578 2372        Cdrom - ok
13:23:41.0578 2372        Changer - ok
13:23:41.0593 2372        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
13:23:41.0718 2372        CiSvc - ok
13:23:41.0765 2372        ClipSrv        (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe
13:23:41.0890 2372        ClipSrv - ok
13:23:42.0015 2372        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:42.0125 2372        clr_optimization_v2.0.50727_32 - ok
13:23:42.0203 2372        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:23:42.0406 2372        clr_optimization_v4.0.30319_32 - ok
13:23:42.0468 2372        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:23:42.0593 2372        CmdIde - ok
13:23:42.0593 2372        COMSysApp - ok
13:23:42.0640 2372        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:23:42.0750 2372        Cpqarray - ok
13:23:42.0890 2372        cpuz132 - ok
13:23:42.0937 2372        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
13:23:43.0046 2372        CryptSvc - ok
13:23:43.0062 2372        dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:23:43.0187 2372        dac2w2k - ok
13:23:43.0203 2372        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:23:43.0328 2372        dac960nt - ok
13:23:43.0390 2372        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:23:43.0484 2372        DcomLaunch - ok
13:23:43.0515 2372        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
13:23:43.0671 2372        Dhcp - ok
13:23:43.0734 2372        DiCapi          (16a6f479f49fd1fa06bb5539a3d493f8) C:\WINDOWS\system32\DRIVERS\DISDN\capi20.sys
13:23:43.0859 2372        DiCapi - ok
13:23:43.0890 2372        DiMaint        (99a1ffd0e527d3b88e34735d85eaaa04) C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys
13:23:44.0015 2372        DiMaint - ok
13:23:44.0031 2372        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:23:44.0125 2372        Disk - ok
13:23:44.0187 2372        DiWan          (1e9038be171ce8374da0659474466280) C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys
13:23:44.0343 2372        DiWan - ok
13:23:44.0359 2372        dmadmin - ok
13:23:44.0406 2372        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
13:23:44.0546 2372        dmboot - ok
13:23:44.0546 2372        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
13:23:44.0671 2372        dmio - ok
13:23:44.0703 2372        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:23:44.0812 2372        dmload - ok
13:23:44.0843 2372        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
13:23:44.0953 2372        dmserver - ok
13:23:45.0000 2372        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:23:45.0125 2372        DMusic - ok
13:23:45.0171 2372        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
13:23:45.0281 2372        Dnscache - ok
13:23:45.0343 2372        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
13:23:45.0453 2372        Dot3svc - ok
13:23:45.0468 2372        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:23:45.0625 2372        dpti2o - ok
13:23:45.0656 2372        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:23:45.0765 2372        drmkaud - ok
13:23:45.0812 2372        E100B          (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:23:45.0937 2372        E100B - ok
13:23:45.0953 2372        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
13:23:46.0109 2372        EapHost - ok
13:23:46.0140 2372        EGATHDRV        (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
13:23:46.0140 2372        EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
13:23:46.0140 2372        EGATHDRV - detected UnsignedFile.Multi.Generic (1)
13:23:46.0187 2372        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
13:23:46.0296 2372        ERSvc - ok
13:23:46.0343 2372        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:23:46.0406 2372        Eventlog - ok
13:23:46.0453 2372        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
13:23:46.0500 2372        EventSystem - ok
13:23:46.0546 2372        Ext2fs          (fbc0e085a5becba5dd3c401eeb6e45bb) C:\WINDOWS\system32\DRIVERS\ext2fs.sys
13:23:46.0562 2372        Ext2fs ( UnsignedFile.Multi.Generic ) - warning
13:23:46.0562 2372        Ext2fs - detected UnsignedFile.Multi.Generic (1)
13:23:46.0593 2372        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:23:46.0703 2372        Fastfat - ok
13:23:46.0750 2372        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:23:46.0796 2372        FastUserSwitchingCompatibility - ok
13:23:46.0812 2372        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:23:46.0937 2372        Fdc - ok
13:23:46.0953 2372        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
13:23:47.0062 2372        Fips - ok
13:23:47.0078 2372        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:23:47.0187 2372        Flpydisk - ok
13:23:47.0203 2372        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:23:47.0328 2372        FltMgr - ok
13:23:47.0484 2372        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:23:47.0500 2372        FontCache3.0.0.0 - ok
13:23:47.0515 2372        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:23:47.0640 2372        Fs_Rec - ok
13:23:47.0671 2372        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:23:47.0843 2372        Ftdisk - ok
13:23:47.0875 2372        G400            (33d00f8cb70ac5f7a8101f79d5273615) C:\WINDOWS\system32\DRIVERS\G400m.sys
13:23:48.0000 2372        G400 - ok
13:23:48.0046 2372        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:23:48.0062 2372        GEARAspiWDM - ok
13:23:48.0093 2372        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:23:48.0203 2372        Gpc - ok
13:23:48.0234 2372        HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
13:23:48.0281 2372        HdAudAddService - ok
13:23:48.0296 2372        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:23:48.0421 2372        HDAudBus - ok
13:23:48.0500 2372        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:23:48.0609 2372        helpsvc - ok
13:23:48.0640 2372        HerculesWiFi    (2f337d9ade7b9f2c954c6e799d82d619) C:\WINDOWS\system32\HerculesWiFiService.exe
13:23:48.0656 2372        HerculesWiFi - ok
13:23:48.0703 2372        HidServ        (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
13:23:48.0828 2372        HidServ - ok
13:23:48.0859 2372        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:23:48.0984 2372        HidUsb - ok
13:23:49.0031 2372        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
13:23:49.0125 2372        hkmsvc - ok
13:23:49.0156 2372        hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:23:49.0281 2372        hpn - ok
13:23:49.0421 2372        HPSLPSVC        (75f122cdca3c71bd09089f2ca824b796) C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
13:23:49.0468 2372        HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
13:23:49.0468 2372        HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
13:23:49.0531 2372        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:23:49.0640 2372        HTTP - ok
13:23:49.0687 2372        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
13:23:49.0796 2372        HTTPFilter - ok
13:23:49.0828 2372        i2omgmt        (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:23:49.0937 2372        i2omgmt - ok
13:23:49.0984 2372        i2omp          (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:23:50.0093 2372        i2omp - ok
13:23:50.0109 2372        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:23:50.0234 2372        i8042prt - ok
13:23:50.0484 2372        ialm            (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:23:50.0781 2372        ialm - ok
13:23:50.0937 2372        iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
13:23:51.0015 2372        iaStor - ok
13:23:51.0187 2372        IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
13:23:51.0203 2372        IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:23:51.0203 2372        IDriverT - detected UnsignedFile.Multi.Generic (1)
13:23:51.0375 2372        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:23:51.0406 2372        idsvc - ok
13:23:51.0500 2372        IfsMount        (f3f825fcc70471fd967126e1871b2cdc) C:\WINDOWS\system32\DRIVERS\ifsmount.sys
13:23:51.0515 2372        IfsMount ( UnsignedFile.Multi.Generic ) - warning
13:23:51.0515 2372        IfsMount - detected UnsignedFile.Multi.Generic (1)
13:23:51.0531 2372        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:23:51.0640 2372        Imapi - ok
13:23:51.0687 2372        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
13:23:51.0812 2372        ImapiService - ok
13:23:51.0828 2372        ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:23:51.0953 2372        ini910u - ok
13:23:51.0968 2372        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:23:52.0078 2372        IntelIde - ok
13:23:52.0125 2372        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:23:52.0250 2372        intelppm - ok
13:23:52.0250 2372        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:23:52.0375 2372        Ip6Fw - ok
13:23:52.0406 2372        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:23:52.0531 2372        IpFilterDriver - ok
13:23:52.0562 2372        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:23:52.0671 2372        IpInIp - ok
13:23:52.0687 2372        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:23:52.0796 2372        IpNat - ok
13:23:52.0906 2372        iPod Service    (49918803b661367023bf325cf602afdc) C:\Programme\iPod\bin\iPodService.exe
13:23:52.0953 2372        iPod Service - ok
13:23:52.0968 2372        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:23:53.0078 2372        IPSec - ok
13:23:53.0093 2372        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:23:53.0203 2372        IRENUM - ok
13:23:53.0265 2372        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:23:53.0359 2372        isapnp - ok
13:23:53.0484 2372        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe
13:23:53.0515 2372        JavaQuickStarterService - ok
13:23:53.0531 2372        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:23:53.0656 2372        Kbdclass - ok
13:23:53.0656 2372        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:23:53.0781 2372        kbdhid - ok
13:23:53.0796 2372        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:23:53.0921 2372        kmixer - ok
13:23:53.0968 2372        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:23:54.0046 2372        KSecDD - ok
13:23:54.0093 2372        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
13:23:54.0140 2372        lanmanserver - ok
13:23:54.0171 2372        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
13:23:54.0218 2372        lanmanworkstation - ok
13:23:54.0218 2372        lbrtfdc - ok
13:23:54.0281 2372        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
13:23:54.0406 2372        LmHosts - ok
13:23:54.0437 2372        LVUSBSta        (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
13:23:54.0453 2372        LVUSBSta - ok
13:23:54.0468 2372        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
13:23:54.0578 2372        Messenger - ok
13:23:54.0609 2372        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:23:54.0718 2372        mnmdd - ok
13:23:54.0765 2372        mnmsrvc        (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe
13:23:54.0890 2372        mnmsrvc - ok
13:23:54.0921 2372        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
13:23:55.0046 2372        Modem - ok
13:23:55.0062 2372        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:23:55.0171 2372        Mouclass - ok
13:23:55.0218 2372        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:23:55.0328 2372        mouhid - ok
13:23:55.0359 2372        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:23:55.0468 2372        MountMgr - ok
13:23:55.0531 2372        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
13:23:55.0546 2372        MozillaMaintenance - ok
13:23:55.0593 2372        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:23:55.0703 2372        mraid35x - ok
13:23:55.0718 2372        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:23:55.0828 2372        MRxDAV - ok
13:23:55.0890 2372        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:23:56.0000 2372        MRxSmb - ok
13:23:56.0046 2372        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
13:23:56.0156 2372        MSDTC - ok
13:23:56.0203 2372        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:23:56.0328 2372        Msfs - ok
13:23:56.0328 2372        MSIServer - ok
13:23:56.0343 2372        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:23:56.0453 2372        MSKSSRV - ok
13:23:56.0453 2372        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:23:56.0562 2372        MSPCLOCK - ok
13:23:56.0578 2372        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:23:56.0687 2372        MSPQM - ok
13:23:56.0734 2372        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:23:56.0843 2372        mssmbios - ok
13:23:56.0875 2372        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:23:57.0000 2372        MSTEE - ok
13:23:57.0031 2372        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:23:57.0093 2372        Mup - ok
13:23:57.0109 2372        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:23:57.0218 2372        NABTSFEC - ok
13:23:57.0265 2372        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
13:23:57.0406 2372        napagent - ok
13:23:57.0421 2372        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:23:57.0546 2372        NDIS - ok
13:23:57.0562 2372        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:23:57.0687 2372        NdisIP - ok
13:23:57.0734 2372        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:23:57.0796 2372        NdisTapi - ok
13:23:57.0843 2372        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:23:57.0953 2372        Ndisuio - ok
13:23:57.0968 2372        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:23:58.0078 2372        NdisWan - ok
13:23:58.0125 2372        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:23:58.0171 2372        NDProxy - ok
13:23:58.0203 2372        Net Driver HPZ12 (19715a9a573dad2521348abc74266a48) C:\WINDOWS\system32\HPZinw12.dll
13:23:58.0218 2372        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:23:58.0218 2372        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:23:58.0234 2372        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:23:58.0343 2372        NetBIOS - ok
13:23:58.0390 2372        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:23:58.0500 2372        NetBT - ok
13:23:58.0546 2372        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:23:58.0656 2372        NetDDE - ok
13:23:58.0671 2372        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
13:23:58.0781 2372        NetDDEdsdm - ok
13:23:58.0812 2372        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:23:58.0906 2372        Netlogon - ok
13:23:58.0937 2372        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
13:23:59.0062 2372        Netman - ok
13:23:59.0203 2372        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:23:59.0218 2372        NetTcpPortSharing - ok
13:23:59.0281 2372        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
13:23:59.0328 2372        Nla - ok
13:23:59.0531 2372        NMSAccess      (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe
13:23:59.0531 2372        NMSAccess - ok
13:23:59.0578 2372        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:23:59.0687 2372        Npfs - ok
13:23:59.0734 2372        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:23:59.0875 2372        Ntfs - ok
13:23:59.0921 2372        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:24:00.0031 2372        NtLmSsp - ok
13:24:00.0062 2372        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
13:24:00.0203 2372        NtmsSvc - ok
13:24:00.0250 2372        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:24:00.0375 2372        Null - ok
13:24:00.0453 2372        nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:24:00.0656 2372        nv - ok
13:24:00.0765 2372        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:24:00.0890 2372        NwlnkFlt - ok
13:24:00.0906 2372        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:24:01.0031 2372        NwlnkFwd - ok
13:24:01.0062 2372        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
13:24:01.0171 2372        Parport - ok
13:24:01.0187 2372        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:24:01.0296 2372        PartMgr - ok
13:24:01.0328 2372        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:24:01.0468 2372        ParVdm - ok
13:24:01.0468 2372        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
13:24:01.0578 2372        PCI - ok
13:24:01.0578 2372        PCIDump - ok
13:24:01.0593 2372        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:24:01.0718 2372        PCIIde - ok
13:24:01.0750 2372        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:24:01.0875 2372        Pcmcia - ok
13:24:01.0875 2372        PDCOMP - ok
13:24:01.0875 2372        PDFRAME - ok
13:24:01.0890 2372        PDRELI - ok
13:24:01.0890 2372        PDRFRAME - ok
13:24:01.0921 2372        perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:24:02.0062 2372        perc2 - ok
13:24:02.0062 2372        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:24:02.0187 2372        perc2hib - ok
13:24:02.0234 2372        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
13:24:02.0265 2372        PlugPlay - ok
13:24:02.0312 2372        pmem            (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
13:24:02.0328 2372        pmem ( UnsignedFile.Multi.Generic ) - warning
13:24:02.0328 2372        pmem - detected UnsignedFile.Multi.Generic (1)
13:24:02.0359 2372        Pml Driver HPZ12 (b36cd3f2eca751c0ca8b8868bd1c5449) C:\WINDOWS\system32\HPZipm12.dll
13:24:02.0375 2372        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:24:02.0375 2372        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:24:02.0421 2372        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:24:02.0531 2372        PolicyAgent - ok
13:24:02.0578 2372        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:24:02.0703 2372        PptpMiniport - ok
13:24:02.0718 2372        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
13:24:02.0828 2372        Processor - ok
13:24:02.0828 2372        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:24:02.0937 2372        ProtectedStorage - ok
13:24:02.0937 2372        psadd - ok
13:24:02.0953 2372        PsaSrv - ok
13:24:02.0953 2372        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:24:03.0078 2372        PSched - ok
13:24:03.0109 2372        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:24:03.0234 2372        Ptilink - ok
13:24:03.0281 2372        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:24:03.0296 2372        PxHelp20 - ok
13:24:03.0312 2372        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:24:03.0421 2372        ql1080 - ok
13:24:03.0437 2372        Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:24:03.0562 2372        Ql10wnt - ok
13:24:03.0593 2372        ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:24:03.0718 2372        ql12160 - ok
13:24:03.0734 2372        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:24:03.0843 2372        ql1240 - ok
13:24:03.0859 2372        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:24:03.0968 2372        ql1280 - ok
13:24:03.0984 2372        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:24:04.0093 2372        RasAcd - ok
13:24:04.0140 2372        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
13:24:04.0250 2372        RasAuto - ok
13:24:04.0265 2372        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:24:04.0390 2372        Rasl2tp - ok
13:24:04.0421 2372        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
13:24:04.0546 2372        RasMan - ok
13:24:04.0546 2372        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:24:04.0671 2372        RasPppoe - ok
13:24:04.0703 2372        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:24:04.0812 2372        Raspti - ok
13:24:04.0828 2372        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:24:04.0953 2372        Rdbss - ok
13:24:04.0968 2372        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:24:05.0078 2372        RDPCDD - ok
13:24:05.0093 2372        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:24:05.0203 2372        rdpdr - ok
13:24:05.0250 2372        RDPWD          (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:24:05.0281 2372        RDPWD - ok
13:24:05.0328 2372        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
13:24:05.0437 2372        RDSessMgr - ok
13:24:05.0484 2372        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:24:05.0593 2372        redbook - ok
13:24:05.0718 2372        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
13:24:05.0828 2372        RemoteAccess - ok
13:24:05.0859 2372        RemoteRegistry  (e4cd1f3d84e1c2ca0b8cf7501e201593) C:\WINDOWS\system32\regsvc.dll
13:24:05.0984 2372        RemoteRegistry - ok
13:24:06.0031 2372        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
13:24:06.0140 2372        RpcLocator - ok
13:24:06.0187 2372        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
13:24:06.0250 2372        RpcSs - ok
13:24:06.0296 2372        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
13:24:06.0421 2372        RSVP - ok
13:24:06.0468 2372        RTL8192su      (678c6d510f7d324a8f02b4a97aed8e7e) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
13:24:06.0546 2372        RTL8192su - ok
13:24:06.0625 2372        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
13:24:06.0734 2372        SamSs - ok
13:24:06.0781 2372        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
13:24:06.0906 2372        SCardSvr - ok
13:24:06.0953 2372        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
13:24:07.0062 2372        Schedule - ok
13:24:07.0078 2372        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:24:07.0203 2372        Secdrv - ok
13:24:07.0218 2372        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
13:24:07.0328 2372        seclogon - ok
13:24:07.0343 2372        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
13:24:07.0453 2372        SENS - ok
13:24:07.0453 2372        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:24:07.0562 2372        serenum - ok
13:24:07.0578 2372        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
13:24:07.0734 2372        Serial - ok
13:24:07.0796 2372        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:24:07.0890 2372        Sfloppy - ok
13:24:07.0906 2372        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:24:07.0937 2372        ShellHWDetection - ok
13:24:07.0937 2372        Simbad - ok
13:24:07.0984 2372        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:24:08.0093 2372        sisagp - ok
13:24:08.0203 2372        SkypeUpdate    (6128e98eaaed364ed1a32708d2fd22cb) C:\Programme\Skype\Updater\Updater.exe
13:24:08.0203 2372        SkypeUpdate - ok
13:24:08.0250 2372        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:24:08.0375 2372        SLIP - ok
13:24:08.0406 2372        smi2            (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Programme\SMI2\smi2.sys
13:24:08.0421 2372        smi2 ( UnsignedFile.Multi.Generic ) - warning
13:24:08.0421 2372        smi2 - detected UnsignedFile.Multi.Generic (1)
13:24:08.0468 2372        Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:24:08.0546 2372        Sparrow - ok
13:24:08.0578 2372        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:24:08.0687 2372        splitter - ok
13:24:08.0734 2372        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:24:08.0765 2372        Spooler - ok
13:24:08.0781 2372        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
13:24:08.0890 2372        sr - ok
13:24:08.0937 2372        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
13:24:09.0046 2372        srservice - ok
13:24:09.0078 2372        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:24:09.0140 2372        Srv - ok
13:24:09.0156 2372        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
13:24:09.0265 2372        SSDPSRV - ok
13:24:09.0312 2372        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:24:09.0312 2372        ssmdrv - ok
13:24:09.0359 2372        StarOpen        (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
13:24:09.0375 2372        StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:24:09.0375 2372        StarOpen - detected UnsignedFile.Multi.Generic (1)
13:24:09.0421 2372        StillCam        (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
13:24:09.0546 2372        StillCam - ok
13:24:09.0593 2372        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
13:24:09.0750 2372        stisvc - ok
13:24:09.0796 2372        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:24:09.0921 2372        streamip - ok
13:24:09.0968 2372        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:24:10.0078 2372        swenum - ok
13:24:10.0093 2372        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:24:10.0203 2372        swmidi - ok
13:24:10.0203 2372        SwPrv - ok
13:24:10.0234 2372        symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:24:10.0343 2372        symc810 - ok
13:24:10.0375 2372        symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:24:10.0500 2372        symc8xx - ok
13:24:10.0562 2372        SYMIDSCO - ok
13:24:10.0593 2372        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:24:10.0718 2372        sym_hi - ok
13:24:10.0734 2372        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:24:10.0843 2372        sym_u3 - ok
13:24:10.0890 2372        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:24:11.0000 2372        sysaudio - ok
13:24:11.0046 2372        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
13:24:11.0171 2372        SysmonLog - ok
13:24:11.0187 2372        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
13:24:11.0312 2372        TapiSrv - ok
13:24:11.0343 2372        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:24:11.0359 2372        Tcpip - ok
13:24:11.0375 2372        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:24:11.0500 2372        TDPIPE - ok
13:24:11.0531 2372        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:24:11.0656 2372        TDTCP - ok
13:24:11.0687 2372        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:24:11.0796 2372        TermDD - ok
13:24:11.0843 2372        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
13:24:11.0968 2372        TermService - ok
13:24:11.0984 2372        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
13:24:12.0000 2372        Themes - ok
13:24:12.0156 2372        ThinkVantage Registry Monitor Service (bec875caf94e9fd6bc95b84bd07c1e99) C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
13:24:12.0187 2372        ThinkVantage Registry Monitor Service - ok
13:24:12.0218 2372        TlntSvr        (03681a1ce77f51586903869a5ab1deab) C:\WINDOWS\system32\tlntsvr.exe
13:24:12.0328 2372        TlntSvr - ok
13:24:12.0375 2372        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
13:24:12.0484 2372        TosIde - ok
13:24:12.0515 2372        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
13:24:12.0671 2372        TrkWks - ok
13:24:12.0906 2372        TuneUp.Defrag  (d7fd54ee56353c54f17f3534c3e70ff8) C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpDefragService.exe
13:24:12.0921 2372        TuneUp.Defrag - ok
13:24:12.0984 2372        TuneUp.UtilitiesSvc (3b1cfa983bf90c78d9ba215e030f110c) C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesService32.exe
13:24:13.0031 2372        TuneUp.UtilitiesSvc - ok
13:24:13.0062 2372        TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesDriver32.sys
13:24:13.0062 2372        TuneUpUtilitiesDrv - ok
13:24:13.0296 2372        TVT Backup Service (ec38192f2f5361b48bc387c2db337264) C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
13:24:13.0390 2372        TVT Backup Service ( UnsignedFile.Multi.Generic ) - warning
13:24:13.0390 2372        TVT Backup Service - detected UnsignedFile.Multi.Generic (1)
13:24:13.0484 2372        TVT Scheduler  (fe1d3ef5caa8ee28a8b66fa1f180681b) C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
13:24:13.0562 2372        TVT Scheduler ( UnsignedFile.Multi.Generic ) - warning
13:24:13.0562 2372        TVT Scheduler - detected UnsignedFile.Multi.Generic (1)
13:24:13.0734 2372        tvtfilter      (dd957007df98aecffaaa2656d4b981e4) C:\WINDOWS\system32\drivers\tvtfilter.sys
13:24:13.0734 2372        tvtfilter ( UnsignedFile.Multi.Generic ) - warning
13:24:13.0734 2372        tvtfilter - detected UnsignedFile.Multi.Generic (1)
13:24:13.0796 2372        tvtnetwk        (2e72c66682e9274c97ae3f5a57c2fa33) C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe
13:24:13.0812 2372        tvtnetwk ( UnsignedFile.Multi.Generic ) - warning
13:24:13.0812 2372        tvtnetwk - detected UnsignedFile.Multi.Generic (1)
13:24:13.0859 2372        TVTPktFilter    (0727cce3ff1a4446f4a1d507361567ab) C:\WINDOWS\system32\DRIVERS\tvtpktfilter.sys
13:24:13.0906 2372        TVTPktFilter - ok
13:24:13.0953 2372        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:24:14.0093 2372        Udfs - ok
13:24:14.0125 2372        ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:24:14.0187 2372        ultra - ok
13:24:14.0250 2372        UMWdf          (ab0a7ca90d9e3d6a193905dc1715ded0) C:\WINDOWS\system32\wdfmgr.exe
13:24:14.0312 2372        UMWdf - ok
13:24:14.0359 2372        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:24:14.0515 2372        Update - ok
13:24:14.0546 2372        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
13:24:14.0671 2372        upnphost - ok
13:24:14.0687 2372        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
13:24:14.0812 2372        UPS - ok
13:24:14.0859 2372        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:24:14.0890 2372        USBAAPL - ok
13:24:14.0921 2372        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:24:15.0046 2372        usbaudio - ok
13:24:15.0078 2372        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:24:15.0203 2372        usbccgp - ok
13:24:15.0203 2372        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:24:15.0328 2372        usbehci - ok
13:24:15.0328 2372        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:24:15.0453 2372        usbhub - ok
13:24:15.0500 2372        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:24:15.0593 2372        usbprint - ok
13:24:15.0640 2372        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:24:15.0750 2372        usbscan - ok
13:24:15.0796 2372        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:24:15.0890 2372        USBSTOR - ok
13:24:15.0937 2372        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:24:16.0046 2372        usbuhci - ok
13:24:16.0078 2372        usb_rndisx      (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
13:24:16.0203 2372        usb_rndisx - ok
13:24:16.0250 2372        UxTuneUp        (4ad719be22dab702de1477d1017ff53f) C:\WINDOWS\System32\uxtuneup.dll
13:24:16.0265 2372        UxTuneUp - ok
13:24:16.0281 2372        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:24:16.0390 2372        VgaSave - ok
13:24:16.0437 2372        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:24:16.0546 2372        viaagp - ok
13:24:16.0578 2372        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:24:16.0703 2372        ViaIde - ok
13:24:16.0718 2372        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
13:24:16.0828 2372        VolSnap - ok
13:24:16.0875 2372        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
13:24:17.0000 2372        VSS - ok
13:24:17.0015 2372        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
13:24:17.0125 2372        W32Time - ok
13:24:17.0140 2372        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:24:17.0250 2372        Wanarp - ok
13:24:17.0250 2372        WDICA - ok
13:24:17.0296 2372        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:24:17.0406 2372        wdmaud - ok
13:24:17.0437 2372        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
13:24:17.0546 2372        WebClient - ok
13:24:17.0640 2372        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:24:17.0750 2372        winmgmt - ok
13:24:17.0937 2372        WMConnectCDS    (f2e9fcb970d02e1647e185da1d2e3ca9) C:\Programme\Windows Media Connect 2\wmccds.exe
13:24:18.0000 2372        WMConnectCDS ( UnsignedFile.Multi.Generic ) - warning
13:24:18.0000 2372        WMConnectCDS - detected UnsignedFile.Multi.Generic (1)
13:24:18.0031 2372        WmdmPmSN        (140ef97b64f560fd78643cae2cdad838) C:\WINDOWS\system32\MsPMSNSv.dll
13:24:18.0062 2372        WmdmPmSN - ok
13:24:18.0109 2372        Wmi            (ffa4d901d46d07a5bab2d8307fbb51a6) C:\WINDOWS\System32\advapi32.dll
13:24:18.0171 2372        Wmi - ok
13:24:18.0265 2372        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:24:18.0390 2372        WmiApSrv - ok
13:24:18.0609 2372        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:24:18.0640 2372        WPFFontCache_v0400 - ok
13:24:18.0718 2372        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:24:18.0828 2372        WS2IFSL - ok
13:24:18.0875 2372        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:24:19.0000 2372        WSTCODEC - ok
13:24:19.0031 2372        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
13:24:19.0156 2372        wuauserv - ok
13:24:19.0203 2372        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
13:24:19.0328 2372        WZCSVC - ok
13:24:19.0359 2372        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
13:24:19.0468 2372        xmlprov - ok
13:24:19.0500 2372        MBR (0x1B8)    (14fe32caa32f0f8380f925f23c512c16) \Device\Harddisk0\DR0
13:24:19.0953 2372        \Device\Harddisk0\DR0 - ok
13:24:19.0968 2372        Boot (0x1200)  (510e376ffa55f2e4b32130751dd32967) \Device\Harddisk0\DR0\Partition0
13:24:19.0968 2372        \Device\Harddisk0\DR0\Partition0 - ok
13:24:19.0968 2372        ============================================================
13:24:19.0968 2372        Scan finished
13:24:19.0968 2372        ============================================================
13:24:20.0109 2828        Detected object count: 16
13:24:20.0109 2828        Actual detected object count: 16
13:24:43.0625 2828        AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0625 2828        AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0625 2828        EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0625 2828        EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0625 2828        Ext2fs ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0625 2828        Ext2fs ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0625 2828        HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0625 2828        HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0625 2828        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0625 2828        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0640 2828        IfsMount ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0640 2828        IfsMount ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0640 2828        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0640 2828        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0640 2828        pmem ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0640 2828        pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0640 2828        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0640 2828        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0640 2828        smi2 ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0640 2828        smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0640 2828        StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0640 2828        StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0640 2828        TVT Backup Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0640 2828        TVT Backup Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0656 2828        TVT Scheduler ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0656 2828        TVT Scheduler ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0656 2828        tvtfilter ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0656 2828        tvtfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0656 2828        tvtnetwk ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0656 2828        tvtnetwk ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:24:43.0656 2828        WMConnectCDS ( UnsignedFile.Multi.Generic ) - skipped by user
13:24:43.0656 2828        WMConnectCDS ( UnsignedFile.Multi.Generic ) - User select action: Skip


cosinus 01.07.2012 16:03

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Invi 03.07.2012 12:46

Und hier der Combofix log

Code:

ComboFix 12-07-02.01 - Invi 03.07.2012  13:12:55.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1014.533 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Invi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\wpe pro.INI
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-03 bis 2012-07-03  ))))))))))))))))))))))))))))))
.
.
2012-06-29 12:03 . 2012-06-29 12:03        --------        d-----w-        C:\_OTL
2012-06-26 21:44 . 2012-06-26 21:44        --------        d-----w-        c:\programme\ESET
2012-06-26 18:54 . 2012-06-26 18:54        --------        d-----w-        c:\dokumente und einstellungen\Invi\Anwendungsdaten\Malwarebytes
2012-06-26 18:54 . 2012-06-26 18:54        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-06-26 18:54 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-26 16:45 . 2012-06-26 16:45        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Avira
2012-06-19 19:40 . 2012-06-26 17:03        --------        d-----w-        c:\windows\system32\NtmsData
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-30 22:26 . 2010-07-16 17:11        5427        ----a-w-        c:\windows\system32\EGATHDRV.SYS
2012-06-25 16:43 . 2012-05-18 13:34        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-25 16:43 . 2011-07-03 21:13        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2009-08-06 17:24        18456        ----a-w-        c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24        15896        ----a-w-        c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2006-01-27 02:16        329240        ----a-w-        c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2006-01-27 02:16        219160        ----a-w-        c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2006-01-27 02:16        210968        ----a-w-        c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 17:24        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 17:24        15896        ----a-w-        c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2006-01-27 02:16        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2006-01-27 02:16        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 13:19 . 2006-01-27 01:00        97304        ----a-w-        c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24        23576        ----a-w-        c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2006-01-27 02:16        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2006-01-27 02:16        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2010-07-17 11:56        275696        ----a-w-        c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2010-07-17 11:56        214256        ----a-w-        c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2010-07-17 11:56        18160        ----a-w-        c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-01-27 01:00        604160        ----a-w-        c:\windows\system32\crypt32.dll
2012-05-15 15:37 . 2006-01-27 01:01        832512        ----a-w-        c:\windows\system32\wininet.dll
2012-05-15 13:56 . 2006-01-27 01:00        1863296        ----a-w-        c:\windows\system32\win32k.sys
2012-05-05 03:14 . 2006-01-27 01:00        2150912        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 00:50        2029056        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2006-01-27 01:00        139656        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-04-23 14:40 . 2006-01-27 01:01        1830912        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-04-23 14:40 . 2006-01-27 01:01        78336        ----a-w-        c:\windows\system32\ieencode.dll
2012-04-23 14:40 . 2006-01-27 01:00        17408        ------w-        c:\windows\system32\corpol.dll
2012-06-23 14:53 . 2012-06-23 14:53        85472        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\dokumente und einstellungen\Invi\Eigene Dateien\Programme\RocketDock\RocketDock.exe" [2007-09-02 495616]
"H/PC Connection Agent"="c:\dokumente und einstellungen\Invi\Eigene Dateien\Programme\Active Sync\Wcescomm.exe" [2006-11-13 1289000]
"Facebook Update"="c:\dokumente und einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe" [2011-12-28 137536]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-14 503808]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2010-12-01 281768]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\programme\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\programme\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"Launch LgDevAgt"="c:\programme\Logitech\GamePanel Software\LgDevAgt.exe" [2007-12-13 346648]
"Launch LGDCore"="c:\programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"Verknüpfung mit der High Definition Audio-Eigenschaftenseite"="HDAShCut.exe" [2005-01-07 61952]
"PlusService"="c:\programme\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Invi\Startmenü\Programme\Autostart\
CurseClientStartup.ccip [2010-8-8 0]
WiFi Station N.lnk - c:\programme\Hercules\WiFiStationN\WiFiN.exe [2010-7-16 124200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"LogitechSoftwareUpdate"=c:\programme\Logitech\Video\ManifestEngine.exe boot
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DivXUpdate"="c:\programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"WinampAgent"="c:\dokumente und einstellungen\Invi\Eigene Dateien\Programme\Winamp\winampa.exe"
"Mouse Suite 98 Daemon"=ICO.EXE
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 DiMaint;Eicon-Wartungstreiber;c:\windows\system32\drivers\disdn\dimaint.sys [16.07.2010 18:46 91305]
R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [17.07.2010 13:16 181120]
R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [17.07.2010 13:16 51072]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.07.2010 21:49 136360]
R2 DiCapi;Eicon CAPI 2.0-Treiber;c:\windows\system32\drivers\disdn\capi20.sys [16.07.2010 18:46 164923]
R2 HerculesWiFi;HerculesWiFi;c:\windows\system32\HerculesWiFiService.exe [16.07.2010 20:21 53544]
R2 smi2;smi2;c:\programme\SMI2\smi2.sys [14.07.2006 15:55 3968]
R3 DiWan;Eicon-Treiber für alle DIVA-PnP-Karten;c:\windows\system32\drivers\disdn\Diwan.sys [16.07.2010 18:46 952007]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [16.07.2010 20:21 583552]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\dokumente und einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesDriver32.sys [24.02.2010 14:41 10064]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [29.02.2012 09:50 158856]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\dokumente und einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesService32.exe [06.07.2010 13:23 1051968]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [27.04.2012 21:55 113120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
HPService        REG_MULTI_SZ          HPSLPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-788714031-3270273673-1796202824-1005Core.job
- c:\dokumente und einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe [2011-12-28 15:00]
.
2012-07-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-788714031-3270273673-1796202824-1005UA.job
- c:\dokumente und einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe [2011-12-28 15:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.live.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Invi\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\programme\ICQ7.5\ICQ.exe
LSP: %SystemRoot%\system32\PrxerDrv.dll
TCP: Interfaces\{AA1440BA-BAE0-44F7-9E91-7CBF25A5A6D2}: NameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\Invi\Anwendungsdaten\Mozilla\Firefox\Profiles\88as021z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.http - 109.123.126.253
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-NavLogon - (no file)
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-03 13:19
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-03  13:24:13
ComboFix-quarantined-files.txt  2012-07-03 11:24
.
Vor Suchlauf: 17 Verzeichnis(se), 17.027.682.304 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 17.322.237.952 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=E4W7VV /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=E4W7VV-BAK
.
- - End Of File - - BF4ECCB397E9184986294DF1558B4B20


cosinus 03.07.2012 14:47

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Invi 04.07.2012 13:50

Jetzt komme ich problemlos wieder in meine Firewall Einstellungen, ist also definitiv schonmal ein gutes Zeichen, danke für die Hilfe.

Und hier als dreingabe nochmal drei hübsche Logs für dich ;)

gmer
Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-04 13:41:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HDS721680PLA380 rev.P21OABBA
Running: ugsw52w2.exe; Driver: C:\DOKUME~1\Invi\LOKALE~1\Temp\uwrdqpog.sys


---- System - GMER 1.0.15 ----

SSDT            F7CA4434                                                                                                                                                                                          ZwClose
SSDT            F7CA43EE                                                                                                                                                                                          ZwCreateKey
SSDT            F7CA443E                                                                                                                                                                                          ZwCreateSection
SSDT            F7CA43E4                                                                                                                                                                                          ZwCreateThread
SSDT            F7CA43F3                                                                                                                                                                                          ZwDeleteKey
SSDT            F7CA43FD                                                                                                                                                                                          ZwDeleteValueKey
SSDT            F7CA442F                                                                                                                                                                                          ZwDuplicateObject
SSDT            F7CA4402                                                                                                                                                                                          ZwLoadKey
SSDT            F7CA43D0                                                                                                                                                                                          ZwOpenProcess
SSDT            F7CA43D5                                                                                                                                                                                          ZwOpenThread
SSDT            F7CA440C                                                                                                                                                                                          ZwReplaceKey
SSDT            F7CA4407                                                                                                                                                                                          ZwRestoreKey
SSDT            F7CA4443                                                                                                                                                                                          ZwSetContextThread
SSDT            F7CA43F8                                                                                                                                                                                          ZwSetValueKey
SSDT            F7CA43DF                                                                                                                                                                                          ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

?              dimaint.sys                                                                                                                                                                                        Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Mozilla Firefox\firefox.exe[3416] ntdll.dll!LdrLoadDll                                                                                                                                7C92632D 5 Bytes  JMP 0115FA35 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Programme\Mozilla Firefox\firefox.exe[3416] kernel32.dll!VirtualAlloc                                                                                                                          7C809AF1 5 Bytes  JMP 014007C5 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Programme\Mozilla Firefox\firefox.exe[3416] kernel32.dll!MapViewOfFile                                                                                                                          7C80B9A5 5 Bytes  JMP 0140079E C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Programme\Mozilla Firefox\firefox.exe[3416] GDI32.dll!CreateDIBSection                                                                                                                          77EF9E19 5 Bytes  JMP 01400728 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                                                          fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File            C:\RRbackups\common                                                                                                                                                                                0 bytes
File            C:\RRbackups\common\hints.dat                                                                                                                                                                      8192 bytes
File            C:\RRbackups\common\mnd.dat                                                                                                                                                                        8192 bytes
File            C:\RRbackups\common\regcerts.dat                                                                                                                                                                  8192 bytes
File            C:\RRbackups\common\rr.log                                                                                                                                                                        58497 bytes
File            C:\RRbackups\common\SAM                                                                                                                                                                            262144 bytes
File            C:\RRbackups\common\seccache.dat                                                                                                                                                                  8192 bytes
File            C:\RRbackups\common\secpolicy.dat                                                                                                                                                                  53248 bytes
File            C:\RRbackups\common\settings.dat                                                                                                                                                                  28672 bytes
File            C:\RRbackups\common\system.dat                                                                                                                                                                    12288 bytes
File            C:\RRbackups\common\tvtns.bin                                                                                                                                                                      23 bytes
File            C:\RRbackups\common\usersids.dat                                                                                                                                                                  15600 bytes
File            C:\RRbackups\Documents and Settings                                                                                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\Administrator                                                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten                                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Lenovo                                                                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft                                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto                                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Crypto\RSA                                                                                                            0 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect                                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\CREDHIST                                                                                                      24 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3267765004-2543333244-3923083134-500                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3267765004-2543333244-3923083134-500\e0e1aa2b-5f00-4fc4-832b-43d3682db49d                            388 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3267765004-2543333244-3923083134-500\Preferred                                                        24 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                            0 bytes
File            C:\RRbackups\Documents and Settings\Administrator\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                            0 bytes
File            C:\RRbackups\Documents and Settings\All Users                                                                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten                                                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo                                                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Lenovo\Client Security Solution\PreloadInstall.ini                                                                                  26 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft                                                                                                                            0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto                                                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA                                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\MachineKeys                                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\All Users\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_ea225708-33b0-4b19-b322-c146055073b7                                  917 bytes
File            C:\RRbackups\Documents and Settings\Default User                                                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten                                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft                                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Crypto                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Crypto\RSA                                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect                                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\CREDHIST                                                                                                        24 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3267765004-2543333244-3923083134-500                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3267765004-2543333244-3923083134-500\e0e1aa2b-5f00-4fc4-832b-43d3682db49d                              388 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3267765004-2543333244-3923083134-500\Preferred                                                        24 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\Default User\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\Invi                                                                                                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten                                                                                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Lenovo                                                                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Lenovo\Client Security Solution                                                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Lenovo\Client Security Solution\hibernation.dat                                                                                          4 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft                                                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto                                                                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA                                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\1b148feb64e6ecfe5badadd7b6ee178a_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\200764e3dffe533c620ec39d2889c98e_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\224a5e8ddb5e77e26de0274d8115ebc6_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\26594582f64ae75cbed872d3c6111f14_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\2c99a43b46c55b95fc28dcd07263931a_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\2cde3433ae95e6e58e68962d5cf819d6_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\3ef7c2aa14363793ff8b9e04ac8829bc_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\415b6845fc3724793c304ec4f31a9c47_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\43e3a4a9826996aba5d7727553958fbf_ea225708-33b0-4b19-b322-c146055073b7  1303 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\4ee1170881e54cabaa2205a3fb2552ca_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\5052a4b587f13751f44a0f1d58e33ef5_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\5550e7cb640347345a345c63aa7a6848_ea225708-33b0-4b19-b322-c146055073b7  59 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\57ff0686d76273260e133a94c250d5b9_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\6b29ae44e85efac3c72ff4d1865d73f1_ea225708-33b0-4b19-b322-c146055073b7  53 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\710f103e7fbd48b1100044395f6407d3_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\83aa4cc77f591dfc2374580bbd95f6ba_ea225708-33b0-4b19-b322-c146055073b7  45 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\932a2db58c237abd381d22df4c63a04a_ea225708-33b0-4b19-b322-c146055073b7  87 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\9a6f07039293addf704663c683e6e395_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\a7fc74f6a58ac04f7457a0c0b17db5a5_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\b760fbe1f1a048dd8517d013eb19e855_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\b7ecb0f3da1571f1b2d8b28d924a44ca_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\b9395b085b2980fa215d1c25d5d58079_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\b985b79277fb84e6fe1e9abbf314cd87_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\e52f73ea1e6d8fb5afd750e25de6c8fa_ea225708-33b0-4b19-b322-c146055073b7  46 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\f1f0074fbe63d390ef63ef3d15e395d7_ea225708-33b0-4b19-b322-c146055073b7  45 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\3c693b1d8c5fd0b5d26dc466aaf9147e_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Crypto\RSA\S-1-5-21-788714031-3270273673-1796202824-1005\a6434e59347b914baa61075020b19969_ea225708-33b0-4b19-b322-c146055073b7  1334 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect                                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\CREDHIST                                                                                                                24 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3267765004-2543333244-3923083134-500                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3267765004-2543333244-3923083134-500\e0e1aa2b-5f00-4fc4-832b-43d3682db49d                                      388 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-3267765004-2543333244-3923083134-500\Preferred                                                                24 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-788714031-3270273673-1796202824-1005                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-788714031-3270273673-1796202824-1005\06c092b0-a7df-4a28-9513-e8f14306acc0                                      388 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-788714031-3270273673-1796202824-1005\16f57ff3-5af4-4591-8c49-8e757aea76ce                                      388 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-788714031-3270273673-1796202824-1005\679d56af-03bd-481e-8917-ed77dd847e6a                                      388 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-788714031-3270273673-1796202824-1005\6de3ad60-6de8-4e6e-9962-03edf8c27b61                                      388 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-788714031-3270273673-1796202824-1005\79a5f10b-1619-47b8-86a8-7db947eb303f                                      388 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-788714031-3270273673-1796202824-1005\92f579d7-64e8-4469-af3f-0efad49f0c7e                                      388 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-788714031-3270273673-1796202824-1005\aa48b459-214c-46f4-9662-0c1882b1389b                                      388 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-788714031-3270273673-1796202824-1005\b592ec29-6536-450e-8d33-b05fec568af7                                      388 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-788714031-3270273673-1796202824-1005\dcc69ae6-09f4-4d16-b4ae-b9932fdfca8c                                      388 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\Protect\S-1-5-21-788714031-3270273673-1796202824-1005\Preferred                                                                24 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                          0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates\73C90C0BADB510DC3633D772839B8FBBD8940B98                                                    824 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\Invi\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\LocalService                                                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten                                                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft                                                                                                                        0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                  0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\LocalService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                              0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService                                                                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten                                                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft                                                                                                                      0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates                                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My                                                                                                0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\Certificates                                                                                    0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CRLs                                                                                            0 bytes
File            C:\RRbackups\Documents and Settings\NetworkService\Anwendungsdaten\Microsoft\SystemCertificates\My\CTLs                                                                                            0 bytes

---- EOF - GMER 1.0.15 ----


Osam
Code:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:51:01 on 04.07.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"FacebookUpdateTaskUserS-1-5-21-788714031-3270273673-1796202824-1005Core.job" - "Facebook Inc." - C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-788714031-3270273673-1796202824-1005UA.job" - "Facebook Inc." - C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"camcpl.cpl" - "Logitech Inc." - C:\WINDOWS\system32\camcpl.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"ifsdrives.cpl" - "Stephan Schreiber" - C:\WINDOWS\system32\ifsdrives.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"IfsDrives" - "Stephan Schreiber" - C:\WINDOWS\System32\ifsdrives.cpl
"Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl
"Windows Media Connect" - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccpl.dll

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.4.5.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Invi\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"cpuz132" (cpuz132) - ? - C:\DOKUME~1\Invi\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys  (File not found)
"Ext2fs" (Ext2fs) - "Stephan Schreiber" - C:\WINDOWS\System32\DRIVERS\ext2fs.sys
"IBM eGatherer" (EGATHDRV) - "IBM Corporation" - C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
"IBM PSA Access Driver" (psadd) - ? - C:\WINDOWS\system32\Drivers\psadd.sys  (File not found)
"IfsMount" (IfsMount) - "Stephan Schreiber" - C:\WINDOWS\System32\DRIVERS\ifsmount.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pmem" (pmem) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\pmemnt.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"smi2" (smi2) - "IBM Corp." - C:\Programme\SMI2\smi2.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\WINDOWS\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"SYMIDSCO" (SYMIDSCO) - ? - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\SCFIDS~1\20050404.003\symidsco.sys  (File not found)
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesDriver32.sys
"tvtfilter" (tvtfilter) - "Lenovo" - C:\WINDOWS\system32\drivers\tvtfilter.sys
"uwrdqpog" (uwrdqpog) - ? - C:\DOKUME~1\Invi\LOKALE~1\Temp\uwrdqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{94586423-855F-4EB2-9F6A-D9DA5658DBE3} "Context menu" - ? - C:\DOKUME~1\Invi\EIGENE~1\PROGRA~1\FREEM4~1\m4a_menu.dll  (File found, but it contains no detailed information)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3} "Eigene Logitech-Bilder" - "Logitech Inc." - C:\Programme\Logitech\Video\Namespc2.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\DOKUME~1\Invi\EIGENE~1\PROGRA~1\ACTIVE~1\Wcesview.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\WinRar\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}" - ? -  (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\DOKUME~1\Invi\EIGENE~1\PROGRA~1\ACTIVE~1\INetRepl.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\DOKUME~1\Invi\EIGENE~1\PROGRA~1\ACTIVE~1\INetRepl.dll
"ICQ7.5" - "ICQ, LLC." - C:\Programme\ICQ7.5\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"CurseClientStartup.ccip" - ? - C:\Dokumente und Einstellungen\Invi\Startmenü\Programme\Autostart\CurseClientStartup.ccip
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Invi\Startmenü\Programme\Autostart\desktop.ini
"WiFi Station N.lnk" - ? - C:\Programme\Hercules\WiFiStationN\WiFiN.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Facebook Update" - "Facebook Inc." - "C:\Dokumente und Einstellungen\Invi\Lokale Einstellungen\Anwendungsdaten\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\Active Sync\Wcescomm.exe"
"RocketDock" - ? - "C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\RocketDock\RocketDock.exe"  (File found, but it contains no detailed information)
"Skype" - "Skype Technologies S.A." - "C:\Programme\Skype\Phone\Skype.exe" /minimized /regrun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"APSDaemon" - "Apple Inc." - "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"cssauth" - "Lenovo Group Limited" - "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
"Launch LGDCore" - "Logitech Inc." - "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
"Launch LgDevAgt" - "Logitech Inc." - "C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe"
"LogitechVideoRepair" - "Logitech Inc." - C:\Programme\Logitech\Video\ISStart.exe
"LogitechVideoTray" - "Logitech Inc." - C:\Programme\Logitech\Video\LogiTray.exe
"LVCOMSX" - "Logitech Inc." - C:\WINDOWS\system32\LVCOMSX.EXE
"PlusService" - "Yuna Software" - C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TVT Scheduler Proxy" - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDF995 Monitor" - ? - C:\WINDOWS\system32\pdf995mon.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"HerculesWiFi" (HerculesWiFi) - "Guillemot Corporation" - C:\WINDOWS\system32\HerculesWiFiService.exe
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"IBM PSA Access Driver Control" (PsaSrv) - ? - C:\WINDOWS\system32\PsaSrv.exe  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZinw12.dll
"NMSAccess" (NMSAccess) - ? - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS\system32\HPZipm12.dll
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe
"ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - ? - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Drive Defrag-Dienst" (TuneUp.Defrag) - "TuneUp Software" - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpDefragService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Programme\TuneUp\TuneUpUtilitiesService32.exe
"TVT Backup Service" (TVT Backup Service) - "Lenovo Group Limited" - C:\Programme\Lenovo\Rescue and Recovery\rrservice.exe
"TVT Scheduler" (TVT Scheduler) - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
"tvtnetwk" (tvtnetwk) - ? - C:\Programme\Lenovo\Rescue and Recovery\ADM\IUService.exe  (File found, but it contains no detailed information)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Media Connect-Dienst" (WMConnectCDS) - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccds.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll
"Proxifier NSP" - "Initex Software" - C:\WINDOWS\system32\PrxerNsp.dll
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"PROXIFIER LSP" - "Initex Software" - C:\WINDOWS\system32\PrxerDrv.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und aswMBR
Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-04 13:54:16
-----------------------------
13:54:16.812    OS Version: Windows 5.1.2600 Service Pack 3
13:54:16.812    Number of processors: 2 586 0xF02
13:54:16.812    ComputerName: BLECHBOX  UserName: Invi
13:54:17.281    Initialize success
14:04:55.843    AVAST engine defs: 12070400
14:12:54.562    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
14:12:54.562    Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OABBA Size: 76324MB BusType: 3
14:12:54.625    Disk 0 MBR read successfully
14:12:54.625    Disk 0 MBR scan
14:12:54.796    Disk 0 unknown MBR code
14:12:54.812    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        72465 MB offset 63
14:12:54.843    Disk 0 Partition 2 00    12  Compaq diag MSDOS5.0    3851 MB offset 148408470
14:12:54.875    Disk 0 scanning sectors +156296385
14:12:55.156    Disk 0 scanning C:\WINDOWS\system32\drivers
14:13:57.359    Service scanning
14:14:28.046    Modules scanning
14:15:08.234    Disk 0 trace - called modules:
14:15:08.250   
14:15:09.640    AVAST engine scan C:\WINDOWS
14:16:00.000    AVAST engine scan C:\WINDOWS\system32
14:22:03.109    AVAST engine scan C:\WINDOWS\system32\drivers
14:22:37.593    AVAST engine scan C:\Dokumente und Einstellungen\Invi
14:39:48.546    File: C:\Dokumente und Einstellungen\Invi\Eigene Dateien\Games\wpepro09x\WpeSpy.dll  **INFECTED** Win32:Malware-gen
14:42:29.625    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Invi\Desktop\MBR.dat"
14:42:29.625    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Invi\Desktop\aswMBR.txt"

Dieses WPE pro das immer angezeigt wird ist ungefährlich, ist ein hack bzw sniffingtool, das ich früher als GM auf nem privaten WoW Server benutzt hab um gewisse Hackmöglichkeiten auszuprobieren und zu beseitigen, da es ein packet sniffer ist wird er oft als Trojaner angezeigt, nicht dass du denkst ich hätte hier nen Hartnäckigen Virus ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:06 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131