Trojaner-Board - Trojaner Interpol mit Sperrbildschirm

Hallo,

ich habe mir einen Trojaner mit Sperrbildschirm eingefangen, der auch im abgesicherten Modus erscheint.

Ich habe einen FRST und einen OTL-Scan erstellt.

Wäre klasse wenn mir jemand helfen könnte.

Ingo

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013

Ran by SYSTEM on REATOGO on 20-10-2013 23:07:47

Running from E:\

Windows Vista (TM) Home Premium (X86) OS Language: English(US)

Internet Explorer Version 8

Boot Mode: Recovery
 

The current controlset is ControlSet002
 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)

HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-31] (Synaptics, Inc.)

HKLM\...\Run: [PLFSetL] - C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix)

HKLM\...\Run: [LaunchAp] - C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] ()

HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron)

HKLM\...\Run: [LMgrOSD] - C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.)

HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor)

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\weimann\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [ 2007-10-15] (Nero AG)

HKU\weimann\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res [ 2013-07-09] () <==== ATTENTION 
 

========================== Services (Whitelisted) =================
 

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-06-27] ()

S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)

S2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH)

S2 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [40960 2007-11-02] (Softex Inc.)

S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)

S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2007-09-11] (Wistron Corp.)
 

==================== Drivers (Whitelisted) ====================
 

S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)

S3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [805416 2007-08-30] (Bison Electronics. Inc. )

S0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)

S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )

S1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] ()

S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [23424 2007-08-08] (Huawei Tech. Co., Ltd.)

S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)

S0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)

S0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)

S0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)

S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749760 2007-08-22] ()

S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)

S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

S3 Aelmaninss; No ImagePath

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

S5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [100864 2008-01-22] (Huawei Technologies Co., Ltd.)

S3 igfx; system32\DRIVERS\igdkmd32.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-20 23:07 - 2013-10-20 23:07 - 00000000 ____D C:\FRST

2013-10-20 21:28 - 2013-10-20 21:28 - 00057174 _____ C:\OTL.Txt

2013-10-19 13:39 - 2013-10-19 14:04 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-10-10 11:24 - 2013-09-23 08:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-10-10 11:24 - 2013-09-23 08:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-10-10 11:24 - 2013-09-23 08:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\url.dll

2013-10-10 11:24 - 2013-09-23 08:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-10-10 11:24 - 2013-09-23 08:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\System32\mstime.dll

2013-10-10 11:24 - 2013-09-23 08:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-10-10 11:24 - 2013-09-23 08:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-10-10 11:24 - 2013-09-23 08:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-10-10 11:24 - 2013-09-23 08:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-10-10 11:24 - 2013-09-23 08:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-10-10 11:24 - 2013-09-23 08:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-10-10 11:24 - 2013-09-23 08:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-10-10 11:24 - 2013-09-23 08:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-10-10 11:24 - 2013-09-23 08:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-10-10 11:24 - 2013-09-23 08:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-10-10 11:24 - 2013-09-23 08:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-10-10 11:24 - 2013-09-23 08:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-10-10 11:24 - 2013-09-23 08:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-10-10 11:24 - 2013-09-23 08:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-10-10 11:24 - 2013-09-23 08:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-10-10 11:24 - 2013-09-23 08:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\corpol.dll

2013-10-10 11:24 - 2013-09-23 07:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\System32\html.iec

2013-10-10 11:24 - 2013-09-23 05:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-10-10 11:24 - 2013-09-23 05:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-10-10 11:24 - 2013-09-23 05:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-10-10 11:24 - 2013-09-23 05:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe

2013-10-10 11:24 - 2013-08-29 03:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-10-10 11:24 - 2013-07-31 23:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-10-10 11:24 - 2013-07-31 22:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\cdd.dll

2013-10-10 11:24 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 11:24 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\System32\comctl32.dll

2013-10-10 11:24 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys

2013-10-10 11:24 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys

2013-10-10 11:24 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys

2013-10-10 11:24 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys

2013-10-10 11:24 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys

2013-10-10 11:24 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys

2013-10-10 11:24 - 2013-06-26 19:01 - 00047720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys

2013-10-10 11:24 - 2013-06-26 19:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\System32\Wdfres.dll

2013-10-10 11:24 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll

2013-10-10 11:24 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll

2013-10-10 11:24 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys

2013-10-10 11:24 - 2011-05-05 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys

2013-10-05 08:45 - 2013-10-05 08:45 - 00000000 ____D C:\Windows\System32\Adobe
 

==================== One Month Modified Files and Folders =======
 

2013-10-20 23:07 - 2013-10-20 23:07 - 00000000 ____D C:\FRST

2013-10-20 21:28 - 2013-10-20 21:28 - 00057174 _____ C:\OTL.Txt

2013-10-20 21:25 - 2008-02-21 04:08 - 00000000 ____D C:\users\weimann

2013-10-20 06:25 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-20 06:25 - 2006-11-02 08:47 - 00003168 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-20 06:16 - 2008-02-21 04:03 - 01703518 _____ C:\Windows\WindowsUpdate.log

2013-10-20 06:15 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\tracing

2013-10-19 16:07 - 2012-06-18 15:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-19 14:04 - 2013-10-19 13:39 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-10-17 12:37 - 2008-04-01 14:53 - 00028029 _____ C:\Users\weimann\AppData\Roaming\nvModes.001

2013-10-16 09:47 - 2008-02-21 08:22 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-12 14:04 - 2006-11-02 07:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-10 13:46 - 2006-11-02 06:33 - 01445786 _____ C:\Windows\System32\PerfStringBackup.INI

2013-10-10 13:40 - 2006-11-02 08:47 - 00350640 _____ C:\Windows\System32\FNTCACHE.DAT

2013-10-10 12:40 - 2013-08-14 09:43 - 00000000 ____D C:\Windows\System32\MRT

2013-10-10 12:36 - 2006-11-02 06:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe

2013-10-09 14:35 - 2012-06-18 15:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-10-09 14:35 - 2012-02-22 14:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-10-09 08:26 - 2008-04-11 12:10 - 00000000 ____D C:\Susan

2013-10-05 08:45 - 2013-10-05 08:45 - 00000000 ____D C:\Windows\System32\Adobe

2013-09-23 16:15 - 2008-02-29 06:59 - 00000030 _____ C:\Windows\Iedit_.INI

2013-09-23 08:57 - 2013-10-10 11:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-09-23 08:57 - 2013-10-10 11:24 - 00916992 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-09-23 08:57 - 2013-10-10 11:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\url.dll

2013-09-23 08:55 - 2013-10-10 11:24 - 00206848 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll

2013-09-23 08:53 - 2013-10-10 11:24 - 00611840 _____ (Microsoft Corporation) C:\Windows\System32\mstime.dll

2013-09-23 08:52 - 2013-10-10 11:24 - 06017024 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-09-23 08:52 - 2013-10-10 11:24 - 00630272 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-09-23 08:52 - 2013-10-10 11:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-09-23 08:52 - 2013-10-10 11:24 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll

2013-09-23 08:51 - 2013-10-10 11:24 - 11111936 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-09-23 08:51 - 2013-10-10 11:24 - 02005504 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-09-23 08:51 - 2013-10-10 11:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-09-23 08:51 - 2013-10-10 11:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll

2013-09-23 08:51 - 2013-10-10 11:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-09-23 08:51 - 2013-10-10 11:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-09-23 08:51 - 2013-10-10 11:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-09-23 08:51 - 2013-10-10 11:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-09-23 08:51 - 2013-10-10 11:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll

2013-09-23 08:51 - 2013-10-10 11:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-09-23 08:50 - 2013-10-10 11:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll

2013-09-23 08:49 - 2013-10-10 11:24 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\corpol.dll

2013-09-23 07:14 - 2013-10-10 11:24 - 00385024 _____ (Microsoft Corporation) C:\Windows\System32\html.iec

2013-09-23 05:29 - 2013-10-10 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-09-23 05:29 - 2013-10-10 11:24 - 00133632 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-09-23 05:27 - 2013-10-10 11:24 - 01638912 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-09-23 05:27 - 2013-10-10 11:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
 

Files to move or delete:

====================

C:\Users\weimann\AppData\Roaming\desktop.ini
 
 

Some content of TEMP:

====================

C:\Users\weimann\AppData\Local\Temp\rpgaynnrvylmehevggufkpnrc.exe
 
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

18

Restore point made on: 2013-07-23 13:54:59

Restore point made on: 2013-07-30 12:56:55

Restore point made on: 2013-08-02 13:30:25

Restore point made on: 2013-08-07 13:39:38

Restore point made on: 2013-08-14 03:04:05

Restore point made on: 2013-08-14 09:40:42

Restore point made on: 2013-08-20 13:36:10

Restore point made on: 2013-08-27 12:13:01

Restore point made on: 2013-08-29 13:49:47

Restore point made on: 2013-09-13 04:17:54

Restore point made on: 2013-09-13 07:54:11

Restore point made on: 2013-09-17 12:59:29

Restore point made on: 2013-09-24 14:07:20

Restore point made on: 2013-10-01 10:10:45

Restore point made on: 2013-10-05 04:13:21

Restore point made on: 2013-10-10 11:17:47

Restore point made on: 2013-10-10 12:34:43

Restore point made on: 2013-10-15 13:36:25
 

==================== Memory info =========================== 
 

Percentage of memory in use: 9%

Total physical RAM: 3070.36 MB

Available physical RAM: 2766.04 MB

Total Pagefile: 2895.05 MB

Available Pagefile: 2823.11 MB

Total Virtual: 2047.88 MB

Available Virtual: 1993.65 MB
 

==================== Drives ================================
 

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS

Drive c: (BOOT) (Fixed) (Total:126.37 GB) (Free:51.26 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Drive d: (RECOVER) (Fixed) (Total:22.66 GB) (Free:12.23 GB) FAT32

Drive e: (USB-STICK) (Removable) (Total:1.88 GB) (Free:1.78 GB) FAT

Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 2 GB) (Disk ID: 6B736964)

No partition Table on disk 0.
 

========================================================

Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 08DB956A)

Partition 1: (Not Active) - (Size=23 GB) - (Type=OF Extended)

Partition 2: (Active) - (Size=126 GB) - (Type=07 NTFS)
 
 

LastRegBack: 2013-10-19 16:22
 

==================== End Of Log ============================

Code:

OTL logfile created on: 10/20/2013 9:25:48 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System

Internet Explorer (Version = 8.0.6001.19475)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 126.37 Gb Total Space | 51.33 Gb Free Space | 40.62% Space Free | Partition Type: NTFS

Drive D: | 22.66 Gb Total Space | 12.23 Gb Free Space | 53.98% Space Free | Partition Type: FAT32

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2013/10/19 13:39:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/10/09 14:35:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2011/12/08 14:31:24 | 001,527,104 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)

SRV - [2011/12/08 14:28:00 | 000,029,504 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/02 07:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)

SRV - [2007/10/03 10:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [On_Demand] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2007/09/11 09:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

SRV - [2007/04/19 07:11:06 | 000,036,864 | ---- | M] (Empolis GmbH) [Auto] -- C:\Program Files\Common Files\Gnab\Service\ServiceController.exe -- (GnabService)

SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

SRV - [2005/11/17 10:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)

DRV - File not found [Kernel | On_Demand] --  -- (igfx)

DRV - File not found [Adapter | On_Demand] --  -- (Aelmaninss)

DRV - [2010/10/07 06:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)

DRV - [2008/03/17 05:05:30 | 000,101,632 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2007/12/18 06:31:00 | 007,630,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/08/30 14:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)

DRV - [2007/08/28 10:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)

DRV - [2007/08/22 13:50:38 | 001,749,760 | ---- | M] () [Kernel | On_Demand] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2007/08/08 22:06:40 | 000,023,424 | R--- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei)

DRV - [2007/08/08 02:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)

DRV - [2007/07/31 05:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)

DRV - [2007/06/01 04:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)

DRV - [2007/05/25 03:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)

DRV - [2007/05/25 03:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)

DRV - [2007/04/30 07:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2006/11/30 09:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)

DRV - [2006/11/28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/11/02 03:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)

DRV - [2003/04/28 05:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 

IE - HKU\weimann_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

IE - HKU\weimann_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/

IE - HKU\weimann_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\weimann_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/18 15:33:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 15:33:35 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter

 

[2012/06/18 15:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/06/14 18:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/11/25 15:23:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012/06/14 18:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012/06/14 18:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/06/14 18:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012/06/14 18:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012/06/14 18:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012/06/14 18:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()

O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)

O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\weimann_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197719312979 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKU\weimann_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKU\weimann_ON_C Winlogon: Shell - (C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res) - C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res ()

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll -  File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{4f1b10c9-f3d2-11de-8448-0015af79c5b9}\Shell - "" = AutoRun

O33 - MountPoints2\{4f1b10c9-f3d2-11de-8448-0015af79c5b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{5abeca54-f3d1-11de-9de2-0015af79c5b9}\Shell - "" = AutoRun

O33 - MountPoints2\{5abeca54-f3d1-11de-9de2-0015af79c5b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{64d0c4f1-616e-11de-9654-0015af79c5b9}\Shell - "" = AutoRun

O33 - MountPoints2\{64d0c4f1-616e-11de-9654-0015af79c5b9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{64d0c4f7-616e-11de-9654-0015af79c5b9}\Shell - "" = AutoRun

O33 - MountPoints2\{64d0c4f7-616e-11de-9654-0015af79c5b9}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{65f5f7b3-a6ac-11e2-b03d-85ef2b60e62a}\Shell - "" = AutoRun

O33 - MountPoints2\{65f5f7b3-a6ac-11e2-b03d-85ef2b60e62a}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{df8716cd-f86f-11de-8059-0015af79c5b9}\Shell - "" = AutoRun

O33 - MountPoints2\{df8716cd-f86f-11de-8059-0015af79c5b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{e170774b-dc26-11df-9fad-0015af79c5b9}\Shell - "" = AutoRun

O33 - MountPoints2\{e170774b-dc26-11df-9fad-0015af79c5b9}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{f3d32600-60f4-11df-b6ed-0016d387311e}\Shell - "" = AutoRun

O33 - MountPoints2\{f3d32600-60f4-11df-b6ed-0016d387311e}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013/10/19 13:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[2013/10/10 11:24:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2013/10/10 11:24:38 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/10/10 11:24:38 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/10/10 11:24:38 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2013/10/10 11:24:38 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013/10/10 11:24:38 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/10/10 11:24:38 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/10/10 11:24:38 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/10/10 11:24:38 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/10/10 11:24:38 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/10/10 11:24:38 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/10/10 11:24:37 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/10/10 11:24:37 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/10/10 11:24:37 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/10/10 11:24:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2013/10/10 11:24:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2013/10/10 11:24:37 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/10/10 11:24:37 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll

[2013/10/10 11:24:37 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2013/10/10 11:24:36 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/10/10 11:24:35 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll

[2013/10/10 11:24:34 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013/10/10 11:24:26 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys

[2013/10/10 11:24:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll

[2013/10/10 11:24:24 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2013/10/10 11:24:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2013/10/10 11:24:23 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys

[2013/10/10 11:24:23 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys

[2013/10/10 11:24:21 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys

[2013/10/05 08:45:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe

[2007/10/22 07:45:46 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2007/10/22 07:45:45 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2013/10/20 06:29:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/10/20 06:26:45 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{32850A4D-009D-44A4-93C4-83647F4DFAD0}.job

[2013/10/20 06:25:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/10/20 06:25:51 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/10/20 06:24:11 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys

[2013/10/19 16:35:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/10/10 13:46:46 | 000,628,448 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2013/10/10 13:46:46 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/10/10 13:46:46 | 000,127,056 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2013/10/10 13:46:46 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/10/10 13:40:33 | 000,350,640 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/10/09 14:35:37 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/10/09 14:35:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/09/23 16:15:43 | 000,000,030 | ---- | M] () -- C:\Windows\Iedit_.INI

[2013/09/23 08:57:27 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/09/23 08:53:10 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2013/09/23 08:52:31 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/09/23 08:52:31 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2013/09/23 08:51:49 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2013/09/23 08:51:35 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/09/23 08:51:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/09/23 08:51:07 | 000,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/09/23 08:51:07 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/09/23 08:51:06 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/09/23 08:51:04 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2013/09/23 08:51:04 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/09/23 08:50:58 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2013/09/23 08:49:22 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll

[2013/09/23 07:14:03 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2013/09/23 05:29:22 | 000,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/09/23 05:29:11 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/09/23 05:27:55 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2013/09/23 05:27:14 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

 
 ========== Files Created - No Company Name ==========

 

[2013/10/20 06:24:11 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys

[2013/08/14 08:17:43 | 000,073,728 | ---- | C] () -- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Other.res

[2013/03/22 14:54:01 | 000,000,032 | ---- | C] () -- C:\Windows\setup.INI

[2012/02/24 18:09:58 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2010/01/04 07:45:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/01/04 07:45:15 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/01/04 07:44:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009/06/23 14:54:11 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/06/23 14:31:18 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

[2009/06/23 14:31:18 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe

[2008/03/25 09:35:44 | 000,000,552 | ---- | C] () -- C:\Users\weimann\AppData\Local\d3d8caps.dat

[2008/03/25 09:25:22 | 000,001,356 | ---- | C] () -- C:\Users\weimann\AppData\Local\d3d9caps.dat

[2008/03/25 09:10:35 | 000,001,158 | ---- | C] () -- C:\Windows\mozver.dat

[2008/02/29 06:59:48 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI

[2008/02/21 10:03:37 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll

[2008/02/21 10:03:35 | 000,090,112 | ---- | C] () -- C:\Windows\System32\LxUtl10.dll

[2008/02/21 10:03:34 | 000,131,072 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC7.dll

[2008/02/21 08:29:48 | 000,022,016 | ---- | C] () -- C:\Users\weimann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/02/21 08:23:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2008/02/21 04:09:23 | 000,000,095 | ---- | C] () -- C:\Users\weimann\AppData\Local\fusioncache.dat

[2007/12/15 01:36:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2007/10/25 03:15:05 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2007/10/25 03:15:04 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini

[2007/10/22 22:20:15 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys

[2007/10/22 07:45:45 | 001,749,760 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2007/10/22 07:45:45 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2007/10/22 07:45:45 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2007/10/22 07:45:45 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini

[2007/09/18 03:38:30 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe

[2007/09/18 03:33:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini

[2007/09/18 03:16:24 | 000,000,132 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat

[2007/09/12 03:36:27 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/09/12 03:35:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1318.dll

[2007/09/12 03:35:31 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll

[2006/12/11 00:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2006/11/04 18:16:26 | 000,409,600 | ---- | C] () -- C:\Windows\System32\BH_DATA100VC8.dll

[2006/11/03 22:58:02 | 000,057,344 | ---- | C] () -- C:\Windows\System32\FKStampPainter20.dll

[2006/11/02 11:33:31 | 000,628,448 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006/11/02 11:33:31 | 000,127,056 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,350,640 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,595,506 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,104,940 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/09/29 10:12:12 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll

[2006/09/24 16:04:42 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll

[2006/09/24 16:03:32 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll

[2006/09/21 08:53:28 | 000,282,679 | ---- | C] () -- C:\Windows\System32\dnt27.dll

[2006/09/21 08:52:24 | 000,077,882 | ---- | C] () -- C:\Windows\System32\dntvmc27.dll

[2006/09/21 08:52:14 | 000,077,881 | ---- | C] () -- C:\Windows\System32\dntvm27.dll

[2005/11/09 07:13:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\dnt27VC7.dll

[2005/11/09 07:11:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvmc27VC7.dll

[2005/11/09 07:11:30 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dntvm27VC7.dll

[2001/10/10 03:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll

[2001/10/10 03:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll

[2001/03/07 03:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll

 
 ========== LOP Check ==========

 

[2010/01/17 15:00:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ReleaseEngineer.MACROVISION\Application Data\Meine Traffic

[2013/10/20 06:16:14 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2013/10/20 06:26:45 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{32850A4D-009D-44A4-93C4-83647F4DFAD0}.job

 
 ========== Purity Check ==========

 

 

< End of report >

Code:

 Results of screen317's Security Check version 0.99.74  

 Windows Vista Service Pack 2 x86 (UAC is disabled!)  

 Internet Explorer 8 Out of date! 

 Internet Explorer 8  
 ``````````````Antivirus/Firewall Check:`````````````` 

 WMI entry may not exist for antivirus; attempting automatic update. 
 `````````Anti-malware/Other Utilities Check:````````` 

 TuneUp Utilities 2011   

 TuneUp Utilities Language Pack (de-DE) 

 Java(TM) 6 Update 22  

 Java(TM) 6 Update 3  

 Java version out of Date! 

 Adobe Flash Player         11.9.900.117  

 Adobe Reader 8 Adobe Reader out of Date! 

 Mozilla Firefox 13.0.1 Firefox out of Date!  

 Mozilla Thunderbird (24.0.1) 
 ````````Process Check: objlist.exe by Laurent````````  

 Windows Defender MSASCui.exe 

 Windows Defender MSASCui.exe   
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  % 
 ````````````````````End of Log``````````````````````

So, nun auch der Rest.

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-10-2013

Ran by weimann (administrator) on NOTEBOOK on 22-10-2013 23:38:22

Running from C:\Users\weimann\Desktop

Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard

Internet Explorer Version 8

Boot Mode: Normal
 

==================== Processes (Whitelisted) ===================
 

(Softex Inc.) C:\Program Files\Softex\OmniPass\OmniServ.exe

(Microsoft Corporation) C:\Windows\system32\SLsvc.exe

(Agere Systems) C:\Windows\system32\agrsmsvc.exe

(Empolis GmbH) c:\program files\common files\gnab\service\servicecontroller.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe

() C:\Program Files\Launch Manager\LaunchAp.exe

(Wistron) C:\Program Files\Launch Manager\HotkeyApp.exe

(Wistron Corp.) C:\Program Files\Launch Manager\OSD.exe

(Wistron) C:\Program Files\Launch Manager\WButton.exe

(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe

() C:\Program Files\Softex\OmniPass\opvapp.exe

(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

(Empolis GmbH) C:\Program Files\Medion\MEDIONbox\Program\GCS.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe

(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe

(Microsoft Corporation) C:\Windows\system32\conime.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)

HKLM\...\Run: [SynTPStart] - C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-31] (Synaptics, Inc.)

HKLM\...\Run: [PLFSetL] - C:\Windows\PLFSetL.exe [94208 2007-07-05] (sonix)

HKLM\...\Run: [LaunchAp] - C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] ()

HKLM\...\Run: [HotkeyApp] - C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron)

HKLM\...\Run: [LMgrOSD] - C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.)

HKLM\...\Run: [Wbutton] - C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron)

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4702208 2007-10-31] (Realtek Semiconductor)

HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll [X]

MountPoints2: {4f1b10c9-f3d2-11de-8448-0015af79c5b9} - E:\AutoRun.exe

MountPoints2: {5abeca54-f3d1-11de-9de2-0015af79c5b9} - E:\AutoRun.exe

MountPoints2: {64d0c4f1-616e-11de-9654-0015af79c5b9} - E:\setup_vmc_lite.exe /checkApplicationPresence

MountPoints2: {64d0c4f7-616e-11de-9654-0015af79c5b9} - E:\setup_vmc_lite.exe /checkApplicationPresence

MountPoints2: {65f5f7b3-a6ac-11e2-b03d-85ef2b60e62a} - E:\AutoRun.exe

MountPoints2: {df8716cd-f86f-11de-8059-0015af79c5b9} - E:\AutoRun.exe

MountPoints2: {e170774b-dc26-11df-9fad-0015af79c5b9} - E:\AutoRun.exe

MountPoints2: {f3d32600-60f4-11df-b6ed-0016d387311e} - E:\AutoRun.exe

HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

SearchScopes: HKLM - DefaultScope value is missing.

BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{6C395699-C9E9-4033-BBF3-620ECC9DDFB9}: [NameServer]192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\weimann\AppData\Roaming\Mozilla\Firefox\Profiles\rljsnneu.default

FF user.js: detected! => C:\Users\weimann\AppData\Roaming\Mozilla\Firefox\Profiles\rljsnneu.default\user.js

FF DefaultSearchEngine: Yahoo

FF SelectedSearchEngine: Google

FF Homepage: hxxp://www.yahoo.com/

FF Keyword.URL: hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)

FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin HKCU: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

FF Extension: Microsoft .NET Framework Assistant - C:\Users\weimann\AppData\Roaming\Mozilla\Firefox\Profiles\rljsnneu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF HKCU\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter
 

========================== Services (Whitelisted) =================
 

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2010-06-27] ()

S3 FirebirdServerMAGIXInstance; C:\Program Files\ALDI Sued Foto Service\Common\Database\bin\fbserver.exe [1527900 2005-11-17] (MAGIX®)

R2 GnabService; c:\program files\common files\gnab\service\servicecontroller.exe [36864 2007-04-19] (Empolis GmbH)

R2 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [40960 2007-11-02] (Softex Inc.)

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()

S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)

R3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2007-09-11] (Wistron Corp.)
 

==================== Drivers (Whitelisted) ====================
 

R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146560 2007-08-28] (AuthenTec, Inc.)

S3 Cam5607; C:\Windows\System32\Drivers\BisonC07.sys [805416 2007-08-30] (Bison Electronics. Inc. )

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)

S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )

R1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] ()

S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [23424 2007-08-09] (Huawei Tech. Co., Ltd.)

S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)

R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)

R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)

R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1749760 2007-08-22] ()

R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [10064 2010-10-07] (TuneUp Software)

S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)

U3 Aelmaninss; No ImagePath

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]

U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [100864 2008-01-22] (Huawei Technologies Co., Ltd.)

S3 igfx; system32\DRIVERS\igdkmd32.sys [x]

S3 IpInIp; system32\DRIVERS\ipinip.sys [x]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-10-22 23:37 - 2013-10-22 23:38 - 01087503 _____ (Farbar) C:\Users\weimann\Desktop\FRST.exe

2013-10-22 23:19 - 2013-10-22 09:50 - 00891167 _____ C:\Users\weimann\Desktop\SecurityCheck.exe

2013-10-21 16:07 - 2013-10-21 16:15 - 00000000 ____D C:\AdwCleaner

2013-10-21 15:57 - 2013-10-21 15:57 - 00000000 ____D C:\Windows\ERUNT

2013-10-21 05:07 - 2013-10-21 05:07 - 00000000 ____D C:\FRST

2013-10-21 03:28 - 2013-10-21 03:28 - 00057174 _____ C:\OTL.Txt

2013-10-19 19:39 - 2013-10-19 20:04 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-10-10 17:24 - 2013-09-23 14:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-10-10 17:24 - 2013-09-23 14:57 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-10-10 17:24 - 2013-09-23 14:57 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-10-10 17:24 - 2013-09-23 14:55 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-10-10 17:24 - 2013-09-23 14:53 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2013-10-10 17:24 - 2013-09-23 14:52 - 06017024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-10-10 17:24 - 2013-09-23 14:52 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-10-10 17:24 - 2013-09-23 14:52 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-10-10 17:24 - 2013-09-23 14:52 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-10-10 17:24 - 2013-09-23 14:51 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-10-10 17:24 - 2013-09-23 14:51 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-10-10 17:24 - 2013-09-23 14:51 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-10-10 17:24 - 2013-09-23 14:51 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-10-10 17:24 - 2013-09-23 14:51 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-10-10 17:24 - 2013-09-23 14:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-10-10 17:24 - 2013-09-23 14:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-10-10 17:24 - 2013-09-23 14:51 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-10-10 17:24 - 2013-09-23 14:51 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-10-10 17:24 - 2013-09-23 14:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-10-10 17:24 - 2013-09-23 14:50 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-10-10 17:24 - 2013-09-23 14:49 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll

2013-10-10 17:24 - 2013-09-23 13:14 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-10-10 17:24 - 2013-09-23 11:29 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-10-10 17:24 - 2013-09-23 11:29 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-10-10 17:24 - 2013-09-23 11:27 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-10-10 17:24 - 2013-09-23 11:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2013-10-10 17:24 - 2013-08-29 09:36 - 02050048 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2013-10-10 17:24 - 2013-08-01 05:16 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2013-10-10 17:24 - 2013-08-01 04:49 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2013-10-10 17:24 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2013-10-10 17:24 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2013-10-10 17:24 - 2013-07-03 04:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2013-10-10 17:24 - 2013-06-29 04:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2013-10-10 17:24 - 2013-06-29 04:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2013-10-10 17:24 - 2013-06-29 04:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2013-10-10 17:24 - 2013-06-29 04:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2013-10-10 17:24 - 2013-06-27 01:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2013-10-10 17:24 - 2013-06-27 01:01 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys

2013-10-10 17:24 - 2013-06-27 01:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll

2013-10-10 17:24 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2013-10-10 17:24 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2013-10-10 17:24 - 2011-05-05 15:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2013-10-10 17:24 - 2011-05-05 15:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2013-10-05 14:45 - 2013-10-05 14:45 - 00000000 ____D C:\Windows\system32\Adobe
 

==================== One Month Modified Files and Folders =======
 

2013-10-22 23:38 - 2013-10-22 23:37 - 01087503 _____ (Farbar) C:\Users\weimann\Desktop\FRST.exe

2013-10-22 23:36 - 2008-04-01 20:53 - 00028029 _____ C:\Users\weimann\AppData\Roaming\nvModes.001

2013-10-22 23:36 - 2008-02-21 14:33 - 00000422 ____H C:\Windows\Tasks\User_Feed_Synchronization-{32850A4D-009D-44A4-93C4-83647F4DFAD0}.job

2013-10-22 23:35 - 2012-06-18 21:37 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-10-22 23:34 - 2008-02-21 10:03 - 01766032 _____ C:\Windows\WindowsUpdate.log

2013-10-22 23:33 - 2008-02-21 14:22 - 00000000 ____D C:\Program Files\Mozilla Firefox

2013-10-22 23:12 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-10-22 23:12 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2013-10-22 23:12 - 2006-11-02 14:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2013-10-22 15:27 - 2006-11-02 15:01 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-22 13:45 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\tracing

2013-10-22 09:50 - 2013-10-22 23:19 - 00891167 _____ C:\Users\weimann\Desktop\SecurityCheck.exe

2013-10-21 16:15 - 2013-10-21 16:07 - 00000000 ____D C:\AdwCleaner

2013-10-21 16:01 - 2006-11-02 12:33 - 01445786 _____ C:\Windows\system32\PerfStringBackup.INI

2013-10-21 15:57 - 2013-10-21 15:57 - 00000000 ____D C:\Windows\ERUNT

2013-10-21 05:07 - 2013-10-21 05:07 - 00000000 ____D C:\FRST

2013-10-21 03:28 - 2013-10-21 03:28 - 00057174 _____ C:\OTL.Txt

2013-10-21 03:25 - 2008-02-21 10:08 - 00000000 ____D C:\Users\weimann

2013-10-19 22:07 - 2012-06-18 21:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2013-10-19 20:04 - 2013-10-19 19:39 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

2013-10-12 20:04 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET

2013-10-10 19:40 - 2006-11-02 14:47 - 00350640 _____ C:\Windows\system32\FNTCACHE.DAT

2013-10-10 18:40 - 2013-08-14 15:43 - 00000000 ____D C:\Windows\system32\MRT

2013-10-10 18:36 - 2006-11-02 12:24 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

2013-10-09 20:35 - 2012-06-18 21:37 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2013-10-09 20:35 - 2012-02-22 20:59 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2013-10-09 14:26 - 2008-04-11 18:10 - 00000000 ____D C:\Susan

2013-10-05 14:45 - 2013-10-05 14:45 - 00000000 ____D C:\Windows\system32\Adobe

2013-09-23 22:15 - 2008-02-29 12:59 - 00000030 _____ C:\Windows\Iedit_.INI

2013-09-23 14:57 - 2013-10-10 17:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-09-23 14:57 - 2013-10-10 17:24 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-09-23 14:57 - 2013-10-10 17:24 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2013-09-23 14:55 - 2013-10-10 17:24 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2013-09-23 14:53 - 2013-10-10 17:24 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll

2013-09-23 14:52 - 2013-10-10 17:24 - 06017024 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-09-23 14:52 - 2013-10-10 17:24 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-09-23 14:52 - 2013-10-10 17:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2013-09-23 14:52 - 2013-10-10 17:24 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2013-09-23 14:51 - 2013-10-10 17:24 - 11111936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-09-23 14:51 - 2013-10-10 17:24 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-09-23 14:51 - 2013-10-10 17:24 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2013-09-23 14:51 - 2013-10-10 17:24 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2013-09-23 14:51 - 2013-10-10 17:24 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-09-23 14:51 - 2013-10-10 17:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-09-23 14:51 - 2013-10-10 17:24 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-09-23 14:51 - 2013-10-10 17:24 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-09-23 14:51 - 2013-10-10 17:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2013-09-23 14:51 - 2013-10-10 17:24 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-09-23 14:50 - 2013-10-10 17:24 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2013-09-23 14:49 - 2013-10-10 17:24 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll

2013-09-23 13:14 - 2013-10-10 17:24 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2013-09-23 11:29 - 2013-10-10 17:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-09-23 11:29 - 2013-10-10 17:24 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2013-09-23 11:27 - 2013-10-10 17:24 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-09-23 11:27 - 2013-10-10 17:24 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
 

Files to move or delete:

====================

C:\Users\weimann\AppData\Roaming\desktop.ini
 
 

Some content of TEMP:

====================

C:\Users\weimann\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2013-10-22 23:18
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 22-10-2013

Ran by weimann at 2013-10-22 23:40:04

Running from C:\Users\weimann\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

100 Prozent Wimmelbild

Adobe AIR (Version: 1.5.3.9130)

Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)

Adobe Flash Player 11 Plugin (Version: 11.9.900.117)

Adobe Photoshop CS (Version: CS)

Adobe Reader 8.1.1 - Deutsch (Version: 8.1.1)

Adobe Shockwave Player 12.0 (Version: 12.0.4.144)

AFPL Ghostscript 8.53

AFPL Ghostscript Fonts

Agere Systems HDA Modem

ALDI Foto Manager Free Sued (Version: 3.4.0.466)

AuthenTec Fingerprint Sensor Minimum Install (Version: 7.9.2)

AVM FRITZ!Box Dokumentation

AVM FRITZ!Box Druckeranschluss

Big Fish Games: Game Manager (Version: 3.0.1.60)

Black Jack free 2.01c  (Version: 2.01c)

Compatibility Pack für 2007 Office System (Version: 12.0.4518.1014)

CorelDRAW Essential Edition 3

CorelDRAW Essential Edition 3 (Version: 3.0)

CyberLink Power2Go (Version: 6.0.1109a)

CyberLink YouCam (Version: 1.00.0000)

Dark Tales:™ Der Mord in der Rue Morgue von Edgar Allan Poe

DE (Version: 3.0)

Die Jaeger des Geisterhauses 2 (Version: 1.0)

druckstdu.de Designer 1.6.0

Firebird SQL Server - MAGIX Edition (Version: 2.0.1.8)

FreePDF XP (Remove only)

Ghost Town Mysteries

Hidden Mysteries Salem Secrets (Version: 1.0)

HUAWEI DataCard Driver 3.10.02.00 (Version: 3.10.02.00)

Inst5657 (Version: 5.00.91)

Intel(R) Matrix Storage Manager

Jäger des Geisterhauses

Java Auto Updater (Version: 2.0.2.4)

Java(TM) 6 Update 22 (Version: 6.0.220)

Java(TM) 6 Update 3 (Version: 1.6.0.30)

Launch Manager V1.4.9 (Version: 1.4.9)

Letstrade (Version: 1.00.0000)

Lexware buchhalter 2007 (Version: 12.00)

MakeDisc (Version: 3.0.2320)

Margrave Manor 2 (Version: 1.1.0.0)

Margrave Manor: Der Fluch des gebrochenen Herzens

MediaShow (Version: 3.0.4325)

MEDIONbox (Version: 1.09.0000.00052)

Meine Traffic 2.10

Microsoft .NET Framework 1.1 (Version: 1.1.4322)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)

Microsoft Office PowerPoint Viewer 2007 (German) (Version: 12.0.4518.1014)

Microsoft Office XP Professional mit FrontPage (Version: 10.0.2701.0)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Works (Version: 9.7.0621)

Midnight Mysteries - Teufel auf dem Mississippi (Version: 1.1.0.0)

Midnight Mysteries (Version: 1.1.0.0)

Midnight Mysteries Salem Witch Trials (Version: 1.1.0.0)

Mobile Partner (Version: 11.030.01.07.03)

Mozilla Firefox 13.0.1 (x86 de) (Version: 13.0.1)

Mozilla Maintenance Service (Version: 24.0.1)

Mozilla Thunderbird 24.0.1 (x86 de) (Version: 24.0.1)

MSXML 4.0 SP2 (KB925672) (Version: 4.20.9839.0)

MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)

MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)

MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Mystery Case Files&reg;: Dire Grove™

Mystery Case Files: 13th Skull

Mystery Case Files: R&uuml;ckkehr nach Ravenhearst ™

Mystery Case Files: Ravenhearst ™

Mystery Stories - Das Geisterschiff

Mystery Stories - Expedition des Grauens

Nero 8 Essentials (Version: 8.10.124)

neroxml (Version: 1.0.0)

NVIDIA Drivers

OmniPass 5.00.91 (Version: 5.00.91)

PhotoNow! (Version: 1.0.4310)

POP3-Manager (Version: 3.11.0000)

PowerDirector (Version: 6.5.2209a)

PowerDVD (Version: 7.0.3118.0)

PowerProducer (Version: 4.2.2219)

Ralink Wireless LAN (Version: 1.00.0000)

Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000)

Realtek High Definition Audio Driver (Version: 6.0.1.5506)

Realtek USB 2.0 Card Reader (Version: )

Redemption Cemetery: Der Fluch des Raben

Redemption Cemetery: Die Not der Kinder

RedMon - Redirection Port Monitor

Shiver: Die verschollene Tramperin

swMSM (Version: 12.0.0.1)

Synaptics Pointing Device Driver (Version: 10.0.14.0)

System Requirements Lab

TuneUp Utilities 2011 (Version: 10.0.4500.49)

TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4500.49)

Ulead PhotoImpact 12 (Version: 12.0)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)

Update Manager (Version: 4.60)

VCRedistSetup (Version: 1.0.0)

VLC media player 0.9.8a (Version: 0.9.8a)

Windows Live Messenger (Version: 8.1.0178.00)

Youda Legend

Youda Legend Der goldene Paradiesvogel
 

==================== Restore Points  =========================
 

07-08-2013 17:39:10 Windows Update

14-08-2013 07:03:29 Windows Update

14-08-2013 13:40:16 Windows Update

20-08-2013 17:35:44 Windows Update

27-08-2013 16:12:32 Windows Update

29-08-2013 17:48:59 Windows Update

13-09-2013 08:17:17 Windows Update

13-09-2013 11:53:47 Windows Update

17-09-2013 16:59:00 Windows Update

24-09-2013 18:06:52 Windows Update

01-10-2013 14:10:19 Windows Update

05-10-2013 08:12:55 Windows Update

10-10-2013 15:16:30 Windows Update

10-10-2013 16:34:19 Windows Update

15-10-2013 17:35:55 Windows Update

22-10-2013 11:18:12 Windows Update
 

==================== Hosts content: ==========================
 

2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)

Task: {7A030EA0-3F7D-424B-9EBF-0031727E9618} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14] (Sun Microsystems, Inc.)

Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\pla.dll [2008-01-19] (Microsoft Corporation)

Task: {C413DEBE-F202-4347-9233-FE5D7860C24E} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-12-08] (TuneUp Software)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()

Task: {EC8C3586-2A44-49B7-9AE8-09B369AD140E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-09] (Adobe Systems Incorporated)

Task: {F06B5922-0D9C-4A53-B112-F666823246D0} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\User_Feed_Synchronization-{32850A4D-009D-44A4-93C4-83647F4DFAD0}.job => C:\Windows\system32\msfeedssync.exe
 

==================== Loaded Modules (whitelisted) =============
 

2007-12-15 10:49 - 2007-11-02 13:27 - 00065536 _____ () C:\Program Files\Softex\OmniPass\opfsdll.dll

2007-12-15 10:49 - 2007-11-02 13:27 - 00016896 _____ () C:\Program Files\Softex\OmniPass\cryptodll.dll

2007-12-15 10:49 - 2007-11-02 13:28 - 00434176 _____ () C:\Program Files\Softex\OmniPass\userdata.dll

2007-12-15 10:49 - 2007-11-02 13:28 - 01077248 _____ () C:\Program Files\Softex\OmniPass\autheng.dll

2007-12-15 10:49 - 2007-11-02 13:27 - 00013824 _____ () C:\Program Files\Softex\OmniPass\ssplogon.dll

2007-12-15 10:49 - 2007-11-02 13:27 - 00532480 _____ () C:\Program Files\Softex\OmniPass\storeng.dll

2007-12-15 10:49 - 2007-11-02 13:36 - 00048208 _____ () C:\Program Files\Softex\OmniPass\hdddrv.dll

2012-06-18 21:33 - 2012-06-15 00:17 - 02042848 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

2013-10-09 20:35 - 2013-10-09 20:35 - 16233864 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\ProgramData\TEMP:260575F1

AlternateDataStreams: C:\ProgramData\TEMP:2701CA70

AlternateDataStreams: C:\ProgramData\TEMP:927EC486

AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211

AlternateDataStreams: C:\ProgramData\TEMP:A02025CE

AlternateDataStreams: C:\ProgramData\TEMP:B54E4B5A

AlternateDataStreams: C:\ProgramData\TEMP:C22674B6

AlternateDataStreams: C:\ProgramData\TEMP:D31BE97C

AlternateDataStreams: C:\ProgramData\TEMP:E2458802

AlternateDataStreams: C:\ProgramData\TEMP:E91ADC66

AlternateDataStreams: C:\ProgramData\TEMP:EDDBC69E
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== Faulty Device Manager Devices =============
 

Name: Microsoft-ISATAP-Adapter #5

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver
 

Name: isatap.{8F93EB9A-DFD4-4FC6-A339-AD78372A4318}

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver
 

Name: isatap.{8F93EB9A-DFD4-4FC6-A339-AD78372A4318}

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver
 

Name: Microsoft-ISATAP-Adapter #25

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver
 

Name: Microsoft-ISATAP-Adapter #32

Description: Microsoft-ISATAP-Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver
 
 

==================== Event log errors: =========================
 

Application errors:

==================
 

System errors:

=============

Error: (10/22/2013 11:12:19 PM) (Source: Service Control Manager) (User: )

Description: Treiber für parallelen Anschluss%%1058
 

Error: (10/22/2013 00:54:37 PM) (Source: Service Control Manager) (User: )

Description: Treiber für parallelen Anschluss%%1058
 

Error: (10/21/2013 04:18:03 PM) (Source: Service Control Manager) (User: )

Description: Treiber für parallelen Anschluss%%1058
 

Error: (10/21/2013 04:16:29 PM) (Source: Service Control Manager) (User: )

Description: Windows Update
 

Error: (10/21/2013 04:15:56 PM) (Source: Service Control Manager) (User: )

Description: 30000Spooler
 
 

Microsoft Office Sessions:

=========================
 

CodeIntegrity Errors:

===================================

  Date: 2010-07-12 20:20:10.993

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2010-07-12 20:20:10.806

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2010-07-12 20:20:10.634

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2010-07-12 20:20:10.447

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2010-07-12 20:20:10.275

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2010-07-03 10:54:18.263

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2010-07-03 10:54:18.092

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2010-07-03 10:54:17.905

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2010-07-03 10:54:17.717

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 

  Date: 2010-07-03 10:54:09.808

  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 47%

Total physical RAM: 3069.69 MB

Available physical RAM: 1609.63 MB

Total Pagefile: 6341.64 MB

Available Pagefile: 5289.86 MB

Total Virtual: 2047.88 MB

Available Virtual: 1917.53 MB
 

==================== Drives ================================
 

Drive c: (BOOT) (Fixed) (Total:126.37 GB) (Free:52.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (RECOVER) (Fixed) (Total:22.66 GB) (Free:12.23 GB) FAT32

Drive e: (USB-STICK) (Removable) (Total:1.88 GB) (Free:1.77 GB) FAT
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 08DB956A)

Partition 1: (Not Active) - (Size=23 GB) - (Type=OF Extended)

Partition 2: (Active) - (Size=126 GB) - (Type=07 NTFS)
 

========================================================

Disk: 2 (Size: 2 GB) (Disk ID: 6B736964)

No partition Table on disk 2.
 

==================== End Of Log ============================