Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Falsche Umleitung bei Google (https://www.trojaner-board.de/111951-falsche-umleitung-google.html)

cucho 20.03.2012 15:56
Falsche Umleitung bei Google
 
Liebe Experten !

Seit kurzem werde ich beim Googeln auf Trash-Seiten umgeleitet.
Meistens handelt es sich dabei um irgendwelche Uhren-Repliken oder Web-Shops, aber auch Groupon o. Ä.
In der Adresszeile taucht dabei meist der Begriff "thealltimes" auf.

Ich schütze mein System mit Avira Antivirus Premium 2012 (leider erst seit heute, zuvor hatte ich nur die Freeware-Version und war der Auffassung, dieses würde reichen, da ich seit vielen Jahren damit keine Probleme hatte).

Malwarebytes, Hijack this und Spybot habe ich ebenfalls installiert. Im Hintergrund läuft neben anderen Standards noch Soluto.

Ad-Aware musste ich deinstallieren, da mich Antivir bei der Installation dazu aufgefordert hatte.
Ebenso sollte ich laut Antivir auch Malwarebytes und Spybot deinstallieren, was ich jedoch - nachdem ich einige Foreneinträge gelesen hatte - unterließ.

Leider bin ich Sachen "Schädlingsbekämpfung" nicht sonderlich talentiert - um genau zu sein, kenne ich mich in diesem Bereich kaum aus.

Ich wäre sehr dankbar, wenn sich jemand finden ließe, der mir im Kampf beisteht.
Alles in den Müll zu hauen und das System komplett neu aufzubauen - daran darf ich gar nicht erst denke. Ich hoffe SEHR, dass es ohne gehen wird.

Ein Hinweis noch: Wenn ich umgeleitet werde, klicke ich auf den "Zurück"-Button, meistens klappt es dann mit der richtigen Zuführung nach 2 bis 3 Versuchen. Die Sache ist nicht wirklich so extrem störend, aber für mich ein Hinweis darauf, dass da etwas nicht stimmt.

Danke Euch

Steve

markusg 20.03.2012 16:06
hi,
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

cucho 20.03.2012 17:03
Hier der OTL-Report:

OTL Logfile:
Code:
OTL logfile created on: 2012/03/20 16:47:44 - Run 4
OTL by OldTimer - Version 3.2.39.1    Folder = C:\Dokumente und Einstellungen\Lutz\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: yyyy/MM/dd
 
2,00 Gb Total Physical Memory | 1,08 Gb Available Physical Memory | 54,22% Memory free
4,91 Gb Paging File | 3,95 Gb Available in Paging File | 80,44% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,08 Gb Total Space | 35,88 Gb Free Space | 12,04% Space Free | Partition Type: NTFS
Drive W: | 4,00 Gb Total Space | 3,67 Gb Free Space | 91,68% Space Free | Partition Type: FAT
 
Computer Name: PC | User Name: Lutz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/03/20 16:45:30 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutz\Desktop\OTL.exe
PRC - [2012/02/17 19:29:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012/01/31 09:11:51 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/01/31 09:11:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012/01/31 09:11:01 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/01/31 09:10:56 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/01/31 09:10:56 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/01/31 09:10:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/01/25 19:05:44 | 001,712,176 | ---- | M] (Soluto) -- C:\Programme\Soluto\Soluto.exe
PRC - [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto) -- C:\Programme\Soluto\SolutoService.exe
PRC - [2012/01/18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012/01/13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/11/21 12:07:36 | 001,259,624 | ---- | M] (1&1 Mail & Media GmbH) -- C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
PRC - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/08/01 14:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Programme\SweetIM\Messenger\SweetIM.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/02/23 22:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2011/01/11 16:25:38 | 001,051,264 | ---- | M] (Genie-soft) -- C:\Programme\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
PRC - [2011/01/11 16:25:38 | 000,362,624 | ---- | M] (Genie-Soft) -- C:\Programme\Genie-Soft\Genie Timeline\GenieTimelineService.exe
PRC - [2010/06/15 09:55:52 | 000,039,936 | ---- | M] (The PHP Group) -- C:\Programme\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
PRC - [2010/06/15 09:53:48 | 001,417,216 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
PRC - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
PRC - [2009/09/19 10:18:06 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2009/09/06 17:02:19 | 000,067,128 | ---- | M] (Logitech Inc.) -- c:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 06:52:46 | 001,544,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2006/12/12 09:46:52 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2006/05/24 05:20:44 | 000,018,944 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFIHLP.EXE
PRC - [2006/05/24 05:05:45 | 000,730,112 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTXFISPI.EXE
PRC - [2006/01/21 12:41:56 | 000,118,784 | ---- | M] () -- C:\Programme\Vista Rainbar\Rainmeter.exe
PRC - [2005/07/30 21:17:20 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Programme\Olympus\DeviceDetector\DM1Service.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/02/18 09:40:14 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/17 19:28:59 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012/02/16 19:12:30 | 000,838,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDataAggregation\360df41a05e7617f1e64eca8b620e181\PCGDataAggregation.ni.dll
MOD - [2012/02/16 19:12:30 | 000,684,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoCleanup\eae9ae33ab98878a7c1e60eb4b4d76c1\SolutoCleanup.ni.dll
MOD - [2012/02/16 19:12:28 | 000,357,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemFootp#\90ccb042dc0be31da30f1c4ed310fdd4\PCGCatalogItemFootprint.ni.dll
MOD - [2012/02/16 19:12:28 | 000,333,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\8f295da6e1ac004f96f13378043476f2\PCGBootVisualizingCore.ni.dll
MOD - [2012/02/16 19:12:27 | 000,876,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBrowsersProbe\bbf205347028baa69c358251530b4126\PCGBrowsersProbe.ni.dll
MOD - [2012/02/16 19:12:26 | 000,344,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGSAProbe\da41a181609ecf93fba1cb55430105bb\PCGSAProbe.ni.dll
MOD - [2012/02/16 19:12:25 | 000,111,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCatalogItemCache\ac5eeda8b9d98e7f2d87ac651a354afe\PCGCatalogItemCache.ni.dll
MOD - [2012/02/16 19:12:24 | 000,888,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommunicat#\ff345df442cdcd997a6a2490ebec1b9c\PCGClientCommunication.ni.dll
MOD - [2012/02/16 19:12:24 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGEntities\db2e71ae4e3dde727eb9b1112783bcb9\PCGEntities.ni.dll
MOD - [2012/02/16 19:12:23 | 000,129,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoUpdateService\3a0fa3984e236b7a75b3c909dfef8ced\SolutoUpdateService.ni.dll
MOD - [2012/02/16 19:12:22 | 001,933,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SolutoService\4eec3c6cf20872fa6757daf52cd0b574\SolutoService.ni.exe
MOD - [2012/02/16 19:12:22 | 000,148,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUpgrader\cd1c23f4aa813d74bcdafa2fee0bbec6\PCGUpgrader.ni.dll
MOD - [2012/02/16 19:12:12 | 000,645,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPostBootResources\90018d74d8f07518d4f54f9e6c0268c0\PCGPostBootResources.ni.dll
MOD - [2012/02/16 19:12:12 | 000,060,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGHIDProbe\24b5b3eb839c33e9412b743ab956ee59\PCGHIDProbe.ni.dll
MOD - [2012/02/16 19:12:11 | 000,044,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGRSPProbe\186b1d1a6ebdbaa80128337eaf7699f0\PCGRSPProbe.ni.dll
MOD - [2012/02/16 19:12:08 | 002,327,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Community.CsharpSql#\4fd4a77fda7c2de21fb561f5bea96f4e\Community.CsharpSqlite.ni.dll
MOD - [2012/02/16 19:12:07 | 004,109,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGClientCommon\bd3ee210527fd8210b7ac9cc99ecc090\PCGClientCommon.ni.dll
MOD - [2012/02/16 19:12:07 | 000,067,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGUsersCenter\875b3737ddc0bcf3040a04120e1e9c8b\PCGUsersCenter.ni.dll
MOD - [2012/02/16 19:12:07 | 000,026,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAppControlPlugin#\13b0b5c4a64a30dc8c4021d2c40c17db\PCGAppControlPluginLoader.ni.dll
MOD - [2012/02/16 19:12:04 | 000,197,632 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGBootVisualizingC#\ba5b3c49e4d0254a2138dacc943dcba6\PCGBootVisualizingCommon.ni.dll
MOD - [2012/02/16 19:12:02 | 000,065,024 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGConfiguration\28564b93772e724051a9f886512285bf\PCGConfiguration.ni.dll
MOD - [2012/02/16 19:12:01 | 000,766,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\4608321d03e3ccba57b16ca7e6299ebe\System.Data.SqlServerCe.ni.dll
MOD - [2012/02/16 19:12:00 | 003,903,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDatabase\d418c69e65592fde09dfb27ed6c3d4af\PCGDatabase.ni.dll
MOD - [2012/02/16 19:11:58 | 001,308,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureShared\326d4abf8ef5c17d607e837e5ede8e01\PCGAzureShared.ni.dll
MOD - [2012/02/16 19:11:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2012/02/16 19:11:57 | 001,278,464 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGCommunication\335405a95001384843800057211f4811\PCGCommunication.ni.dll
MOD - [2012/02/16 19:11:56 | 000,194,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGDriverProbe\67192c33a90a54c01312f1ef46082f17\PCGDriverProbe.ni.dll
MOD - [2012/02/16 19:11:55 | 002,845,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPreCompiled\2670ccbc0dcec9627647765c40e8e23a\PCGPreCompiled.ni.dll
MOD - [2012/02/16 19:11:53 | 000,596,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Ionic.Zip.Reduced\e5fda0e4f58f3145384f1a90a5c16c09\Ionic.Zip.Reduced.ni.dll
MOD - [2012/02/16 19:11:53 | 000,205,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGPrestoSerializer\eaaf2a2f7f22aa69fe9ea81cbcbaf01a\PCGPrestoSerializer.ni.dll
MOD - [2012/02/16 19:11:52 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
MOD - [2012/02/16 19:11:40 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
MOD - [2012/02/16 19:11:40 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
MOD - [2012/02/16 19:11:40 | 000,280,064 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 19:11:39 | 001,554,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\ff6010a4a96718eabacee87d09f39aa8\Newtonsoft.Json.Net35.ni.dll
MOD - [2012/02/16 19:11:38 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
MOD - [2012/02/16 19:11:38 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
MOD - [2012/02/16 19:11:36 | 002,652,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGFramework\9b867a950447d7405f03ad82e920d6c4\PCGFramework.ni.dll
MOD - [2012/02/16 19:11:34 | 001,999,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Soluto\7b1d9ea7bd22654622b5f01453e20285\Soluto.ni.exe
MOD - [2012/02/16 19:11:14 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
MOD - [2012/02/16 17:42:31 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/16 17:14:07 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/16 17:14:03 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/16 17:13:54 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/16 17:13:45 | 002,516,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
MOD - [2012/02/16 17:13:42 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/02/16 17:13:38 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
MOD - [2012/02/16 17:12:48 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/16 17:12:02 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/02/16 17:11:54 | 000,113,664 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2012/02/16 17:11:53 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/01/31 09:11:17 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012/01/30 11:43:56 | 000,050,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.NetFwTypeLib\88062dbcdba732ceb9fdd86a742fbece\Interop.NetFwTypeLib.ni.dll
MOD - [2012/01/30 11:43:43 | 000,202,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGWuInfo\7e0f151afe2970214d839f9858ed7dc9\PCGWuInfo.ni.dll
MOD - [2012/01/30 11:43:43 | 000,100,864 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.IWshRuntime#\d1b78475fd571b27e9f55dd9f2a5cb24\Interop.IWshRuntimeLibrary.ni.dll
MOD - [2012/01/30 11:43:34 | 000,047,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PCGAzureEntityFrame#\39e5b6e68e13d09edc6482a737735c74\PCGAzureEntityFramework.ni.dll
MOD - [2012/01/25 18:57:02 | 000,071,216 | ---- | M] () -- C:\Programme\Soluto\PCGDllExportInspector.dll
MOD - [2011/10/13 16:08:55 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/29 17:10:12 | 000,396,288 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSBackupManager.dll
MOD - [2011/01/31 16:21:46 | 000,342,528 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSIndexDB.dll
MOD - [2011/01/11 16:25:38 | 000,467,968 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSWatcher4.dll
MOD - [2011/01/11 16:25:38 | 000,048,128 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSLogManager.dll
MOD - [2011/01/09 16:00:42 | 000,051,712 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\QueueManager.dll
MOD - [2011/01/09 16:00:42 | 000,043,008 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSLibrariesManager.dll
MOD - [2011/01/09 16:00:42 | 000,038,400 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSLogging.dll
MOD - [2011/01/09 16:00:42 | 000,009,728 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\VSSEngine_Proxy.dll
MOD - [2011/01/09 16:00:40 | 000,144,384 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\Settings.dll
MOD - [2011/01/09 16:00:40 | 000,111,616 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\BlockLevel2.dll
MOD - [2010/11/21 15:54:34 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010/11/08 16:15:40 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2010/08/31 11:43:58 | 000,080,384 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSEncryption.dll
MOD - [2010/08/31 11:43:58 | 000,072,192 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSCurl.dll
MOD - [2010/08/31 11:42:12 | 000,023,040 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\WebServer\PHP\ext\php_gstl_interface.dll
MOD - [2010/06/15 11:00:28 | 000,921,088 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\sqlite3.dll
MOD - [2010/06/15 09:53:48 | 001,417,216 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\WebServer\nginx\GSTimeLineSearch.exe
MOD - [2010/06/15 09:50:50 | 001,024,000 | ---- | M] () -- C:\Programme\Genie-Soft\Genie Timeline\GSTimelineShellRes.dll
MOD - [2009/09/06 17:02:11 | 000,061,496 | ---- | M] () -- C:\Programme\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\clntutil.dll
MOD - [2009/02/27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008/02/25 21:23:10 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006/01/21 12:41:56 | 000,118,784 | ---- | M] () -- C:\Programme\Vista Rainbar\Rainmeter.exe
MOD - [2006/01/21 09:57:54 | 000,245,760 | ---- | M] () -- C:\Programme\Vista Rainbar\Rainmeter.dll
MOD - [2005/02/17 10:22:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\CTXFIGER.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/31 09:11:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/01/31 09:11:01 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/01/31 09:10:56 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/01/31 09:10:56 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/25 19:05:44 | 000,547,872 | ---- | M] (Soluto) [Auto | Running] -- C:\Programme\Soluto\SolutoService.exe -- (SolutoService)
SRV - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/06/08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/01/11 16:25:38 | 000,362,624 | ---- | M] (Genie-Soft) [On_Demand | Running] -- C:\Programme\Genie-Soft\Genie Timeline\GenieTimelineService.exe -- (GenieTimelineService)
SRV - [2010/03/10 13:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/12/13 18:10:56 | 000,447,784 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/09/04 10:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/07/30 21:17:20 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Programme\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012/03/20 15:09:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/02/18 09:40:46 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/01/25 18:56:46 | 000,051,144 | ---- | M] (Soluto LTD.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Soluto.sys -- (Soluto)
DRV - [2011/12/15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/11/21 12:02:36 | 000,148,992 | ---- | M] (1&1 Mail & Media GmbH) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\uiwbrdr.SYS -- (uiwbrdr)
DRV - [2011/05/18 09:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 09:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 09:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 09:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/23 09:38:50 | 000,056,320 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\DualCoreCenter\RushTop.sys -- (RushTopDevice2)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/27 07:08:04 | 000,028,160 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\DualCoreCenter\NTGLM7X.sys -- (DualCoreCenter)
DRV - [2008/02/14 10:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/03/05 12:08:36 | 000,079,649 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rdwm1009.sys -- (RDID1009)
DRV - [2006/09/24 14:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/05/24 04:41:07 | 000,007,168 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/05/24 04:41:04 | 000,499,584 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/05/24 04:40:21 | 001,110,016 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/05/24 04:38:30 | 000,116,224 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/05/24 04:38:08 | 000,143,872 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/05/24 04:38:01 | 000,078,336 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/05/24 04:37:44 | 000,502,272 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/04/21 05:26:42 | 000,024,192 | R--- | M] (Infineon Technologies AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM851X.SYS -- (ADM851X)
DRV - [2005/11/10 10:06:03 | 000,340,704 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKLM\..\SearchScopes,DefaultScope = {EBCEEC28-9373-400C-B420-7A47C14B26DB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{EBCEEC28-9373-400C-B420-7A47C14B26DB}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = WEB.DE Suche - einfach, schnell und relevant!
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = WEB.DE Suche - einfach, schnell und relevant!
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9C 11 85 66 B0 2F CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3A6CE8D6-4378-4163-82AE-AB0FB8486811}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKCU\..\SearchScopes\{B52B82D4-3107-4D0F-B25E-677FA0CCF2D9}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKCU\..\SearchScopes\{FE459AD1-0C34-4936-86E1-A48C71F6C584}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: toolbar@web.de:1.5.1
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.backup.ftp: "94.23.192.21"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "94.23.192.21"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "94.23.192.21"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "94.23.192.21"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "94.23.192.21"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "94.23.192.21"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "94.23.192.21"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "94.23.192.21"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "94.23.192.21"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search Results"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Programme\Virtual Earth 3D\ [2009/09/16 09:13:21 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/11/17 10:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Programme\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/07 10:46:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/12 01:12:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/02/17 19:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/10/12 17:11:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/09/01 15:00:49 | 000,000,000 | ---D | M]
 
[2012/01/02 11:08:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Extensions
[2012/03/09 09:01:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\extensions
[2012/01/25 20:05:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/10/07 08:36:37 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\extensions\toolbar@ask.com
[2011/11/05 17:15:50 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\11-suche.xml
[2011/11/05 17:15:50 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\englische-ergebnisse.xml
[2011/11/05 17:15:50 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\gmx-suche.xml
[2011/11/05 17:15:50 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\lastminute.xml
[2012/01/02 11:08:40 | 000,002,519 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\Search_Results.xml
[2012/01/03 16:31:42 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\sweetim.xml
[2011/08/30 15:50:17 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\searchplugins\webde-suche.xml
[2012/03/18 15:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/03/18 15:11:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\LUTZ\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\QLSCEU4Q.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/02/12 01:12:18 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/03/18 15:11:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/06 15:49:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/02/17 19:29:00 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/03/18 15:11:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2005/04/27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\mozilla firefox\plugins\npracplug.dll
[2011/03/22 19:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2010/03/31 09:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 11:36:02 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2011/10/14 13:42:28 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/14 13:42:28 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/10/14 13:42:28 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/14 13:42:28 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/02 11:08:40 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml
[2011/10/14 13:42:28 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/14 13:42:28 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={069A84CF-3620-11E1-AD94-001D92F40C1C}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Programme\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npracplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPSibelius.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Programme\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: PriceGong = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.5.4_0\
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2008/07/21 11:00:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Programme\PriceGong\2.5.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O2 - BHO: (no name) - {643DF53E-E483-4C8A-BFC8-296259E5A9A5} - No CLSID value found.
O2 - BHO: (no name) - {6941D017-5EF5-4350-A8EE-DF9A3F34B1FB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\Webbrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\Webbrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\Webbrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\Webbrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\Webbrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\Webbrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [WEB.DE_WEB.DE SmartDrive Manager] C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE (1&1 Mail & Media GmbH)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Lutz\Startmenü\Programme\Autostart\Vista Rainbar.lnk = C:\Programme\Vista Rainbar\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] * in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] * in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0129280-5559-48B9-BB12-40CFA1794BCC}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Programme\Soluto\soluto.exe /userinit) - C:\Programme\Soluto\soluto.exe (Soluto)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/17 17:33:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{98017fba-c764-11dd-a653-001d92f40c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{98017fba-c764-11dd-a653-001d92f40c1c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{98017fba-c764-11dd-a653-001d92f40c1c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{E9D28A7F-49A0-41E8-95B7-4C699B1D3A6A} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "Nero BackItUp Scheduler 3"
MsConfig - Services: "NVSvc"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^admin^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe - (Logitech Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^admin^Startmenü^Programme^Autostart^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Device Detector 3.lnk - C:\Programme\Olympus\DeviceDetector\DevDtct2.exe - (OLYMPUS IMAGING CORP.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Directrec Configuration Tool.lnk - C:\Programme\Olympus\DSSPlayerPro\DirectrecConfig.exe - (OLYMPUS IMAGING CORP.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^DualCoreCenter.lnk - C:\Programme\MSI\DualCoreCenter\StartUpDualCoreCenter.exe - ()
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Lutz^Startmenü^Programme^Autostart^Logitech SetPoint.lnk - C:\Programme\Logitech\SetPoint\SetPoint.exe - (Logitech, Inc.)
MsConfig - StartUpReg: LiveMonitor - hkey= - key= - C:\Programme\MSI\Live Update 3\LMonitor.exe ()
MsConfig - StartUpReg: MediaGet2 - hkey= - key= -  File not found
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/03/20 16:45:30 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutz\Desktop\OTL.exe
[2012/03/20 15:09:17 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/03/20 15:05:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012/03/20 15:05:47 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/20 15:05:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012/03/20 10:09:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012/02/20 23:35:26 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Lutz\Recent
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/03/20 16:45:30 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutz\Desktop\OTL.exe
[2012/03/20 16:28:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/20 16:01:00 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/03/20 14:56:48 | 000,166,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/03/20 14:55:56 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/03/20 14:55:53 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/20 14:55:48 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\pvizimdcnt.job
[2012/03/20 14:55:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/20 14:55:01 | 000,064,900 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2012/03/20 14:55:01 | 000,055,328 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2012/03/20 14:55:01 | 000,055,328 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00211102}.rfx
[2012/03/20 14:55:01 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/03/20 14:55:01 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/03/18 15:04:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/17 11:09:00 | 000,241,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/16 15:22:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/14 18:41:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/28 11:49:06 | 000,485,070 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/02/28 11:49:06 | 000,463,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/28 11:49:06 | 000,095,916 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/02/28 11:49:06 | 000,080,088 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/03/14 18:41:21 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/02/16 14:11:47 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/10 22:05:21 | 000,000,185 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc
[2011/12/12 11:21:55 | 000,000,015 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\dlex.ini
[2011/09/08 13:30:09 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/09/08 13:30:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/09/08 13:30:07 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/09/08 13:30:07 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/09/08 13:30:05 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/05/26 09:03:49 | 000,504,706 | ---- | C] () -- C:\Programme\aicon121.zip
[2011/05/06 19:20:53 | 013,957,392 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011/05/05 15:39:31 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2011/05/05 15:39:30 | 000,040,129 | ---- | C] () -- C:\WINDOWS\iccsigs.dat
[2011/05/05 15:39:30 | 000,000,149 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2011/04/25 21:55:24 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2010/06/08 10:22:04 | 000,048,640 | ---- | C] () -- C:\WINDOWS\grwprocs.dll
[2010/06/08 10:22:04 | 000,000,770 | ---- | C] () -- C:\WINDOWS\C-B settings.ini
[2010/05/20 15:42:04 | 000,086,445 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2010/05/20 15:42:04 | 000,000,191 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/04/07 10:46:32 | 000,023,643 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
 
========== LOP Check ==========
 
[2011/09/01 14:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon
[2010/05/04 09:52:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2012/01/02 11:22:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2011/09/01 14:01:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DesktopIcons
[2010/12/02 18:59:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2009/11/17 10:43:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010/01/04 13:56:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2011/09/09 12:23:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2010/01/04 12:18:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache
[2009/02/01 11:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009/09/19 10:40:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst
[2011/12/09 11:32:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution
[2008/10/28 10:56:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RoboForm
[2012/02/20 22:51:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Soluto
[2012/03/20 15:42:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2011/12/14 19:04:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008/08/31 16:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WEB.DE
[2009/09/06 21:01:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X-Setup Pro
[2009/03/28 11:34:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2011/09/01 15:26:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2010/04/08 18:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/19 12:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/08 14:15:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/01/02 11:09:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{B49A644A-1076-4A3D-B124-DAA7862F2318}
[2011/05/26 09:04:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\aicon
[2011/04/22 12:50:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Amazon
[2010/05/11 10:33:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Ashampoo
[2012/01/03 16:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\atunes
[2011/03/17 22:30:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Chess Tutor
[2012/02/15 09:42:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\DDMSettings
[2010/12/02 19:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\elsterformular
[2010/05/05 23:08:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Facebook
[2011/07/18 09:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\FileZilla
[2012/01/03 15:07:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Genie-Soft
[2010/08/23 11:59:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\letstunes
[2009/06/08 10:47:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Neuratron
[2011/03/02 23:04:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Notepad++
[2011/04/08 13:22:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\OpenOffice.org
[2008/07/18 21:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\PC Suite
[2012/03/20 15:44:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\PriceGong
[2012/01/02 11:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\searchqutoolbar
[2009/08/18 18:10:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\SharePod
[2011/07/19 14:29:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Simfy
[2012/01/10 22:43:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Soluto
[2009/05/21 12:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\SoundSpectrum
[2011/09/08 13:31:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\Video DVD Maker FREE
[2009/05/08 11:24:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\WEB.DE
[2009/09/07 23:50:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\X-Setup Pro
[2012/03/20 14:55:56 | 000,000,304 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/03/20 14:55:48 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\pvizimdcnt.job
[2012/03/20 16:01:00 | 000,000,224 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2009/09/06 15:46:47 | 000,000,000 | ---D | M] -- C:\1a73ed5fa261ea0ebae06d
[2010/02/10 15:58:39 | 000,000,000 | ---D | M] -- C:\981290707d98ffde5d
[2012/03/20 10:07:14 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2008/07/18 23:02:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2008/07/17 18:09:33 | 000,000,000 | ---D | M] -- C:\Intel
[2011/05/05 15:39:30 | 000,000,000 | ---D | M] -- C:\KPCMS
[2008/06/25 16:25:08 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009/09/19 10:30:13 | 000,000,000 | ---D | M] -- C:\My Download Files
[2009/09/19 10:30:17 | 000,000,000 | ---D | M] -- C:\My Games
[2009/10/02 16:30:20 | 000,000,000 | ---D | M] -- C:\My Music
[2008/07/17 18:55:00 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2008/07/19 02:08:47 | 000,000,000 | ---D | M] -- C:\old_pc
[2009/11/24 19:05:15 | 000,000,000 | ---D | M] -- C:\OTR_Downloader
[2008/09/01 11:32:02 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/03/20 15:05:47 | 000,000,000 | R--D | M] -- C:\Programme
[2011/03/26 12:17:21 | 000,000,000 | ---D | M] -- C:\programs
[2008/07/21 11:02:34 | 000,000,000 | ---D | M] -- C:\QooBox
[2008/07/29 23:34:46 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009/09/29 11:58:20 | 000,000,000 | ---D | M] -- C:\savwsa
[2009/09/06 15:43:25 | 000,000,000 | ---D | M] -- C:\STO
[2012/03/20 12:30:52 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009/09/06 17:11:23 | 000,000,000 | ---D | M] -- C:\T-Online
[2011/09/08 13:31:21 | 000,000,000 | ---D | M] -- C:\videodvdmaker
[2009/09/06 15:03:04 | 000,000,000 | ---D | M] -- C:\Vista Icon Pack ST
[2012/03/20 14:55:41 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
[2009/07/08 21:32:34 | 003,076,096 | ---- | M] (Jeffrey Harris) -- C:\Programme\SharePod.exe
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2006/02/28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2006/02/28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2006/02/28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2006/02/28 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe
[2008/04/14 06:52:46 | 001,544,192 | ---- | M] (Microsoft Corporation) MD5=C4F91B363B29E589E84E6D9D41A92952 -- C:\WINDOWS\explorer.exe
[2008/04/14 06:52:46 | 001,544,192 | ---- | M] (Microsoft Corporation) MD5=C4F91B363B29E589E84E6D9D41A92952 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2006/02/28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2006/02/28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2006/02/28 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008/04/14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\user32.dll
[2008/04/14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=C268AE6C540CC43F2264C8CB7A9A4243 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=C268AE6C540CC43F2264C8CB7A9A4243 -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006/02/28 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006/02/28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 06:53:06 | 000,552,448 | ---- | M] (Microsoft Corporation) MD5=AD37DF3FB8F168E42C09B77B487F6812 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 06:53:06 | 000,552,448 | ---- | M] (Microsoft Corporation) MD5=AD37DF3FB8F168E42C09B77B487F6812 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006/02/28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006/02/28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008/06/18 01:24:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008/06/18 01:24:52 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008/06/18 01:24:52 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2011/01/03 11:33:56 | 000,000,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\.SIG_DIALOG_VOREINSTELLUNG
[2011/01/03 11:33:56 | 000,000,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\.SIG_PINSTATUS_VOREINSTELLUNG
[2011/12/01 11:31:04 | 000,000,032 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\.simfy
[2009/04/06 09:55:24 | 000,000,218 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\default.pls
[2012/03/20 15:03:31 | 009,437,184 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutz\ntuser.dat
[2012/03/20 16:57:47 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\Lutz\NTUSER.DAT.LOG
[2012/03/20 14:54:29 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Lutz\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012/02/03 10:57:08 | 001,860,224 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2

< End of report >
--- --- ---

cucho 20.03.2012 17:07
Hier der Malwarebytes-Report:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.20.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lutz :: PC [Administrator]

2012/03/20 16:00:06
mbam-log-2012-03-20 (16-00-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214531
Laufzeit: 15 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cucho 20.03.2012 17:10
Kann es sein, dass es etwas mit Searchqu zu tun hat? Hatte ich früher mal installiert, weil ich dachte, es sei sinnvoll. Habe dann jedoch schnell gemerkt, dass es nichts taugte und es wieder deinstalliert. Womöglich sind da noch Reste vorhanden?

markusg 20.03.2012 19:54
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

cucho 20.03.2012 22:48
Hier das Combofix-Logfile:

Combofix Logfile:
Code:
ComboFix 12-03-20.01 - Lutz 2012/03/20  22:11:10.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1315 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Lutz\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\Lutz\4.0
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\Microsoft\Windows\UsrClass.dat
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\1.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\2229.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\a.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\b.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\c.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\d.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\e.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\f.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\g.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\h.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\i.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\j.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\k.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\l.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\m.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\mru.xml
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\n.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\o.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\p.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\q.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\r.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\s.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\t.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\u.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\v.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\w.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\wlu.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\x.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\y.txt
c:\dokumente und einstellungen\Lutz\Anwendungsdaten\PriceGong\Data\z.txt
c:\dokumente und einstellungen\Lutz\WINDOWS
c:\windows\bwUnin-8.1.1.50-8876480SL.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\dllcache\dlimport.exe
c:\windows\unin0407.exe
.
Infizierte Kopie von c:\windows\system32\midimap.dll wurde gefunden und desinfiziert
Kopie von - c:\windows\NiwradSoft Shell Pack\Backup\midimap.dll wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-20 bis 2012-03-20  ))))))))))))))))))))))))))))))
.
.
2012-03-20 14:05 . 2012-03-20 14:05        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-03-20 14:05 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-18 14:11 . 2008-07-19 15:30        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2012-03-18 14:11 . 2010-05-04 08:59        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-18 08:40 . 2012-02-12 00:15        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-02-18 08:40 . 2011-05-20 07:43        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-03 09:57 . 2006-02-28 12:00        1860224        ----a-w-        c:\windows\system32\win32k.sys
2012-01-25 17:56 . 2012-01-10 20:56        51144        ----a-w-        c:\windows\system32\drivers\Soluto.sys
2012-01-11 19:06 . 2012-02-16 13:11        3072        ------w-        c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2008-07-17 16:30        139784        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-01-04 00:48 . 2012-01-04 00:48        354176        ----a-w-        c:\windows\system32\DivXControlPanelApplet.cpl
2009-09-19 09:28 . 2009-09-19 09:28        774144        ----a-w-        c:\programme\RngInterstitial.dll
2009-07-08 20:32 . 2009-08-18 16:58        3076096        ----a-w-        c:\programme\SharePod.exe
2010-03-31 08:09 . 2010-03-31 08:09        10437264        ----a-w-        c:\programme\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 10:36 . 2010-04-08 10:36        107760        ----a-w-        c:\programme\mozilla firefox\plugins\ScorchPDFWrapper.dll
2012-02-17 18:29 . 2011-04-05 08:30        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 05:52 . D0DE8A2EC95184E5193BB4B3112E29DF . 846848 . . [2001.12.4414.700] . . c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2008-04-14 05:52 . 08AD15F9B0449D12587A2ED34AAACD12 . 1548800 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll
[-] 2008-04-14 05:52 . 08AD15F9B0449D12587A2ED34AAACD12 . 1548800 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2006-02-28 12:00 . 4B9D9E2708019763C5A72DA776DB1158 . 846848 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll
.
[7] 2008-04-14 . F09A527B422E25C478E38CAA0E44417A . 513024 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . AD37DF3FB8F168E42C09B77B487F6812 . 552448 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2006-02-28 . 2B6A0BAF33A9918F09442D873848FF72 . 507392 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2008-04-14 . B0050CC5340E3A0760DD8B417FF7AEBD . 580096 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . C268AE6C540CC43F2264C8CB7A9A4243 . 580096 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . C268AE6C540CC43F2264C8CB7A9A4243 . 580096 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2006-02-28 . 56785FD5236D7B22CF471A6DA9DB46D8 . 578560 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll
.
[-] 2008-04-14 . C4F91B363B29E589E84E6D9D41A92952 . 1544192 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 418045A93CD87A352098AB7DABE1B53E . 1036800 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . C4F91B363B29E589E84E6D9D41A92952 . 1544192 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2006-02-28 . 22FE1BE02EADDE1632E478E4125639E0 . 1035264 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . B4E7A9D7524304DC390E19ED7E1D7EE3 . 283136 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . AD9226BF3CED13636083BB9C76E9D2A2 . 153600 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\regedit.exe
[-] 2008-04-14 . B4E7A9D7524304DC390E19ED7E1D7EE3 . 283136 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[7] 2006-02-28 . 8193CE5FB09E83F2699FD65BBCBE2FD2 . 153600 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
[7] 2008-04-14 . 01B4E6E990B6C5EA8856D96C7FD044B2 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 6BB3F4E4B01913F1764CC137E841B520 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 6BB3F4E4B01913F1764CC137E841B520 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2006-02-28 . 7CE20569925DF6789C31799F0C538F29 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
[7] 2008-04-14 . 0DAF0705D7B39C94E287913226688804 . 348672 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\hnetcfg.dll
[-] 2008-04-14 . 0F68637BB752D674D110928CD31B7292 . 373248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\hnetcfg.dll
[-] 2008-04-14 . 0F68637BB752D674D110928CD31B7292 . 373248 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2006-02-28 . AE93E415220A4C0112768A0DEE36D28D . 348672 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\hnetcfg.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2011-08-24 130864]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-05-11 15:38        154216        ----a-w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2011-05-09 09:49        176936        ----a-w-        c:\programme\softonic-de3\prxtbsof2.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23        1385864        ----a-w-        c:\programme\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2011-08-24 17:21        1299248        ----a-r-        c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\programme\softonic-de3\prxtbsof2.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\programme\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"= "c:\programme\softonic-de3\prxtbsof2.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2011-08-24 1299248]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WEB.DE_WEB.DE SmartDrive Manager"="c:\programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" [2011-11-21 1259624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"VolPanel"="c:\programme\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2006-04-05 122880]
"CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-05-24 18944]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2011-02-23 371200]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2009-09-19 198160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
Logitech Desktop Messenger.lnk - c:\programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-9-6 67128]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-2-9 805392]
Verknüpfung mit Mnet Online.lnk -  [N/A]
.
c:\dokumente und einstellungen\Lutz\Startmenü\Programme\Autostart\
Vista Rainbar.lnk - c:\programme\Vista Rainbar\Rainmeter.exe [2008-6-4 118784]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-2-9 805392]
.
c:\dokumente und einstellungen\Default User\Startmenü\Programme\Autostart\
Logitech Desktop Messenger.lnk - c:\programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-9-6 67128]
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-2-9 805392]
Verknüpfung mit Mnet Online.lnk -  [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42        72208        ----a-w-        c:\programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^admin^Startmenü^Programme^Autostart^Logitech Desktop Messenger.lnk]
path=c:\dokumente und einstellungen\admin\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^admin^Startmenü^Programme^Autostart^Logitech SetPoint.lnk]
path=c:\dokumente und einstellungen\admin\Startmenü\Programme\Autostart\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkStartup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Device Detector 3.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Device Detector 3.lnk
backup=c:\windows\pss\Device Detector 3.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Directrec Configuration Tool.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Directrec Configuration Tool.lnk
backup=c:\windows\pss\Directrec Configuration Tool.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^DualCoreCenter.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\DualCoreCenter.lnk
backup=c:\windows\pss\DualCoreCenter.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^Lutz^Startmenü^Programme^Autostart^Logitech SetPoint.lnk]
path=c:\dokumente und einstellungen\Lutz\Startmenü\Programme\Autostart\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveMonitor]
2008-04-30 16:30        498176        ----a-w-        c:\programme\MSI\Live Update 3\LMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-12-03 12:21        2213160        ----a-w-        c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 12:57        153136        ----a-w-        c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-08-04 07:50        966712        ----a-w-        c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37        74752        ----a-w-        c:\programme\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)
"NVSvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\Olympus\\DSSPlayerPro\\DSSPlay.exe"=
"c:\\Programme\\Olympus\\DSSPlayerPro\\DictWnd.exe"=
"c:\\Programme\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Programme\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Programme\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Java\\jre6\\launch4j-tmp\\aTunes.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Soluto\\Soluto.exe"=
"c:\\Programme\\Soluto\\SolutoService.exe"=
"c:\\Programme\\Soluto\\SolutoConsole.exe"=
"c:\\Programme\\Soluto\\SolutoUpdateService.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012/01/10 21:56 51144]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012/02/12 01:15 36000]
R1 uiwbrdr;uiwbrdr;c:\windows\system32\drivers\uiwbrdr.SYS [2008/08/31 16:56 148992]
R2 AntiVirMailService;Avira Email Schutz;c:\programme\Avira\AntiVir Desktop\avmailc.exe [2012/03/20 10:09 342480]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2012/02/12 01:15 86224]
R2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [2012/02/12 01:15 463824]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [2007/09/04 10:14 87344]
R2 SolutoService;Soluto PCGenome Core Service;c:\programme\Soluto\SolutoService.exe [2012/01/25 19:05 547872]
R3 RDID1009;EDIROL UM-1;c:\windows\system32\drivers\Rdwm1009.sys [2008/08/27 15:19 79649]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [2009/08/11 14:18 133104]
S3 ADM851X;Infineon ADM851X USB To Fast Ethernet MII Adapter Driver;c:\windows\system32\drivers\ADM851X.SYS [2008/07/18 21:55 24192]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 DualCoreCenter;DualCoreCenter;c:\programme\MSI\DualCoreCenter\NTGLM7X.sys [2008/07/17 18:15 28160]
S3 GenieTimelineService;Genie Timeline Service;c:\programme\Genie-Soft\Genie Timeline\GenieTimelineService.exe [2011/01/11 16:25 362624]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [2009/08/11 14:18 133104]
S3 RushTopDevice2;RushTopDevice2;c:\programme\MSI\DualCoreCenter\RushTop.sys [2008/07/17 18:15 56320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-03-20 c:\windows\Tasks\GlaryInitialize.job
- c:\programme\Glary Utilities\initialize.exe [2012-01-03 15:09]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-08-11 13:18]
.
2012-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-08-11 13:18]
.
2012-03-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2010-09-28 13:23]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.sweetim.com
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = <local>;*.local
IE: Web-Suche - c:\programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
LSP: c:\programme\FRITZ!DSL\\sarah.dll
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: microsoft.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
TCP: DhcpNameServer = 192.168.178.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\dokumente und einstellungen\Lutz\Anwendungsdaten\Mozilla\Firefox\Profiles\qlsceu4q.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{643DF53E-E483-4C8A-BFC8-296259E5A9A5} - (no file)
BHO-{6941D017-5EF5-4350-A8EE-DF9A3F34B1FB} - (no file)
Toolbar-10 - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-MediaGet2 - c:\dokumente und einstellungen\Lutz\Lokale Einstellungen\Anwendungsdaten\MediaGet2\mediaget.exe
MSConfigStartUp-swg - c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-Adobe Photoshop 5.0 Limited Edition - c:\windows\UNIN0407.EXE
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\programme\DivX\DivXCodecUninstall.exe
AddRemove-{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 - c:\programme\Spybot - Search & Destroy\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-20 22:19
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
.
- - - - - - - > 'lsass.exe'(776)
c:\windows\system32\setupapi.dll
c:\programme\FRITZ!DSL\sarah.dll
c:\programme\FRITZ!DSL\block.dll
c:\programme\Avira\AntiVir Desktop\avsda.dll
c:\windows\system32\psbase.dll
.
- - - - - - - > 'explorer.exe'(3292)
c:\programme\WEB.DE\WEB.DE SmartDrive Manager\ExplorerHook.dll
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\programme\WEB.DE\WEB.DE SmartDrive Manager\SHNDLERS.DLL
c:\windows\system32\ctagent.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\stobject.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\rundll32.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\programme\Olympus\DeviceDetector\DM1Service.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
c:\windows\system32\CTHELPER.EXE
c:\windows\system32\CTXFIHLP.EXE
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-20  22:26:14 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-20 21:26
ComboFix2.txt  2008-07-21 10:02
.
Vor Suchlauf: 22 Verzeichnis(se), 38.347.583.488 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 38.766.841.856 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /3GB /USERVA=2990
.
- - End Of File - - B99A2D1F0C833A76BBED5BEFF65994A5
--- --- ---

markusg 21.03.2012 15:50
öffne malwarebytes, logdateien, alle bisher erstellten logs posten

cucho 21.03.2012 17:32
Hier die insgesamt 6 Logs von Malwarebytes in zeitlicher Reihenfolge:


mbam-log-7-19-2008 (15-09-15)

Code:
Malwarebytes' Anti-Malware 1.21
Datenbank Version: 966
Windows 5.1.2600 Service Pack 3

15:09:15 19.07.2008
mbam-log-7-19-2008 (15-09-15).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 152408
Laufzeit: 55 minute(s), 8 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 5
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{0e64e841-2463-47c9-8797-daf2810bbf61} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0e64e841-2463-47c9-8797-daf2810bbf61} (Trojan.Vundo) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
F:\Dokumente und Einstellungen\lutz\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OSHVEY6I\tbedrs[1].dll (Adware.Shopper) -> Quarantined and deleted successfully.
F:\Programme\Live_TV\tbLiv0.dll (Adware.Shopper) -> Quarantined and deleted successfully.

mbam-log-7-19-2008 (19-27-04)

Code:
Malwarebytes' Anti-Malware 1.21
Datenbank Version: 966
Windows 5.1.2600 Service Pack 3

19:27:04 19.07.2008
mbam-log-7-19-2008 (19-27-04).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 152865
Laufzeit: 55 minute(s), 36 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 4
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

mbam-log-2010-10-19 (17-19-39)

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4880

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.10.2010 17:19:39
mbam-log-2010-10-19 (17-19-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 273107
Laufzeit: 1 Stunde(n), 6 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 60

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095900.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095901.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095902.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095903.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095904.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095905.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095906.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095907.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095908.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095909.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095910.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095911.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095912.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095913.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095914.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095915.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095916.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095895.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095896.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095897.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095898.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095899.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095918.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095921.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095922.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095924.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095925.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095930.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095933.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP628\A0095917.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099331.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099332.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099333.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099334.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099335.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099336.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099337.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099339.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099340.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099341.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099342.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099343.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099344.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099345.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099346.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099347.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099348.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099349.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099350.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099351.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099352.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099353.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099354.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099357.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099358.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099360.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099361.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099366.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099369.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{09D272D5-F9C1-48BE-AEA2-288853A4D338}\RP630\A0099338.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

mbam-log-2011-12-12 (11-26-59)

Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4880

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2011/12/12 11:26:59
mbam-log-2011-12-12 (11-26-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 1
Laufzeit: 2 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

mbam-log-2012-03-20 (15-10-01)

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.20.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lutz :: PC [Administrator]

2012/03/20 15:10:01
mbam-log-2012-03-20 (15-10-01).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214564
Laufzeit: 5 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

mbam-log-2012-03-20 (16-00-06)

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.20.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Lutz :: PC [Administrator]

2012/03/20 16:00:06
mbam-log-2012-03-20 (16-00-06).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214531
Laufzeit: 15 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

markusg 21.03.2012 20:48
bitte den tdss killer nutzen, log posten:
http://www.trojaner-board.de/82358-t...entfernen.html

cucho 28.03.2012 13:28
Log-File tdss-killer
 
Hier der Report von tdss-killer:

Code:
14:22:00.0375 3696        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:22:00.0531 3696        ============================================================
14:22:00.0531 3696        Current date / time: 2012/03/28 14:22:00.0531
14:22:00.0531 3696        SystemInfo:
14:22:00.0531 3696       
14:22:00.0531 3696        OS Version: 5.1.2600 ServicePack: 3.0
14:22:00.0531 3696        Product type: Workstation
14:22:00.0531 3696        ComputerName: PC
14:22:00.0531 3696        UserName: Lutz
14:22:00.0531 3696        Windows directory: C:\WINDOWS
14:22:00.0531 3696        System windows directory: C:\WINDOWS
14:22:00.0531 3696        Processor architecture: Intel x86
14:22:00.0531 3696        Number of processors: 2
14:22:00.0531 3696        Page size: 0x1000
14:22:00.0531 3696        Boot type: Normal boot
14:22:00.0531 3696        ============================================================
14:22:01.0718 3696        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:22:01.0734 3696        \Device\Harddisk0\DR0:
14:22:01.0734 3696        MBR used
14:22:01.0734 3696        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
14:22:01.0781 3696        Initialize success
14:22:01.0781 3696        ============================================================
14:22:04.0203 3196        ============================================================
14:22:04.0203 3196        Scan started
14:22:04.0203 3196        Mode: Manual;
14:22:04.0203 3196        ============================================================
14:22:04.0875 3196        Abiosdsk - ok
14:22:04.0890 3196        abp480n5 - ok
14:22:04.0937 3196        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:22:04.0937 3196        ACPI - ok
14:22:04.0984 3196        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:22:04.0984 3196        ACPIEC - ok
14:22:05.0015 3196        ADM851X        (a1097ab82deab67905ed57d76d6ad60e) C:\WINDOWS\system32\DRIVERS\ADM851X.SYS
14:22:05.0015 3196        ADM851X - ok
14:22:05.0031 3196        adpu160m - ok
14:22:05.0046 3196        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:22:05.0046 3196        aec - ok
14:22:05.0078 3196        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:22:05.0078 3196        AFD - ok
14:22:05.0093 3196        Aha154x - ok
14:22:05.0093 3196        aic78u2 - ok
14:22:05.0093 3196        aic78xx - ok
14:22:05.0125 3196        Alerter        (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll
14:22:05.0156 3196        Alerter - ok
14:22:05.0171 3196        ALG            (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe
14:22:05.0171 3196        ALG - ok
14:22:05.0187 3196        AliIde - ok
14:22:05.0187 3196        amsint - ok
14:22:05.0312 3196        AntiVirMailService (1f0c473ac08e8e46a43df54a54299579) C:\Programme\Avira\AntiVir Desktop\avmailc.exe
14:22:05.0312 3196        AntiVirMailService - ok
14:22:05.0359 3196        AntiVirSchedulerService (b442f2c6e3b9e5f7990f8ba40c6aaff8) C:\Programme\Avira\AntiVir Desktop\sched.exe
14:22:05.0359 3196        AntiVirSchedulerService - ok
14:22:05.0406 3196        AntiVirService  (832dc780fa0699a5197859645d6c4381) C:\Programme\Avira\AntiVir Desktop\avguard.exe
14:22:05.0406 3196        AntiVirService - ok
14:22:05.0453 3196        AntiVirWebService (e6ff8a80e39c94bc2fe5286caf4c0a45) C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
14:22:05.0453 3196        AntiVirWebService - ok
14:22:05.0546 3196        Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:22:05.0546 3196        Apple Mobile Device - ok
14:22:05.0562 3196        AppMgmt - ok
14:22:05.0562 3196        asc - ok
14:22:05.0578 3196        asc3350p - ok
14:22:05.0578 3196        asc3550 - ok
14:22:05.0687 3196        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
14:22:05.0734 3196        aspnet_state - ok
14:22:05.0781 3196        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:22:05.0781 3196        AsyncMac - ok
14:22:05.0796 3196        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:22:05.0796 3196        atapi - ok
14:22:05.0812 3196        Atdisk - ok
14:22:05.0843 3196        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:22:05.0843 3196        Atmarpc - ok
14:22:05.0859 3196        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll
14:22:05.0859 3196        AudioSrv - ok
14:22:05.0906 3196        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:22:05.0906 3196        audstub - ok
14:22:05.0937 3196        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
14:22:05.0937 3196        avgntflt - ok
14:22:05.0968 3196        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
14:22:05.0968 3196        avipbb - ok
14:22:06.0000 3196        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
14:22:06.0000 3196        avkmgr - ok
14:22:06.0031 3196        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:22:06.0031 3196        Beep - ok
14:22:06.0062 3196        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll
14:22:06.0171 3196        BITS - ok
14:22:06.0250 3196        Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Programme\Bonjour\mDNSResponder.exe
14:22:06.0265 3196        Bonjour Service - ok
14:22:06.0265 3196        Browser        (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll
14:22:06.0265 3196        Browser - ok
14:22:06.0281 3196        catchme - ok
14:22:06.0312 3196        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:22:06.0312 3196        cbidf2k - ok
14:22:06.0328 3196        cd20xrnt - ok
14:22:06.0437 3196        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:22:06.0437 3196        Cdaudio - ok
14:22:06.0531 3196        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:22:06.0531 3196        Cdfs - ok
14:22:06.0843 3196        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:22:06.0843 3196        Cdrom - ok
14:22:06.0937 3196        Changer - ok
14:22:06.0968 3196        CiSvc          (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe
14:22:06.0968 3196        CiSvc - ok
14:22:07.0015 3196        ClipSrv        (aa29a9b4b06fbebc5918d697a97a8ac6) C:\WINDOWS\system32\clipsrv.exe
14:22:07.0015 3196        ClipSrv - ok
14:22:07.0109 3196        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:22:07.0171 3196        clr_optimization_v2.0.50727_32 - ok
14:22:07.0171 3196        CmdIde - ok
14:22:07.0187 3196        COMSysApp - ok
14:22:07.0187 3196        Cpqarray - ok
14:22:07.0203 3196        cpuz135 - ok
14:22:07.0250 3196        Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.exe
14:22:07.0250 3196        Creative Service for CDROM Access - ok
14:22:07.0265 3196        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll
14:22:07.0265 3196        CryptSvc - ok
14:22:07.0328 3196        ctac32k        (04a43d6b00bf09b2d5cffcd3c5790741) C:\WINDOWS\system32\drivers\ctac32k.sys
14:22:07.0328 3196        ctac32k - ok
14:22:07.0359 3196        ctaud2k        (f501738d0bf4de69f7307109efa0246c) C:\WINDOWS\system32\drivers\ctaud2k.sys
14:22:07.0359 3196        ctaud2k - ok
14:22:07.0390 3196        ctdvda2k        (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
14:22:07.0406 3196        ctdvda2k - ok
14:22:07.0406 3196        ctprxy2k        (e3aad66077b2594503ab11a31c3d2e7d) C:\WINDOWS\system32\drivers\ctprxy2k.sys
14:22:07.0421 3196        ctprxy2k - ok
14:22:07.0437 3196        ctsfm2k        (72c73af1a60321d7e3aaa61859a32f0b) C:\WINDOWS\system32\drivers\ctsfm2k.sys
14:22:07.0437 3196        ctsfm2k - ok
14:22:07.0437 3196        dac2w2k - ok
14:22:07.0437 3196        dac960nt - ok
14:22:07.0500 3196        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll
14:22:07.0500 3196        DcomLaunch - ok
14:22:07.0515 3196        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll
14:22:07.0515 3196        Dhcp - ok
14:22:07.0562 3196        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:22:07.0562 3196        Disk - ok
14:22:07.0656 3196        DM1Service      (6df5e6c924d83f2e4d3ef24912afcee6) C:\Programme\Olympus\DeviceDetector\DM1Service.exe
14:22:07.0671 3196        DM1Service - ok
14:22:07.0671 3196        dmadmin - ok
14:22:07.0718 3196        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
14:22:07.0734 3196        dmboot - ok
14:22:07.0765 3196        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
14:22:07.0781 3196        dmio - ok
14:22:07.0796 3196        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:22:07.0796 3196        dmload - ok
14:22:07.0828 3196        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll
14:22:07.0828 3196        dmserver - ok
14:22:07.0859 3196        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:22:07.0859 3196        DMusic - ok
14:22:07.0875 3196        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll
14:22:07.0875 3196        Dnscache - ok
14:22:07.0921 3196        Dot3svc        (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll
14:22:07.0921 3196        Dot3svc - ok
14:22:07.0921 3196        dpti2o - ok
14:22:07.0953 3196        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:22:07.0953 3196        drmkaud - ok
14:22:08.0031 3196        DualCoreCenter  (43bdee7869b7eef29fca37a61b8d9e3d) C:\Programme\MSI\DualCoreCenter\NTGLM7X.sys
14:22:08.0031 3196        DualCoreCenter - ok
14:22:08.0062 3196        EapHost        (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll
14:22:08.0062 3196        EapHost - ok
14:22:08.0093 3196        emupia          (bb1d92ac27b6129d3bef215c5a1b9a84) C:\WINDOWS\system32\drivers\emupia2k.sys
14:22:08.0093 3196        emupia - ok
14:22:08.0140 3196        ENTECH          (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
14:22:08.0140 3196        ENTECH - ok
14:22:08.0171 3196        ERSvc          (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll
14:22:08.0171 3196        ERSvc - ok
14:22:08.0218 3196        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
14:22:08.0234 3196        Eventlog - ok
14:22:08.0296 3196        EventSystem    (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll
14:22:08.0296 3196        EventSystem - ok
14:22:08.0328 3196        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:22:08.0328 3196        Fastfat - ok
14:22:08.0375 3196        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:22:08.0375 3196        FastUserSwitchingCompatibility - ok
14:22:08.0390 3196        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:22:08.0390 3196        Fdc - ok
14:22:08.0406 3196        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
14:22:08.0406 3196        Fips - ok
14:22:08.0421 3196        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:22:08.0421 3196        Flpydisk - ok
14:22:08.0437 3196        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:22:08.0453 3196        FltMgr - ok
14:22:08.0546 3196        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:22:08.0546 3196        FontCache3.0.0.0 - ok
14:22:08.0593 3196        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:22:08.0593 3196        Fs_Rec - ok
14:22:08.0593 3196        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:22:08.0609 3196        Ftdisk - ok
14:22:08.0656 3196        GEARAspiWDM    (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:22:08.0656 3196        GEARAspiWDM - ok
14:22:08.0796 3196        GenieTimelineService (4c198c86d2e0c69e1ee7fc8a254ba041) C:\Programme\Genie-Soft\Genie Timeline\GenieTimelineService.exe
14:22:08.0796 3196        GenieTimelineService - ok
14:22:08.0828 3196        giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
14:22:08.0828 3196        giveio - ok
14:22:08.0828 3196        GMSIPCI - ok
14:22:08.0859 3196        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:22:08.0875 3196        Gpc - ok
14:22:08.0984 3196        gupdate        (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
14:22:08.0984 3196        gupdate - ok
14:22:09.0000 3196        gupdatem        (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe
14:22:09.0000 3196        gupdatem - ok
14:22:09.0062 3196        ha20x2k        (b70a5f66a5505da65e54a4c2bab4c78f) C:\WINDOWS\system32\drivers\ha20x2k.sys
14:22:09.0078 3196        ha20x2k - ok
14:22:09.0093 3196        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:22:09.0093 3196        HDAudBus - ok
14:22:09.0140 3196        helpsvc        (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:22:09.0140 3196        helpsvc - ok
14:22:09.0156 3196        HidServ        (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll
14:22:09.0156 3196        HidServ - ok
14:22:09.0203 3196        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:22:09.0203 3196        HidUsb - ok
14:22:09.0250 3196        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll
14:22:09.0250 3196        hkmsvc - ok
14:22:09.0265 3196        hpn - ok
14:22:09.0312 3196        hpqcxs08        (38d6b51f04def7fb248fa56e4c47407e) C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
14:22:09.0312 3196        hpqcxs08 - ok
14:22:09.0328 3196        hpqddsvc        (3ee4a63539ec04ee2d4bd293985087ab) C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
14:22:09.0328 3196        hpqddsvc - ok
14:22:09.0390 3196        HPZid412        (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:22:09.0390 3196        HPZid412 - ok
14:22:09.0453 3196        HPZipr12        (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:22:09.0453 3196        HPZipr12 - ok
14:22:09.0531 3196        HPZius12        (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:22:09.0531 3196        HPZius12 - ok
14:22:09.0609 3196        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:22:09.0609 3196        HTTP - ok
14:22:09.0640 3196        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll
14:22:09.0640 3196        HTTPFilter - ok
14:22:09.0640 3196        i2omgmt - ok
14:22:09.0656 3196        i2omp - ok
14:22:09.0703 3196        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:22:09.0703 3196        i8042prt - ok
14:22:09.0843 3196        idsvc          (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:22:09.0843 3196        idsvc - ok
14:22:09.0921 3196        IGDCTRL        (e28602c9e17b0ddce9f5deb3b3e2a635) C:\Programme\FRITZ!DSL\IGDCTRL.EXE
14:22:09.0921 3196        IGDCTRL - ok
14:22:09.0937 3196        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:22:09.0937 3196        Imapi - ok
14:22:09.0984 3196        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe
14:22:09.0984 3196        ImapiService - ok
14:22:09.0984 3196        ini910u - ok
14:22:10.0140 3196        IntcAzAudAddService (08baf30f6de95814f58af9ce7bbc5614) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:22:10.0187 3196        IntcAzAudAddService - ok
14:22:10.0203 3196        IntelIde - ok
14:22:10.0250 3196        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:22:10.0250 3196        intelppm - ok
14:22:10.0265 3196        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
14:22:10.0281 3196        Ip6Fw - ok
14:22:10.0296 3196        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:22:10.0312 3196        IpFilterDriver - ok
14:22:10.0328 3196        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:22:10.0328 3196        IpInIp - ok
14:22:10.0375 3196        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:22:10.0375 3196        IpNat - ok
14:22:10.0468 3196        iPod Service    (b84a28b3984185eda8867541af14cddb) C:\Programme\iPod\bin\iPodService.exe
14:22:10.0484 3196        iPod Service - ok
14:22:10.0531 3196        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:22:10.0531 3196        IPSec - ok
14:22:10.0562 3196        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:22:10.0562 3196        IRENUM - ok
14:22:10.0593 3196        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:22:10.0593 3196        isapnp - ok
14:22:10.0750 3196        JavaQuickStarterService (0a5709543986843d37a92290b7838340) C:\Programme\Java\jre6\bin\jqs.exe
14:22:10.0750 3196        JavaQuickStarterService - ok
14:22:10.0796 3196        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:22:10.0796 3196        Kbdclass - ok
14:22:10.0796 3196        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:22:10.0796 3196        kbdhid - ok
14:22:10.0843 3196        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:22:10.0843 3196        kmixer - ok
14:22:10.0875 3196        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:22:10.0890 3196        KSecDD - ok
14:22:10.0937 3196        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll
14:22:10.0937 3196        lanmanserver - ok
14:22:10.0984 3196        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll
14:22:10.0984 3196        lanmanworkstation - ok
14:22:10.0984 3196        lbrtfdc - ok
14:22:11.0062 3196        LBTServ        (a0f7dc0080e4f97dc97de08b699e231b) C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe
14:22:11.0062 3196        LBTServ - ok
14:22:11.0078 3196        LHidFilt        (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
14:22:11.0078 3196        LHidFilt - ok
14:22:11.0093 3196        LmHosts        (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll
14:22:11.0093 3196        LmHosts - ok
14:22:11.0109 3196        LMouFilt        (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
14:22:11.0109 3196        LMouFilt - ok
14:22:11.0140 3196        Messenger      (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll
14:22:11.0140 3196        Messenger - ok
14:22:11.0171 3196        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:22:11.0171 3196        mnmdd - ok
14:22:11.0203 3196        mnmsrvc        (0f668a65fde565d0c040fab3b5b6cab6) C:\WINDOWS\system32\mnmsrvc.exe
14:22:11.0203 3196        mnmsrvc - ok
14:22:11.0234 3196        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
14:22:11.0234 3196        Modem - ok
14:22:11.0265 3196        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:22:11.0265 3196        Mouclass - ok
14:22:11.0281 3196        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:22:11.0281 3196        mouhid - ok
14:22:11.0296 3196        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:22:11.0296 3196        MountMgr - ok
14:22:11.0296 3196        mraid35x - ok
14:22:11.0343 3196        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:22:11.0343 3196        MRxDAV - ok
14:22:11.0390 3196        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:22:11.0406 3196        MRxSmb - ok
14:22:11.0437 3196        MSDTC          (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe
14:22:11.0453 3196        MSDTC - ok
14:22:11.0500 3196        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:22:11.0500 3196        Msfs - ok
14:22:11.0500 3196        MSIServer - ok
14:22:11.0531 3196        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:22:11.0546 3196        MSKSSRV - ok
14:22:11.0562 3196        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:22:11.0578 3196        MSPCLOCK - ok
14:22:11.0578 3196        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:22:11.0593 3196        MSPQM - ok
14:22:11.0609 3196        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:22:11.0609 3196        mssmbios - ok
14:22:11.0625 3196        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:22:11.0640 3196        Mup - ok
14:22:11.0687 3196        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll
14:22:11.0687 3196        napagent - ok
14:22:11.0703 3196        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:22:11.0703 3196        NDIS - ok
14:22:11.0734 3196        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:22:11.0734 3196        NdisTapi - ok
14:22:11.0750 3196        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:22:11.0750 3196        Ndisuio - ok
14:22:11.0765 3196        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:22:11.0765 3196        NdisWan - ok
14:22:11.0781 3196        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:22:11.0781 3196        NDProxy - ok
14:22:11.0921 3196        Nero BackItUp Scheduler 3 (c5052fb77aa42ed440f9f6b4e37145a9) C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
14:22:11.0921 3196        Nero BackItUp Scheduler 3 - ok
14:22:11.0937 3196        Net Driver HPZ12 (2969d26eee289be7422aa46fc55f4e38) C:\WINDOWS\system32\HPZinw12.dll
14:22:11.0937 3196        Net Driver HPZ12 - ok
14:22:11.0953 3196        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:22:11.0953 3196        NetBIOS - ok
14:22:11.0968 3196        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:22:11.0968 3196        NetBT - ok
14:22:12.0015 3196        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
14:22:12.0015 3196        NetDDE - ok
14:22:12.0015 3196        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe
14:22:12.0015 3196        NetDDEdsdm - ok
14:22:12.0046 3196        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:22:12.0046 3196        Netlogon - ok
14:22:12.0062 3196        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll
14:22:12.0062 3196        Netman - ok
14:22:12.0187 3196        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:22:12.0187 3196        NetTcpPortSharing - ok
14:22:12.0359 3196        Nla            (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll
14:22:12.0359 3196        Nla - ok
14:22:12.0500 3196        NMIndexingService (74149bcf0307bb76d68c0f8912df731c) C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
14:22:12.0500 3196        NMIndexingService - ok
14:22:12.0546 3196        nmwcd          (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
14:22:12.0546 3196        nmwcd - ok
14:22:12.0578 3196        nmwcdc          (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
14:22:12.0578 3196        nmwcdc - ok
14:22:12.0609 3196        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:22:12.0609 3196        Npfs - ok
14:22:12.0656 3196        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:22:12.0671 3196        Ntfs - ok
14:22:12.0671 3196        NtLmSsp        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:22:12.0671 3196        NtLmSsp - ok
14:22:12.0718 3196        NtmsSvc        (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll
14:22:12.0734 3196        NtmsSvc - ok
14:22:12.0765 3196        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:22:12.0765 3196        Null - ok
14:22:12.0968 3196        nv              (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:22:13.0015 3196        nv - ok
14:22:13.0031 3196        NVSvc          (934833b3cd462a6f8a96f64d024c8b20) C:\WINDOWS\system32\nvsvc32.exe
14:22:13.0031 3196        NVSvc - ok
14:22:13.0093 3196        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:22:13.0093 3196        NwlnkFlt - ok
14:22:13.0125 3196        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:22:13.0125 3196        NwlnkFwd - ok
14:22:13.0281 3196        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
14:22:13.0281 3196        odserv - ok
14:22:13.0312 3196        ose            (5a432a042dae460abe7199b758e8606c) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
14:22:13.0312 3196        ose - ok
14:22:13.0359 3196        ossrv          (594f2968c741ca03e41e57e65f616351) C:\WINDOWS\system32\drivers\ctoss2k.sys
14:22:13.0359 3196        ossrv - ok
14:22:13.0390 3196        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
14:22:13.0390 3196        Parport - ok
14:22:13.0421 3196        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:22:13.0421 3196        PartMgr - ok
14:22:13.0421 3196        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:22:13.0421 3196        ParVdm - ok
14:22:13.0468 3196        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
14:22:13.0468 3196        pccsmcfd - ok
14:22:13.0500 3196        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
14:22:13.0515 3196        PCI - ok
14:22:13.0515 3196        PCIDump - ok
14:22:13.0546 3196        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:22:13.0562 3196        PCIIde - ok
14:22:13.0593 3196        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:22:13.0609 3196        Pcmcia - ok
14:22:13.0609 3196        PDCOMP - ok
14:22:13.0609 3196        PDFRAME - ok
14:22:13.0625 3196        PDRELI - ok
14:22:13.0625 3196        PDRFRAME - ok
14:22:13.0640 3196        perc2 - ok
14:22:13.0640 3196        perc2hib - ok
14:22:13.0671 3196        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe
14:22:13.0671 3196        PlugPlay - ok
14:22:13.0718 3196        Pml Driver HPZ12 (bafc9706bdf425a02b66468ab2605c59) C:\WINDOWS\system32\HPZipm12.dll
14:22:13.0718 3196        Pml Driver HPZ12 - ok
14:22:13.0781 3196        PolicyAgent    (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:22:13.0781 3196        PolicyAgent - ok
14:22:13.0781 3196        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:22:13.0781 3196        PptpMiniport - ok
14:22:13.0796 3196        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:22:13.0796 3196        ProtectedStorage - ok
14:22:13.0796 3196        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:22:13.0796 3196        PSched - ok
14:22:13.0828 3196        PSI_SVC_2      (543a4ef0923bf70d126625b034ef25af) c:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe
14:22:13.0828 3196        PSI_SVC_2 - ok
14:22:13.0828 3196        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:22:13.0828 3196        Ptilink - ok
14:22:13.0859 3196        PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:22:13.0859 3196        PxHelp20 - ok
14:22:13.0875 3196        ql1080 - ok
14:22:13.0875 3196        Ql10wnt - ok
14:22:13.0890 3196        ql12160 - ok
14:22:13.0890 3196        ql1240 - ok
14:22:13.0906 3196        ql1280 - ok
14:22:13.0906 3196        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:22:13.0906 3196        RasAcd - ok
14:22:13.0937 3196        RasAuto        (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll
14:22:13.0937 3196        RasAuto - ok
14:22:13.0968 3196        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:22:13.0968 3196        Rasl2tp - ok
14:22:14.0031 3196        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll
14:22:14.0031 3196        RasMan - ok
14:22:14.0031 3196        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:22:14.0031 3196        RasPppoe - ok
14:22:14.0046 3196        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:22:14.0046 3196        Raspti - ok
14:22:14.0062 3196        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:22:14.0062 3196        Rdbss - ok
14:22:14.0109 3196        RDID1009        (ab4ac4e2a616769b507265059559bb1c) C:\WINDOWS\system32\Drivers\rdwm1009.sys
14:22:14.0109 3196        RDID1009 - ok
14:22:14.0109 3196        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:22:14.0109 3196        RDPCDD - ok
14:22:14.0156 3196        RDPWD          (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
14:22:14.0171 3196        RDPWD - ok
14:22:14.0187 3196        RDSessMgr      (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe
14:22:14.0187 3196        RDSessMgr - ok
14:22:14.0250 3196        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:22:14.0250 3196        redbook - ok
14:22:14.0296 3196        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll
14:22:14.0296 3196        RemoteAccess - ok
14:22:14.0343 3196        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe
14:22:14.0343 3196        RpcLocator - ok
14:22:14.0390 3196        RpcSs          (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll
14:22:14.0406 3196        RpcSs - ok
14:22:14.0468 3196        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe
14:22:14.0468 3196        RSVP - ok
14:22:14.0515 3196        RTLE8023xp      (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:22:14.0515 3196        RTLE8023xp - ok
14:22:14.0640 3196        RushTopDevice2  (45bd1bb88dcbb9ccae8d318a2e2b2e44) C:\Programme\MSI\DualCoreCenter\RushTop.sys
14:22:14.0640 3196        RushTopDevice2 - ok
14:22:14.0671 3196        SamSs          (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe
14:22:14.0671 3196        SamSs - ok
14:22:14.0687 3196        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe
14:22:14.0687 3196        SCardSvr - ok
14:22:14.0734 3196        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll
14:22:14.0734 3196        Schedule - ok
14:22:14.0796 3196        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:22:14.0796 3196        Secdrv - ok
14:22:14.0828 3196        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll
14:22:14.0828 3196        seclogon - ok
14:22:14.0828 3196        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll
14:22:14.0828 3196        SENS - ok
14:22:14.0875 3196        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:22:14.0875 3196        serenum - ok
14:22:14.0921 3196        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
14:22:14.0921 3196        Serial - ok
14:22:15.0015 3196        ServiceLayer    (8c1f87f5fdd92229d1754b98f073913f) C:\Programme\PC Connectivity Solution\ServiceLayer.exe
14:22:15.0015 3196        ServiceLayer - ok
14:22:15.0031 3196        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:22:15.0031 3196        Sfloppy - ok
14:22:15.0062 3196        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll
14:22:15.0062 3196        SharedAccess - ok
14:22:15.0109 3196        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:22:15.0109 3196        ShellHWDetection - ok
14:22:15.0125 3196        Simbad - ok
14:22:15.0171 3196        Soluto          (ff35c2d01ac36b446a1b997f305f0fc2) C:\WINDOWS\system32\DRIVERS\Soluto.sys
14:22:15.0187 3196        Soluto - ok
14:22:15.0296 3196        SolutoService  (a642a3a95c421a1ffded2e906f2a9856) C:\Programme\Soluto\SolutoService.exe
14:22:15.0296 3196        SolutoService - ok
14:22:15.0312 3196        Sparrow - ok
14:22:15.0343 3196        speedfan        (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
14:22:15.0359 3196        speedfan - ok
14:22:15.0359 3196        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:22:15.0375 3196        splitter - ok
14:22:15.0406 3196        Spooler        (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
14:22:15.0406 3196        Spooler - ok
14:22:15.0453 3196        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
14:22:15.0468 3196        sr - ok
14:22:15.0515 3196        srservice      (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll
14:22:15.0515 3196        srservice - ok
14:22:15.0546 3196        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:22:15.0546 3196        Srv - ok
14:22:15.0546 3196        SSDPSRV        (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll
14:22:15.0562 3196        SSDPSRV - ok
14:22:15.0593 3196        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
14:22:15.0593 3196        ssmdrv - ok
14:22:15.0625 3196        StillCam        (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:22:15.0625 3196        StillCam - ok
14:22:15.0671 3196        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll
14:22:15.0671 3196        stisvc - ok
14:22:15.0703 3196        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:22:15.0703 3196        swenum - ok
14:22:15.0718 3196        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:22:15.0718 3196        swmidi - ok
14:22:15.0718 3196        SwPrv - ok
14:22:15.0734 3196        symc810 - ok
14:22:15.0734 3196        symc8xx - ok
14:22:15.0750 3196        sym_hi - ok
14:22:15.0750 3196        sym_u3 - ok
14:22:15.0781 3196        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:22:15.0781 3196        sysaudio - ok
14:22:15.0796 3196        SysmonLog      (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe
14:22:15.0796 3196        SysmonLog - ok
14:22:15.0859 3196        tap0901        (34f1bcb847a924a161422f106a79b9ff) C:\WINDOWS\system32\DRIVERS\tap0901.sys
14:22:15.0859 3196        tap0901 - ok
14:22:15.0906 3196        TapiSrv        (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll
14:22:15.0921 3196        TapiSrv - ok
14:22:15.0984 3196        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:22:15.0984 3196        Tcpip - ok
14:22:16.0015 3196        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:22:16.0015 3196        TDPIPE - ok
14:22:16.0046 3196        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:22:16.0046 3196        TDTCP - ok
14:22:16.0078 3196        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:22:16.0078 3196        TermDD - ok
14:22:16.0093 3196        TermService    (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll
14:22:16.0109 3196        TermService - ok
14:22:16.0156 3196        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll
14:22:16.0156 3196        Themes - ok
14:22:16.0171 3196        TosIde - ok
14:22:16.0218 3196        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll
14:22:16.0218 3196        TrkWks - ok
14:22:16.0265 3196        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:22:16.0265 3196        Udfs - ok
14:22:16.0312 3196        uiwbrdr        (3b92e50b10d2fbf6b5eb7b4ca6f1566f) C:\WINDOWS\system32\DRIVERS\uiwbrdr.sys
14:22:16.0328 3196        uiwbrdr - ok
14:22:16.0328 3196        ultra - ok
14:22:16.0375 3196        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:22:16.0375 3196        Update - ok
14:22:16.0421 3196        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll
14:22:16.0437 3196        upnphost - ok
14:22:16.0484 3196        upperdev        (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
14:22:16.0484 3196        upperdev - ok
14:22:16.0515 3196        UPS            (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe
14:22:16.0515 3196        UPS - ok
14:22:16.0578 3196        USBAAPL        (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:22:16.0593 3196        USBAAPL - ok
14:22:16.0625 3196        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:22:16.0625 3196        usbccgp - ok
14:22:16.0671 3196        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:22:16.0671 3196        usbehci - ok
14:22:16.0687 3196        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:22:16.0687 3196        usbhub - ok
14:22:16.0703 3196        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:22:16.0703 3196        usbprint - ok
14:22:16.0718 3196        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:22:16.0718 3196        usbscan - ok
14:22:16.0750 3196        usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
14:22:16.0750 3196        usbser - ok
14:22:16.0765 3196        UsbserFilt      (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
14:22:16.0765 3196        UsbserFilt - ok
14:22:16.0796 3196        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:22:16.0796 3196        USBSTOR - ok
14:22:16.0843 3196        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:22:16.0843 3196        usbuhci - ok
14:22:16.0859 3196        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:22:16.0859 3196        VgaSave - ok
14:22:16.0859 3196        ViaIde - ok
14:22:16.0875 3196        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
14:22:16.0875 3196        VolSnap - ok
14:22:16.0937 3196        VSS            (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe
14:22:16.0937 3196        VSS - ok
14:22:16.0953 3196        W32Time        (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll
14:22:16.0953 3196        W32Time - ok
14:22:16.0968 3196        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:22:16.0968 3196        Wanarp - ok
14:22:17.0031 3196        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:22:17.0031 3196        Wdf01000 - ok
14:22:17.0031 3196        WDICA - ok
14:22:17.0046 3196        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:22:17.0046 3196        wdmaud - ok
14:22:17.0062 3196        WebClient      (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll
14:22:17.0062 3196        WebClient - ok
14:22:17.0125 3196        winmgmt        (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll
14:22:17.0125 3196        winmgmt - ok
14:22:17.0171 3196        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
14:22:17.0171 3196        WmdmPmSN - ok
14:22:17.0203 3196        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:22:17.0203 3196        WmiApSrv - ok
14:22:17.0296 3196        WMPNetworkSvc  (bf05650bb7df5e9ebdd25974e22403bb) C:\Programme\Windows Media Player\WMPNetwk.exe
14:22:17.0296 3196        WMPNetworkSvc - ok
14:22:17.0343 3196        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:22:17.0343 3196        WS2IFSL - ok
14:22:17.0390 3196        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll
14:22:17.0390 3196        wscsvc - ok
14:22:17.0421 3196        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll
14:22:17.0453 3196        wuauserv - ok
14:22:17.0531 3196        WudfPf          (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:22:17.0531 3196        WudfPf - ok
14:22:17.0578 3196        WudfRd          (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:22:17.0578 3196        WudfRd - ok
14:22:17.0609 3196        WudfSvc        (ddee3682fe97037c45f4d7ab467cb8b6) C:\WINDOWS\System32\WUDFSvc.dll
14:22:17.0609 3196        WudfSvc - ok
14:22:17.0671 3196        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll
14:22:17.0671 3196        WZCSVC - ok
14:22:17.0703 3196        xmlprov        (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll
14:22:17.0703 3196        xmlprov - ok
14:22:17.0718 3196        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
14:22:17.0859 3196        \Device\Harddisk0\DR0 - ok
14:22:17.0859 3196        Boot (0x1200)  (1f5e9aebbd320bfb85bd4ebc07f8a1a5) \Device\Harddisk0\DR0\Partition0
14:22:17.0859 3196        \Device\Harddisk0\DR0\Partition0 - ok
14:22:17.0859 3196        ============================================================
14:22:17.0859 3196        Scan finished
14:22:17.0859 3196        ============================================================
14:22:17.0875 0236        Detected object count: 0
14:22:17.0875 0236        Actual detected object count: 0
P. S.: Die Fehlumleitung hat schon seit Tagen nicht mehr stattgefunden. Vielleicht liegt es daran, dass mit Malwarebytes, Avira Antivirus Premium etc. eine Säuberung stattgefunden hat.

markusg 28.03.2012 15:34
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI371A~1\Datamngr\ToolBar\searchqudtx.dll File not found
[2012/01/02 11:08:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutz\Anwendungsdaten\searchqutoolbar
 :Files
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:01 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131