| Xanadu17 | 20.06.2012 23:39 |
Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35
Hallo!
Wie es ausschaut, habe ich mir zum ersten Mal ein paar Trojaner eingefangen :eek:. Ich bitte um eure Unterstützung! Ich hoffe, ihr könnt mir da weiterhelfen, ohne dass ich den Rechner neu aufsetzten muss.
Ich habe bisher lediglich versucht das Zeug mit Avira zu löschen (hat natürlich nicht funktioniert und die Meldung kommt immer wieder) und dann alle Scans gemacht, die ich lt. dieser Seite als Hilfesuchende laufen lassen soll.
Hier sind die log Ausgaben...
Malwarebytes: Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org
Datenbank Version: v2012.06.20.05
Windows Vista x86 NTFS
Internet Explorer 8.0.6001.18904
Yyy :: Xxx-Yyy [Administrator]
Schutz: Aktiviert
20.06.2012 20:59:06
mbam-log-2012-06-20 (20-59-06).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222363
Laufzeit: 7 Minute(n), 32 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Yyy\AppData\Local\{5688662e-4c7d-ace4-7703-2c3917704c0a}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 4
C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\n (Trojan.Dropper.PE4) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\00000001.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\80000000.@ (Trojan.Sirefef) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
OTL: Code:
OTL logfile created on: 20.06.2012 22:01:49 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Yyy\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,26% Memory free
6,19 Gb Paging File | 5,14 Gb Available in Paging File | 82,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 45,79 Gb Free Space | 30,92% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 44,10 Gb Free Space | 60,36% Space Free | Partition Type: NTFS
Computer Name: Xxx-Yyy | User Name: Yyy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.20 21:49:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Yyy\Desktop\OTL.exe
PRC - [2012.05.08 21:16:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:16:28 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012.05.08 21:16:28 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 21:16:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 21:16:28 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.07.29 11:30:30 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
========== Modules (No Company Name) ==========
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (LiveUpdate Notice Ex)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012.06.19 15:02:44 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.14 09:03:30 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.08 21:16:29 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:16:28 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.08 21:16:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.07.29 11:30:30 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010.10.02 20:31:14 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.07.27 14:46:08 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.01.29 18:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.09.03 17:01:50 | 000,053,248 | ---- | M] () [Auto | Stopped] -- C:\Programme\C&E\OSD\OsdService\OsdService.exe -- (OsdService)
SRV - [2007.06.04 15:20:38 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Programme\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe -- (FSCLBaseUpdaterService)
SRV - [2006.12.08 10:52:04 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.05.08 21:16:29 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 21:16:29 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.03 15:42:30 | 000,194,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011.01.30 18:19:00 | 000,073,216 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.02.22 10:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.03.03 01:20:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008.05.16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.05.13 22:42:50 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv07.sys -- (acedrv07)
DRV - [2008.05.13 22:42:50 | 000,099,840 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv06.sys -- (acedrv06)
DRV - [2008.05.13 22:42:50 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv05.sys -- (acedrv05)
DRV - [2008.05.13 22:42:50 | 000,097,280 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv04.sys -- (acedrv04)
DRV - [2008.05.13 22:42:50 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv03.sys -- (acedrv03)
DRV - [2008.05.13 22:42:50 | 000,097,280 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv02.sys -- (acedrv02)
DRV - [2008.05.13 22:42:50 | 000,093,696 | ---- | M] (ACE GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv01.sys -- (acedrv01)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.09.04 16:20:00 | 000,005,120 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Programme\C&E\OSD\OsdService\cebuffer.sys -- (CEBFilter)
DRV - [2007.08.31 16:18:06 | 000,004,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Programme\C&E\OSD\OsdService\ceio.sys -- (CEIO)
DRV - [2007.08.31 14:22:26 | 000,007,168 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Programme\C&E\OSD\OsdService\kbfiltr.sys -- (cKBFilter)
DRV - [2007.08.13 04:48:45 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2007.07.27 12:46:06 | 000,251,680 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acehlp10.sys -- (acehlp10)
DRV - [2007.07.27 10:13:08 | 000,330,144 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV10.sys -- (acedrv10)
DRV - [2007.07.19 01:31:00 | 007,599,776 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2007.06.01 17:10:38 | 000,753,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.04 05:57:00 | 000,046,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.04.03 14:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM)
DRV - [2007.04.03 14:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007.04.03 14:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS)
DRV - [2007.04.03 14:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM)
DRV - [2007.04.03 14:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007.04.03 14:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007.04.03 14:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV - [2007.02.25 06:14:00 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.01.30 09:31:52 | 000,210,224 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2006.11.30 16:14:14 | 000,086,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45obex.sys -- (se45obex)
DRV - [2006.11.30 16:14:10 | 000,088,624 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45mgmt.sys -- (se45mgmt) Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM)
DRV - [2006.11.30 16:14:04 | 000,097,088 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45mdm.sys -- (se45mdm)
DRV - [2006.11.30 16:14:04 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45mdfl.sys -- (se45mdfl)
DRV - [2006.11.30 16:13:56 | 000,061,536 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\se45bus.sys -- (se45bus) Sony Ericsson Device 069 driver (WDM)
DRV - [2006.11.22 18:35:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.10.18 13:20:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2004.11.01 10:21:00 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2003.07.19 02:44:24 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\Windows\System32\MLPTDR_N.SYS -- (MLPTDR_N)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found
IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\SearchScopes\{0C3EE466-DEDE-48CE-8642-871CC13285C1}: "URL" = hxxp://at.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4}: "URL" = hxxp://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FUJC_deAT274
IE - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.21 00:49:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.06.04 16:56:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.06.04 16:56:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.19 15:02:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.19 22:29:46 | 000,000,000 | ---D | M]
[2009.03.18 18:59:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yyy\AppData\Roaming\mozilla\Extensions
[2012.06.20 20:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yyy\AppData\Roaming\mozilla\Firefox\Profiles\dnzu70z5.default\extensions
[2010.07.12 21:00:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Yyy\AppData\Roaming\mozilla\Firefox\Profiles\dnzu70z5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.06.20 20:35:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yyy\AppData\Roaming\mozilla\Firefox\Profiles\dnzu70z5.default\extensions\staged
[2012.06.19 22:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.04 19:09:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2009.07.13 14:41:31 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2012.06.19 22:29:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2009.07.13 14:41:31 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2012.06.19 15:02:45 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.04 11:41:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 11:41:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.04 11:41:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 11:41:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 11:41:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 11:41:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Yyy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Yyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: DealPly = C:\Users\Yyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Skype Click to Call = C:\Users\Yyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Yyy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2010.08.08 22:49:08 | 000,416,711 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 14387 more lines...
O2 - BHO: (no name) - {0124123D-61B4-456f-AF86-78C53A0790C5} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Programme\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001..\Run: [Sony Ericsson PC Companion] C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson)
O4 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3297879213-1466515357-504000937-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1F9BFDFE-AB51-4AB8-A3C3-7450B4DC52EB}: NameServer = 194.48.139.254 194.48.124.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33B07121-57B2-451B-837B-967DDE722538}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D62DC27A-EEEE-48F2-9E08-316F68CE0912}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1307a9f0-1b95-11dd-804c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1307a9f0-1b95-11dd-804c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{546d1e01-4a2e-11de-ba50-00030d8964ea}\Shell - "" = AutoRun
O33 - MountPoints2\{546d1e01-4a2e-11de-ba50-00030d8964ea}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{855f44d4-dd03-11dd-a813-00030d8964ea}\Shell - "" = AutoRun
O33 - MountPoints2\{855f44d4-dd03-11dd-a813-00030d8964ea}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b61f8bd5-da69-11dd-ade5-00030d8964ea}\Shell - "" = AutoRun
O33 - MountPoints2\{b61f8bd5-da69-11dd-ade5-00030d8964ea}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{bc853a65-1b9e-11dd-9b88-00030d8964ea}\Shell - "" = AutoRun
O33 - MountPoints2\{bc853a65-1b9e-11dd-9b88-00030d8964ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bc853a7d-1b9e-11dd-9b88-00030d8964ea}\Shell - "" = AutoRun
O33 - MountPoints2\{bc853a7d-1b9e-11dd-9b88-00030d8964ea}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e9154fcc-da68-11dd-aadd-00030d8964ea}\Shell - "" = AutoRun
O33 - MountPoints2\{e9154fcc-da68-11dd-aadd-00030d8964ea}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{ef3dfb8d-2bfc-11e1-a279-00030d8964ea}\Shell - "" = AutoRun
O33 - MountPoints2\{ef3dfb8d-2bfc-11e1-a279-00030d8964ea}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.06.20 21:49:01 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Yyy\Desktop\OTL.exe
[2012.06.20 20:56:19 | 000,000,000 | ---D | C] -- C:\Users\Yyy\AppData\Roaming\Malwarebytes
[2012.06.20 20:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.20 20:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.20 20:56:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.20 20:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.20 20:44:33 | 000,000,000 | ---D | C] -- C:\Users\Yyy\AppData\Roaming\SUPERAntiSpyware.com
[2012.06.20 20:44:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.06.20 20:44:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.06.20 20:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.06.20 20:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.06.20 20:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012.06.14 09:06:57 | 000,000,000 | ---D | C] -- C:\Users\Yyy\AppData\Local\Macromedia
[2012.06.09 13:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\mquadr.at
[2012.06.09 13:35:34 | 000,114,688 | ---- | C] (ZTE Corporation) -- C:\Windows\System32\drivers\ZTEusbnet.sys
[2012.06.09 13:35:34 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2012.06.09 13:35:34 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2012.06.09 13:35:34 | 000,105,856 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2012.06.09 13:35:34 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2012.06.09 13:34:56 | 000,235,392 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2012.06.09 13:34:56 | 000,194,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2012.06.09 13:34:56 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2012.06.09 13:34:56 | 000,090,368 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2012.06.09 13:34:56 | 000,073,216 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2012.06.09 13:34:56 | 000,064,384 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2012.06.09 13:34:56 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2012.06.09 13:34:56 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2012.06.09 13:34:56 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2012.06.09 13:34:56 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2012.06.09 13:34:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\{7DECD834-973E-4B75-9B37-79105C3EA3B6}
[2012.06.09 13:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\bob internet
[2012.06.09 13:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bob
[2012.06.09 13:33:51 | 000,000,000 | ---D | C] -- C:\Users\Yyy\AppData\Local\PackageAware
[2012.06.04 16:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012.06.04 16:56:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2012.06.04 16:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.06.04 16:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.06.04 16:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2012.06.04 16:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2012.06.04 16:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2012.06.04 16:55:23 | 000,000,000 | ---D | C] -- C:\Users\Yyy\AppData\Roaming\HpUpdate
[2012.06.04 16:54:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012.06.04 16:53:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012.06.04 16:53:28 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012.06.04 16:53:06 | 000,000,000 | ---D | C] -- C:\Users\Yyy\AppData\Local\HP
========== Files - Modified Within 30 Days ==========
[2012.06.20 21:57:08 | 000,041,320 | ---- | M] () -- C:\Users\Yyy\AppData\Roaming\nvModes.001
[2012.06.20 21:56:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.20 21:52:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 21:52:56 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.20 21:52:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.20 21:49:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Yyy\Desktop\OTL.exe
[2012.06.20 21:36:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.20 21:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.20 21:15:21 | 000,000,000 | ---- | M] () -- C:\Users\Yyy\defogger_reenable
[2012.06.20 20:41:52 | 000,000,905 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.06.20 17:04:09 | 000,000,976 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN1691P3Z005QV.job
[2012.06.19 22:31:37 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47C141B7-ACFC-4E6A-A205-73B88EBB6936}.job
[2012.06.19 18:01:26 | 000,041,320 | ---- | M] () -- C:\Users\Yyy\AppData\Roaming\nvModes.dat
[2012.06.19 14:44:38 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.19 14:44:38 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.19 14:44:38 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.19 14:44:38 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.16 14:11:51 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.06.12 08:30:07 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.06.09 13:35:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012.06.09 13:35:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012.06.09 13:34:11 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\bob internet.lnk
[2012.06.04 16:55:29 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012.06.04 16:54:54 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk
[2012.06.04 16:54:54 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Deskjet 2050 J510 series.lnk
[2012.06.04 16:54:54 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk
========== Files Created - No Company Name ==========
[2012.06.20 21:57:40 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\800000cb.@
[2012.06.20 21:57:40 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\80000000.@
[2012.06.20 21:57:39 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\U\00000001.@
[2012.06.20 21:15:21 | 000,000,000 | ---- | C] () -- C:\Users\Yyy\defogger_reenable
[2012.06.20 20:41:52 | 000,000,905 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.06.20 20:41:52 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012.06.20 20:40:04 | 000,001,790 | ---- | C] () -- C:\Users\Yyy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2012.06.09 13:35:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012.06.09 13:35:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012.06.09 13:35:06 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2012.06.09 13:34:56 | 000,012,997 | ---- | C] () -- C:\Windows\System32\drivers\mod7700.inf
[2012.06.09 13:34:11 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\bob internet.lnk
[2012.06.04 16:58:44 | 000,000,976 | ---- | C] () -- C:\Windows\tasks\hpwebreg_CN1691P3Z005QV.job
[2012.06.04 16:56:37 | 000,001,247 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Default Manager.lnk
[2012.06.04 16:55:29 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2012.06.04 16:54:54 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk
[2012.06.04 16:54:54 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Zubehör einkaufen - HP Deskjet 2050 J510 series.lnk
[2012.06.04 16:54:54 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk
[2011.05.10 02:06:27 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.05.10 01:55:19 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.06.22 21:56:02 | 000,000,680 | ---- | C] () -- C:\Users\Yyy\AppData\Local\d3d9caps.dat
[2006.11.02 10:31:23 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5688662e-4c7d-ace4-7703-2c3917704c0a}\@
[2006.11.02 10:31:23 | 000,002,048 | -HS- | C] () -- C:\Users\Yyy\AppData\Local\{5688662e-4c7d-ace4-7703-2c3917704c0a}\@
========== LOP Check ==========
[2009.01.06 23:45:05 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\3DataManager
[2010.10.02 23:01:48 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\Autodesk
[2009.01.04 16:14:31 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\Bytemobile
[2008.11.21 14:50:20 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\Canon
[2010.07.22 20:34:38 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\DirektFotoSystem3
[2008.11.19 17:20:32 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\GARMIN
[2010.07.30 14:29:34 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\HappyFoto
[2010.08.12 19:39:13 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\OpenOffice.org
[2011.12.21 22:35:56 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\Sony
[2009.06.28 22:08:17 | 000,000,000 | ---D | M] -- C:\Users\Yyy\AppData\Roaming\Teleca
[2009.07.27 20:04:58 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Autodesk
[2009.01.04 20:03:17 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Bytemobile
[2011.05.10 02:06:41 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\CAD-KAS
[2011.08.01 22:09:42 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Canon
[2010.07.27 21:39:57 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DirektFotoSystem3
[2011.05.10 10:02:43 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\gtk-2.0
[2011.02.21 13:51:27 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\HappyFoto
[2010.07.26 14:42:19 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\OpenOffice.org
[2009.07.28 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Teleca
[2009.07.02 16:49:55 | 000,000,460 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.06.20 21:51:52 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.06.19 22:31:37 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{47C141B7-ACFC-4E6A-A205-73B88EBB6936}.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 744 bytes -> C:\Users\Yyy\Documents\Unfall in Freistadt.eml:OECustomProperty
@Alternate Data Stream - 680 bytes -> C:\Users\Yyy\Documents\Unfallfotos.eml:OECustomProperty
< End of report >
Extra (OTL): Code:
OTL Extras logfile created on: 20.06.2012 22:01:49 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\Yyy\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 65,26% Memory free
6,19 Gb Paging File | 5,14 Gb Available in Paging File | 82,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,10 Gb Total Space | 45,79 Gb Free Space | 30,92% Space Free | Partition Type: NTFS
Drive D: | 73,07 Gb Total Space | 44,10 Gb Free Space | 60,36% Space Free | Partition Type: NTFS
Computer Name: Xxx-Yyy | User Name: Yyy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Media Markt Bilderservice] -- "C:\Program Files\Media Markt\Media Markt Bilderservice\Media Markt Bilderservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07B22FB1-6A1E-41E7-8323-A9CA716026ED}" = bob internet
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{10010089-120F-4B71-A245-261A11D234FF}" = Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1E105942-593C-4C48-AB3D-BEC2124F5FCE}" = Garmin City Navigator Europe NT 2008
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25DE52ED-9E51-4C50-AE16-E258836ADF83}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3A7BF905-F37D-4DFB-8308-EC3AA4617B36}" = Garmin Communicator Plugin
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{4EF8BE6A-899C-4196-94E7-297C5F7A203E}" = pdfforge Toolbar v1.1
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-0101-0407-0002-0060B0CE6BBA}" = AutoCAD 2002 - Deutsch
"{5783F2D7-7001-0407-0002-0060B0CE6BBA}" = AutoCAD 2009 - Deutsch
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{99D328E0-51DE-465E-9307-B85CA9511031}" = Nero 7 Essentials
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B804C424-B66D-447A-84BD-C6B88C392C3A}" = PowerDV
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"3D Traumhaus Designer Comfort 8_is1" = DATA BECKER 3D Traumhaus Designer Comfort 8
"446832_R1" = DATA BECKER 3D TraumhausDesigner 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AutoCAD 2009 - Deutsch" = AutoCAD 2009 - Deutsch
"Avira AntiVir Desktop" = Avira Free Antivirus
"bob internet" = bob internet
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CCleaner" = CCleaner (remove only)
"Clickster1633" = Clickster
"DealPly" = DealPly
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"DivX Setup" = DivX Setup
"EOS USB WIA Driver" = EOS USB WIA Driver
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESC86 Softwarehandbuch" = ESC86 Softwarehandbuch
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GSview 4.9" = GSview 4.9
"HF_Bestellassistent" = HappyFoto Bestellassistent (nur entfernen)
"HP Photo Creations" = HP Photo Creations
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"KONICA MINOLTA PagePro 1300W" = KONICA MINOLTA PagePro 1300W
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Media Markt Bilderservice" = Media Markt Bilderservice
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"Samsung CLP-310 Series" = Samsung CLP-310 Series
"Secunia PSI" = Secunia PSI (2.0.0.4002)
"SMSERIAL" = Motorola SM56 Data Fax Modem
"TeXnicCenter_is1" = TeXnicCenter Version 1 Beta 7.01 (Greengrass)
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR
"WunschhausPlus.Exe" = WunschhausPlus
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3297879213-1466515357-504000937-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"sc10-ORF_MAIN" = ORF-Ski Challenge 2010
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.06.2012 10:46:07 | Computer Name = Xxx-Yyy | Source = WerSvc | ID = 5007
Description =
Error - 19.06.2012 08:40:39 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.06.2012 08:44:37 | Computer Name = Xxx-Yyy | Source = WerSvc | ID = 5007
Description =
Error - 20.06.2012 02:48:05 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2012 03:01:08 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2012 06:33:25 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2012 06:37:51 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2012 07:30:54 | Computer Name = Xxx-Yyy | Source = WerSvc | ID = 5007
Description =
Error - 20.06.2012 15:55:26 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 20.06.2012 15:56:47 | Computer Name = Xxx-Yyy | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
[ Media Center Events ]
Error - 31.01.2010 14:58:43 | Computer Name = Xxx-Yyy | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7002
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7023
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7000
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7003
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7003
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7001
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7034
Description =
Error - 20.06.2012 15:54:22 | Computer Name = Xxx-Yyy | Source = Service Control Manager | ID = 7026
Description =
Error - 20.06.2012 15:55:26 | Computer Name = Xxx-Yyy | Source = WMPNetworkSvc | ID = 866293
Description =
Error - 20.06.2012 15:56:47 | Computer Name = Xxx-Yyy | Source = WMPNetworkSvc | ID = 866293
Description =
< End of report >
Defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:15 on 20/06/2012 (Yyy)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Gmer: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-20 23:39:56
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0
Running: wter6vr5.exe; Driver: C:\Users\Yyy\AppData\Local\Temp\pgrdapod.sys
---- System - GMER 1.0.15 ----
SSDT 8F61D06C ZwClose
SSDT 8F61D076 ZwCreateSection
SSDT 8F61D067 ZwDuplicateObject
SSDT 8F61D008 ZwOpenProcess
SSDT 8F61D00D ZwOpenThread
SSDT 8F61D080 ZwRequestWaitReplyPort
SSDT 8F61D07B ZwSetContextThread
SSDT 8F61D085 ZwSetSecurityObject
SSDT 8F61D08A ZwSystemDebugControl
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x903C7640]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 5B0 82481034 2 Bytes [08, D0] {OR AL, DL}
.text ntkrnlpa.exe!ZwCallbackReturn + 5CC 82481050 2 Bytes [0D, D0]
.text ntkrnlpa.exe!ZwCallbackReturn + 73C 824811C0 2 Bytes [7B, D0] {JNP 0xffffffffffffffd2}
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8EEC0380, 0x3559E2, 0xE8000020]
.reloc C:\Windows\system32\drivers\acehlp10.sys section is executable [0x8EC13B80, 0x37FC7, 0xE0000060]
.text C:\Windows\system32\drivers\acedrv01.sys section is writeable [0x81570000, 0x2E0F4, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv01.sys entry point in ".pklstb" section [0x815AF000]
.relo2 C:\Windows\system32\drivers\acedrv01.sys unknown last section [0x815C9000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\acedrv02.sys section is writeable [0x81511000, 0x303A4, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv02.sys entry point in ".pklstb" section [0x81553000]
.relo2 C:\Windows\system32\drivers\acedrv02.sys unknown last section [0x8156E000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\acedrv03.sys section is writeable [0x814B2000, 0x303A4, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv03.sys entry point in ".pklstb" section [0x814F4000]
.relo2 C:\Windows\system32\drivers\acedrv03.sys unknown last section [0x8150F000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\acedrv04.sys section is writeable [0x81453000, 0x303A4, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv04.sys entry point in ".pklstb" section [0x81495000]
.relo2 C:\Windows\system32\drivers\acedrv04.sys unknown last section [0x814B0000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\acedrv05.sys section is writeable [0x9C222000, 0x30A4A, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv05.sys entry point in ".pklstb" section [0x9C264000]
.relo2 C:\Windows\system32\drivers\acedrv05.sys unknown last section [0x9C27F000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\acedrv06.sys section is writeable [0x9C671000, 0x319AA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv06.sys entry point in ".pklstb" section [0x9C6B4000]
.relo2 C:\Windows\system32\drivers\acedrv06.sys unknown last section [0x9C6CF000, 0x8E, 0x42000040]
.text C:\Windows\system32\drivers\acedrv07.sys section is writeable [0x9C60F000, 0x328BA, 0xE8000020]
.pklstb C:\Windows\system32\drivers\acedrv07.sys entry point in ".pklstb" section [0x9C653000]
.relo2 C:\Windows\system32\drivers\acedrv07.sys unknown last section [0x9C66F000, 0x8E, 0x42000040]
.reloc C:\Windows\system32\drivers\acedrv10.sys section is executable [0xA1B29000, 0x459C1, 0xE0000060]
---- User code sections - GMER 1.0.15 ----
? C:\Windows\system32\services.exe[664] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 kbfiltr.sys
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d07c1a
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d14562
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d14562@001b59516349 0x7E 0x55 0xAF 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d14562@0016202e4662 0x1A 0xDA 0xD6 0xC8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d07c1a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d14562 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d14562@001b59516349 0x7E 0x55 0xAF 0x84 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060d14562@0016202e4662 0x1A 0xDA 0xD6 0xC8 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy252.gthr
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber 252
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@CheckPointSignature 8915be16-cc9e-42a7-8a53-c48a9c3019e7
---- EOF - GMER 1.0.15 ----
Ich hoffe, ich habe alles so weit richtig gemacht. Lässt sich da noch was richten?
Schöne Grüße,
Xanadu |
