Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   BKA Trojaner (https://www.trojaner-board.de/124567-bka-trojaner.html)

tn1982 23.09.2012 14:01
BKA Trojaner
 
Hallo Forum,

wir haben uns auch den BKA-Trojaner eingefangen.

Windows Vista Home Premium 23bit

Wie beschrieben, habe ich folgende Arbeiten bereits durchgeführte:
-Malwarebytes Antimalware (Windows kann wieder geladen werden)
-defogger
-oldtimer
-gmer

Die Logdateien füge ich bei.

Für weitere Hilfe wäre ich sehr dankbar.

Norbert

cosinus 23.09.2012 15:40
Zitat:
-Malwarebytes Antimalware (Windows kann wieder geladen werden)
Ohne die Logs von Malwarebytes und Co wird das hier nichts. :glaskugel:
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

tn1982 23.09.2012 16:50
Sorry und vielen Dank schon mal.

Antimalware
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.20.07

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 7.0.6001.18000
Katrin :: KATRIN-PC [Administrator]

21.09.2012 06:24:54
mbam-log-2012-09-21 (06-24-54).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 484761
Laufzeit: 1 Stunde(n), 23 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|zwelokabrqhvmus (Trojan.Winlock) -> Daten: C:\ProgramData\zwelokab.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://fullarticles.net) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\ProgramData\zwelokab.exe (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Katrin\rnd0312.tmp (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Katrin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MSZE2LB\load_207[1].exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Katrin\AppData\Local\Temp\wpbt0.dll (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Katrin\Downloads\facebook-pic000163927.exe (Trojan.IrcBrute) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Temp\temp9872.exe (Trojan.Dropper) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
extras.txt
OTL Logfile:
Code:
OTL Extras logfile created on: 23.09.2012 12:17:04 - Run 1
OTL by OldTimer - Version 3.2.66.0    Folder = C:\Users\Katrin\Desktop\Trojaner
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 45,25% Memory free
6,14 Gb Paging File | 4,59 Gb Available in Paging File | 74,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,49 Gb Total Space | 120,32 Gb Free Space | 41,85% Space Free | Partition Type: NTFS
Drive D: | 10,60 Gb Total Space | 1,78 Gb Free Space | 16,83% Space Free | Partition Type: NTFS
 
Computer Name: KATRIN-PC | User Name: Katrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{725A7B2C-FF15-4DA5-A160-A1F625ED86F4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E89B5209-FECE-4B97-911A-6F0720C9BE6C}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0345F987-C892-4EA9-9F82-9F26BBC7F882}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{233CE956-7779-4C56-A0BC-F985ECB580F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3148F3B7-A186-41C9-893C-C4BA693B8A83}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{32F7BA26-A5D4-41FF-8BC7-3C569D96040C}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{36878D12-8CF1-41FE-8839-337B68827A64}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{541673A0-8CE8-4A2B-A93D-DD1B6683EE52}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5DB4DAA6-B79A-43D3-ACBD-3D0D4F104F57}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{5E17F1CF-075C-43B9-916D-A5E2766F734C}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{6A08CA39-CE96-43EE-8F4A-D83FAD27C7F5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{77C09D98-CC7B-48D6-B184-A94A6980A6C0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{959AABB2-2D4A-4835-B206-7B0DC96426EE}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{99716EDF-2DD0-45D0-894D-8CAC19221A58}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{A2636342-6B7C-40C0-B269-46F71553C319}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3A382CF-3FAB-4ACD-8741-DA57C01D19CF}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{A980EF46-D880-46E0-BD96-B32570BAE3E1}" = dir=in | app=c:\users\katrin\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{ABAF1883-A5CF-463B-877F-1FA5B94D6D72}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{BD3B59A2-37D2-404C-B03F-34519B28DBB8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDA830E5-6F95-46E0-A1AA-7F0B22BC9CD4}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C89ED258-C583-4D57-A0F1-D6490BD74615}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe |
"{C9E107E6-99AC-45F3-8202-51CF56798A49}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{E0D44D2A-9F48-46A6-9B07-B7AC9BF1E4B6}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"{E3A2FEAE-0AFA-40AC-8FD4-71E82D111F20}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |
"{EAEFE58F-F523-4AA8-B0C1-986885B938C2}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{F8256AE2-6A76-4B78-AEC3-6AA287CD887F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB8E3238-F855-495D-A271-5620ABE81FB3}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07A5026D-5F9F-43D1-9073-C2F882D417E7}" = HP User Guides 0128
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A2000AF-79DE-47FB-8411-BA22F981917F}" = Tropico 2: Die Pirateninsel
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ECEE0279-785F-4CB3-9F28-E69813234BF8}" = SPORE Creature Creator Trial Edition
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"7DE39862CC26DCE2446838AAF7CD5C163F835A57" = Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Europa-Führerschein" = Europa-Führerschein
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.1.0
"Free YouTube Download_is1" = Free YouTube Download version 3.0.13.815
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.01.2011 08:56:52 | Computer Name = Katrin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64805249
 
Error - 20.01.2011 08:56:58 | Computer Name = Katrin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.01.2011 08:56:58 | Computer Name = Katrin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64811489
 
Error - 20.01.2011 08:56:58 | Computer Name = Katrin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64811489
 
Error - 20.01.2011 08:56:59 | Computer Name = Katrin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.01.2011 08:56:59 | Computer Name = Katrin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64812878
 
Error - 20.01.2011 08:56:59 | Computer Name = Katrin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64812878
 
Error - 20.01.2011 08:57:01 | Computer Name = Katrin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.01.2011 08:57:01 | Computer Name = Katrin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64815202
 
Error - 20.01.2011 08:57:01 | Computer Name = Katrin-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64815202
 
[ OSession Events ]
Error - 10.05.2011 12:42:07 | Computer Name = Katrin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1106 seconds with 720 seconds of active time.  This session ended with a
crash.
 
[ System Events ]
Error - 20.09.2012 21:11:39 | Computer Name = Katrin-PC | Source = DCOM | ID = 10005
Description =
 
Error - 20.09.2012 21:11:45 | Computer Name = Katrin-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =
 
Error - 20.09.2012 21:12:44 | Computer Name = Katrin-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 20.09.2012 21:12:44 | Computer Name = Katrin-PC | Source = Service Control Manager | ID = 7026
Description =
 
Error - 21.09.2012 11:11:45 | Computer Name = Katrin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 21.09.2012 11:12:12 | Computer Name = Katrin-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.09.2012 05:52:10 | Computer Name = Katrin-PC | Source = HTTP | ID = 15016
Description =
 
Error - 23.09.2012 05:53:21 | Computer Name = Katrin-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 23.09.2012 05:53:21 | Computer Name = Katrin-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 23.09.2012 05:53:21 | Computer Name = Katrin-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---


OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 23.09.2012 12:17:04 - Run 1
OTL by OldTimer - Version 3.2.66.0    Folder = C:\Users\Katrin\Desktop\Trojaner
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 45,25% Memory free
6,14 Gb Paging File | 4,59 Gb Available in Paging File | 74,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,49 Gb Total Space | 120,32 Gb Free Space | 41,85% Space Free | Partition Type: NTFS
Drive D: | 10,60 Gb Total Space | 1,78 Gb Free Space | 16,83% Space Free | Partition Type: NTFS
 
Computer Name: KATRIN-PC | User Name: Katrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.23 12:13:31 | 000,601,600 | ---- | M] (OldTimer Tools) -- C:\Users\Katrin\Desktop\Trojaner\OTL.exe
PRC - [2012.08.28 19:09:37 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.07.29 15:14:04 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.10.23 20:32:16 | 000,222,728 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\realplay.exe
PRC - [2009.10.23 20:32:14 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.09.24 18:08:26 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008.09.24 18:08:26 | 000,116,096 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () -- C:\Programme\SMINST\BLService.exe
PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe
PRC - [2008.09.11 13:50:38 | 000,446,556 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe
PRC - [2008.06.10 04:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.28 19:09:36 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.24 03:36:57 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll
MOD - [2011.06.24 03:36:32 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.06.24 03:34:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.06.24 03:34:34 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2011.06.24 03:34:34 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll
MOD - [2011.06.24 03:34:33 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2011.06.24 03:33:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.06.24 03:32:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.06.24 03:32:05 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.24 03:31:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.24 03:31:35 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011.06.24 03:31:24 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2011.06.24 03:31:22 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2011.06.24 03:31:05 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2011.06.24 03:30:49 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2011.06.24 03:30:45 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.24 03:30:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.09.30 16:56:06 | 000,032,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008.09.30 16:52:02 | 000,007,168 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008.09.30 16:52:00 | 000,057,344 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008.09.30 16:51:52 | 000,118,784 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008.09.30 16:51:52 | 000,010,240 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008.09.30 16:51:36 | 000,040,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008.09.30 16:51:36 | 000,028,672 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008.09.30 16:51:36 | 000,005,632 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.09.24 18:07:48 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll
MOD - [2008.07.27 20:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2008.07.27 20:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008.07.27 20:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2008.07.27 20:03:08 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
MOD - [2008.07.04 04:03:00 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008.07.04 04:03:00 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008.06.30 01:10:18 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\Shared files\richvideops.dll
MOD - [2008.01.21 04:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.28 19:09:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.09.22 02:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.09.24 18:08:26 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2008.09.24 18:08:26 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.09.11 13:52:52 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\stacsv.exe -- (STacSV)
SRV - [2008.06.27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_805f33de\AEstSrv.exe -- (AESTFilters)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS -- (SYMREDRV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS -- (SYMFW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SYMDNS.SYS -- (SYMDNS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Katrin\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2011.10.11 15:46:46 | 000,467,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\cchpx86.sys -- (ccHP)
DRV - [2011.09.22 02:35:58 | 000,217,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\symtdi.sys -- (SYMTDI)
DRV - [2010.07.13 10:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100806.050\NAVEX15.SYS -- (NAVEX15)
DRV - [2010.07.13 10:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100806.050\NAVENG.SYS -- (NAVENG)
DRV - [2010.05.29 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.05.28 21:33:19 | 000,344,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100805.004\IDSvix86.sys -- (IDSVix86)
DRV - [2009.09.14 12:06:41 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.08.22 09:21:19 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\SymEFA.sys -- (SymEFA)
DRV - [2009.08.22 09:21:19 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1008030.006\srtsp.sys -- (SRTSP)
DRV - [2009.08.22 09:21:19 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009.08.22 09:21:19 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1008030.006\srtspx.sys -- (SRTSPX)
DRV - [2009.08.22 09:21:06 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.13 09:13:00 | 007,391,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.11 13:54:44 | 000,389,120 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.03.27 12:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.03.27 12:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{ADE06538-AFDE-42E7-B8D7-95A956D6F8A7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{D2D25FD0-79CC-4011-9334-FE8A3E86B25D}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{EE766F88-9A15-402E-A39B-3DA99B06F60E}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\..\SearchScopes\{ADE06538-AFDE-42E7-B8D7-95A956D6F8A7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{D2D25FD0-79CC-4011-9334-FE8A3E86B25D}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\..\SearchScopes\{EE766F88-9A15-402E-A39B-3DA99B06F60E}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Users\Katrin\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Katrin\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Katrin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Katrin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011.10.20 16:35:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.28 19:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.27 21:14:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.28 19:09:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.27 21:14:09 | 000,000,000 | ---D | M]
 
[2009.09.10 19:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katrin\AppData\Roaming\mozilla\Extensions
[2012.07.01 17:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\s5o9taw5.default\extensions
[2011.03.28 22:02:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\s5o9taw5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.23 18:29:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\s5o9taw5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.21 17:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.28 19:09:37 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.27 21:14:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.27 21:14:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.27 21:14:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.27 21:14:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.27 21:14:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.27 21:14:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Katrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Katrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76FC09DF-AE6E-4A9C-91C6-8D63FA6D8B6E}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4378362-FE6D-408B-82E4-64270E7EE215}: NameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Programme\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Katrin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Katrin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cc992ac3-0e5f-11df-83cb-00238ba51d40}\Shell - "" = AutoRun
O33 - MountPoints2\{cc992ac3-0e5f-11df-83cb-00238ba51d40}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.23 12:02:04 | 000,000,000 | ---D | C] -- C:\Users\Katrin\Desktop\Trojaner
[2012.09.20 21:35:29 | 000,000,000 | ---D | C] -- C:\Users\Katrin\AppData\Roaming\Malwarebytes
[2012.09.20 21:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.20 21:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.20 21:35:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.20 21:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.07 16:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ilitcbgbrxmcbez
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.23 12:19:05 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000UA.job
[2012.09.23 12:15:52 | 000,000,000 | ---- | M] () -- C:\Users\Katrin\defogger_reenable
[2012.09.23 12:04:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 12:04:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 12:01:51 | 000,080,062 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.23 11:52:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.23 11:51:55 | 3186,839,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.21 08:03:55 | 000,008,268 | ---- | M] () -- C:\Users\Katrin\AppData\Local\d3d9caps.dat
[2012.09.20 23:17:03 | 000,314,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.20 21:35:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.07 16:28:14 | 000,000,051 | ---- | M] () -- C:\ProgramData\jpuozgymneljorl
 
========== Files Created - No Company Name ==========
 
[2012.09.23 12:15:52 | 000,000,000 | ---- | C] () -- C:\Users\Katrin\defogger_reenable
[2012.09.21 17:11:33 | 3186,839,552 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.20 21:35:22 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.07 16:28:07 | 000,000,051 | ---- | C] () -- C:\ProgramData\jpuozgymneljorl
[2010.11.07 18:04:11 | 000,000,181 | ---- | C] () -- C:\Windows\Wendy2.ini
[2010.11.07 17:58:23 | 000,000,078 | ---- | C] () -- C:\Windows\Wendy.ini
[2009.07.24 12:34:25 | 000,080,062 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.24 11:46:46 | 000,080,062 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.05 22:01:14 | 000,008,268 | ---- | C] () -- C:\Users\Katrin\AppData\Local\d3d9caps.dat
[2009.05.13 17:24:41 | 000,024,064 | ---- | C] () -- C:\Users\Katrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.09 22:10:12 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\DVDVideoSoft
[2011.04.17 21:21:28 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.14 13:37:41 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Facebook
[2009.05.27 16:31:54 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\FloodLightGames
[2009.07.03 12:34:31 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\ICQ
[2012.07.09 22:10:03 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\OpenCandy
[2009.05.27 15:47:10 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2009.10.23 20:39:16 | 253,264,526 | ---- | M] ()(C:\Users\Katrin\Desktop\????? Twilight (???? - ????) (??) CD2.rmvb) -- C:\Users\Katrin\Desktop\吸血新世紀 Twilight (暮光之城 - 無懼的愛) (中英) CD2.rmvb
[2009.10.23 20:34:47 | 253,264,526 | ---- | C] ()(C:\Users\Katrin\Desktop\????? Twilight (???? - ????) (??) CD2.rmvb) -- C:\Users\Katrin\Desktop\吸血新世紀 Twilight (暮光之城 - 無懼的愛) (中英) CD2.rmvb
[2009.10.23 20:22:16 | 271,335,757 | ---- | M] ()(C:\Users\Katrin\Desktop\????? Twilight (???? - ????) (??) CD1.rmvb) -- C:\Users\Katrin\Desktop\吸血新世紀 Twilight (暮光之城 - 無懼的愛) (中英) CD1.rmvb
[2009.10.23 20:17:23 | 271,335,757 | ---- | C] ()(C:\Users\Katrin\Desktop\????? Twilight (???? - ????) (??) CD1.rmvb) -- C:\Users\Katrin\Desktop\吸血新世紀 Twilight (暮光之城 - 無懼的愛) (中英) CD1.rmvb

< End of report >
--- --- ---


gmer.log
GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-23 14:52:32
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3252GSX rev.LV011C
Running: l2j775r0.exe; Driver: C:\Users\Katrin\AppData\Local\Temp\pxdiipob.sys


---- System - GMER 1.0.15 ----

SSDT            88242EF8                                                                            ZwAlertResumeThread
SSDT            8821D118                                                                            ZwAlertThread
SSDT            882502F8                                                                            ZwAllocateVirtualMemory
SSDT            87BE1340                                                                            ZwAlpcConnectPort
SSDT            8825FB10                                                                            ZwAssignProcessToJobObject
SSDT            88278AB8                                                                            ZwCreateMutant
SSDT            87C55CF0                                                                            ZwCreateSymbolicLinkObject
SSDT            87C36110                                                                            ZwCreateThread
SSDT            88253198                                                                            ZwDebugActiveProcess
SSDT            8824E630                                                                            ZwDuplicateObject
SSDT            88250560                                                                            ZwFreeVirtualMemory
SSDT            88222F70                                                                            ZwImpersonateAnonymousToken
SSDT            88220BF8                                                                            ZwImpersonateThread
SSDT            87BE1FD0                                                                            ZwLoadDriver
SSDT            87BFE608                                                                            ZwMapViewOfSection
SSDT            88245620                                                                            ZwOpenEvent
SSDT            8822C068                                                                            ZwOpenProcess
SSDT            87CF5778                                                                            ZwOpenProcessToken
SSDT            8821DE00                                                                            ZwOpenSection
SSDT            88245828                                                                            ZwOpenThread
SSDT            87C43120                                                                            ZwProtectVirtualMemory
SSDT            87CF4C68                                                                            ZwResumeThread
SSDT            88236110                                                                            ZwSetContextThread
SSDT            8825F630                                                                            ZwSetInformationProcess
SSDT            88244BF8                                                                            ZwSetSystemInformation
SSDT            882444B8                                                                            ZwSuspendProcess
SSDT            88242E00                                                                            ZwSuspendThread
SSDT            88091B30                                                                            ZwTerminateProcess
SSDT            88242B50                                                                            ZwTerminateThread
SSDT            87E09078                                                                            ZwUnmapViewOfSection
SSDT            882528F0                                                                            ZwWriteVirtualMemory
SSDT            87C1FEA8                                                                            ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!KeSetTimerEx + 350                                                      820C0974 8 Bytes  [F8, 2E, 24, 88, 18, D1, 21, ...]
.text          ntkrnlpa.exe!KeSetTimerEx + 364                                                      820C0988 4 Bytes  [F8, 02, 25, 88]
.text          ntkrnlpa.exe!KeSetTimerEx + 370                                                      820C0994 4 Bytes  [40, 13, BE, 87]
.text          ntkrnlpa.exe!KeSetTimerEx + 3C4                                                      820C09E8 4 Bytes  [10, FB, 25, 88]
.text          ntkrnlpa.exe!KeSetTimerEx + 428                                                      820C0A4C 4 Bytes  [B8, 8A, 27, 88]
.text          ...                                                                                 
.text          C:\Windows\system32\DRIVERS\nvlddmkm.sys                                            section is writeable [0x8EE02340, 0x3E0487, 0xE8000020]
                C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl                                  entry point in "" section [0x901F941C]
.clc            C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl                                  unknown last code section [0x901FA000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] ntdll.dll!LdrLoadDll              770E79B3 5 Bytes  JMP 60C5B52A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] kernel32.dll!LockResource + C    7727813B 7 Bytes  JMP 60F0B6D2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] kernel32.dll!VirtualAllocEx + 54  7727BA7A 7 Bytes  JMP 60F0B6F5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text          C:\Program Files\Mozilla Firefox\firefox.exe[4852] GDI32.dll!StretchDIBits + 179    76F975BB 7 Bytes  JMP 60F0B653 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                              Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                              SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                              SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\RawIp                                                            SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 23.09.2012 17:08

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

tn1982 23.09.2012 22:20
Vielen Dank für die Info.

Hier das Protokoll von eset:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=a009f0dafe88ee4abbd04963450eb296
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-23 09:06:13
# local_time=2012-09-23 11:06:13 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5892 16776573 100 100 29273 185958343 0 0
# compatibility_mode=8192 67108863 100 0 263 263 0 0
# scanned=293863
# found=2
# cleaned=0
# scan_time=8758
C:\ProgramData\ilitcbgbrxmcbez\main.html        HTML/Ransom.B trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\All Users\ilitcbgbrxmcbez\main.html        HTML/Ransom.B trojan (unable to clean)        00000000000000000000000000000000        I
TN

cosinus 24.09.2012 14:05
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

tn1982 25.09.2012 12:12
Hallo Cosinus,

anbei die Logdatei von Adwcleaner

Code:
# AdwCleaner v2.003 - Datei am 09/25/2012 um 13:09:39 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Katrin - KATRIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Katrin\Desktop\1_Trojaner\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gefunden : C:\Users\Katrin\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18000

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\s5o9taw5.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1534 octets] - [25/09/2012 13:09:39]

########## EOF - C:\AdwCleaner[R1].txt - [1594 octets] ##########

cosinus 25.09.2012 14:34
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

tn1982 25.09.2012 20:08
Hallo,

anbei die Logdatei von adwcleaner

Code:
# AdwCleaner v2.003 - Datei am 09/25/2012 um 21:02:45 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzer : Katrin - KATRIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Katrin\Desktop\1_Trojaner\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Ordner Gelöscht : C:\Users\Katrin\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

***** [Internet Browser] *****

-\\ Internet Explorer v7.0.6001.18000

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-1650498633-834099574-219073364-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\s5o9taw5.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R2].txt - [1663 octets] - [25/09/2012 13:14:05]
AdwCleaner[R3].txt - [1723 octets] - [25/09/2012 21:02:30]
AdwCleaner[S2].txt - [2236 octets] - [25/09/2012 21:02:45]

########## EOF - C:\AdwCleaner[S2].txt - [2296 octets] ##########

cosinus 26.09.2012 11:31
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

tn1982 26.09.2012 22:31
Hallo cosinus,

vielen Dank für die Hilfestellung.

Im Startmenue sieht alles soweit gut aus und im Windowsbetrieb kann ich auch keine Auffälligkeiten erkennen.

NB

cosinus 27.09.2012 15:51
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

tn1982 27.09.2012 20:15
Hallo,

wie beschrieben hier die Logdatei:

OTL Logfile:
Code:
OTL logfile created on: 27.09.2012 20:37:40 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Katrin\Desktop\1_Trojaner
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,84% Memory free
6,16 Gb Paging File | 5,08 Gb Available in Paging File | 82,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,49 Gb Total Space | 121,97 Gb Free Space | 42,43% Space Free | Partition Type: NTFS
Drive D: | 10,60 Gb Total Space | 1,78 Gb Free Space | 16,83% Space Free | Partition Type: NTFS
 
Computer Name: KATRIN-PC | User Name: Katrin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.27 20:25:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katrin\Desktop\1_Trojaner\OTL.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2009.10.23 20:32:14 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.07.21 22:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe
PRC - [2009.03.02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.09.26 02:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.25 18:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.09.25 18:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.09.24 18:08:26 | 000,296,320 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008.09.24 18:08:26 | 000,116,096 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () -- C:\Programme\SMINST\BLService.exe
PRC - [2008.09.23 11:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 04:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.06.24 03:36:57 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll
MOD - [2011.06.24 03:36:32 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011.06.24 03:34:36 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011.06.24 03:34:34 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll
MOD - [2011.06.24 03:34:34 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.Wrapper.dll
MOD - [2011.06.24 03:34:33 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll
MOD - [2011.06.24 03:33:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011.06.24 03:32:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011.06.24 03:32:05 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011.06.24 03:31:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011.06.24 03:31:35 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll
MOD - [2011.06.24 03:31:24 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll
MOD - [2011.06.24 03:31:22 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll
MOD - [2011.06.24 03:31:05 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll
MOD - [2011.06.24 03:30:49 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll
MOD - [2011.06.24 03:30:45 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011.06.24 03:30:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008.09.30 16:56:06 | 000,032,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008.09.30 16:52:02 | 000,007,168 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008.09.30 16:52:00 | 000,057,344 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008.09.30 16:51:52 | 000,118,784 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008.09.30 16:51:52 | 000,010,240 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008.09.30 16:51:36 | 000,040,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008.09.30 16:51:36 | 000,028,672 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008.09.30 16:51:36 | 000,005,632 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2008.09.25 18:42:26 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.09.24 18:07:48 | 000,066,856 | ---- | M] () -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll
MOD - [2008.07.27 20:22:54 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2008.07.27 20:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008.07.27 20:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008.07.27 20:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.07.27 20:03:08 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2008.07.27 20:03:08 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
MOD - [2008.07.04 04:03:00 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2008.07.04 04:03:00 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008.06.30 01:10:18 | 000,028,672 | ---- | M] () -- C:\Programme\CyberLink\Shared files\richvideops.dll
MOD - [2008.01.21 04:24:29 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2007.08.14 13:59:54 | 006,365,184 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 13:55:52 | 000,131,072 | ---- | M] () -- C:\Programme\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 13:55:28 | 001,581,056 | ---- | M] () -- C:\Programme\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.08.28 19:09:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2009.07.21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV)
SRV - [2009.03.02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe -- (AESTFilters)
SRV - [2008.10.19 14:30:02 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.09.24 18:08:26 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2008.09.24 18:08:26 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Programme\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Katrin\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2009.10.03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.21 22:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.09.26 02:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008.08.07 19:01:44 | 000,097,536 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.08.06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{ADE06538-AFDE-42E7-B8D7-95A956D6F8A7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{D2D25FD0-79CC-4011-9334-FE8A3E86B25D}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{EE766F88-9A15-402E-A39B-3DA99B06F60E}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\SearchScopes\{ADE06538-AFDE-42E7-B8D7-95A956D6F8A7}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\SearchScopes\{D2D25FD0-79CC-4011-9334-FE8A3E86B25D}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\SearchScopes\{EE766F88-9A15-402E-A39B-3DA99B06F60E}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.449: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Users\Katrin\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Katrin\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Katrin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Katrin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.28 19:09:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.27 21:14:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.28 19:09:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.27 21:14:09 | 000,000,000 | ---D | M]
 
[2009.09.10 19:52:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katrin\AppData\Roaming\mozilla\Extensions
[2012.07.01 17:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\s5o9taw5.default\extensions
[2011.03.28 22:02:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\s5o9taw5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.23 18:29:54 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\s5o9taw5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.23 20:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.28 19:09:37 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.27 21:14:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.27 21:14:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.27 21:14:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.27 21:14:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.27 21:14:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.27 21:14:05 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1650498633-834099574-219073364-1000..\Run: [Facebook Update] C:\Users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1650498633-834099574-219073364-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Katrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Katrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} hxxp://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76FC09DF-AE6E-4A9C-91C6-8D63FA6D8B6E}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4378362-FE6D-408B-82E4-64270E7EE215}: NameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cc992ac3-0e5f-11df-83cb-00238ba51d40}\Shell - "" = AutoRun
O33 - MountPoints2\{cc992ac3-0e5f-11df-83cb-00238ba51d40}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.23 20:35:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.09.23 15:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.09.23 15:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.09.23 15:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.09.23 12:02:04 | 000,000,000 | ---D | C] -- C:\Users\Katrin\Desktop\1_Trojaner
[2012.09.20 21:35:29 | 000,000,000 | ---D | C] -- C:\Users\Katrin\AppData\Roaming\Malwarebytes
[2012.09.20 21:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.20 21:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.20 21:35:20 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.20 21:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.09.07 16:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ilitcbgbrxmcbez
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.27 20:05:49 | 000,080,038 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.09.27 20:05:45 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Katrin.job
[2012.09.27 20:05:30 | 000,008,484 | ---- | M] () -- C:\Users\Katrin\AppData\Local\d3d9caps.dat
[2012.09.27 20:05:25 | 000,080,038 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.09.27 20:05:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 20:05:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.27 20:05:19 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Katrin.job
[2012.09.27 20:05:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.27 20:05:08 | 3186,839,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.27 00:19:08 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000UA.job
[2012.09.27 00:11:01 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Katrin.job
[2012.09.25 15:19:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000Core.job
[2012.09.23 15:53:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.09.23 15:53:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.09.23 15:10:02 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.23 12:15:52 | 000,000,000 | ---- | M] () -- C:\Users\Katrin\defogger_reenable
[2012.09.20 23:17:03 | 000,314,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.09.20 21:35:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.09.07 16:28:14 | 000,000,051 | ---- | M] () -- C:\ProgramData\jpuozgymneljorl
 
========== Files Created - No Company Name ==========
 
[2012.09.27 00:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Katrin.job
[2012.09.24 00:07:02 | 000,000,374 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Katrin.job
[2012.09.24 00:07:01 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Katrin.job
[2012.09.23 15:53:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012.09.23 15:53:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.09.23 15:52:16 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012.09.23 15:10:02 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.09.23 12:15:52 | 000,000,000 | ---- | C] () -- C:\Users\Katrin\defogger_reenable
[2012.09.21 17:11:33 | 3186,839,552 | -HS- | C] () -- C:\hiberfil.sys
[2012.09.20 21:35:22 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.07 16:28:07 | 000,000,051 | ---- | C] () -- C:\ProgramData\jpuozgymneljorl
[2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2010.11.07 18:04:11 | 000,000,181 | ---- | C] () -- C:\Windows\Wendy2.ini
[2010.11.07 17:58:23 | 000,000,078 | ---- | C] () -- C:\Windows\Wendy.ini
[2009.07.24 12:34:25 | 000,080,038 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.07.24 11:46:46 | 000,080,038 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.05 22:01:14 | 000,008,484 | ---- | C] () -- C:\Users\Katrin\AppData\Local\d3d9caps.dat
[2009.05.13 17:24:41 | 000,024,064 | ---- | C] () -- C:\Users\Katrin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.09 22:10:12 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\DVDVideoSoft
[2011.04.17 21:21:28 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.14 13:37:41 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Facebook
[2009.05.27 16:31:54 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\FloodLightGames
[2009.07.03 12:34:31 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\ICQ
[2009.05.27 15:47:10 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\WildTangent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.05.16 14:57:18 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Adobe
[2011.11.20 23:28:39 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Apple Computer
[2009.06.01 21:49:53 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\CyberLink
[2009.12.05 14:43:21 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\DivX
[2012.07.09 22:10:12 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\DVDVideoSoft
[2011.04.17 21:21:28 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.14 13:37:41 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Facebook
[2009.05.27 16:31:54 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\FloodLightGames
[2009.08.02 19:23:47 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Google
[2009.05.13 16:39:02 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Hewlett-Packard
[2009.05.13 16:32:16 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\HP TCS
[2009.07.03 12:34:31 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\ICQ
[2009.05.13 16:38:22 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Identities
[2009.05.27 16:33:09 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Macromedia
[2012.09.20 21:35:29 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Media Center Programs
[2010.09.25 14:09:45 | 000,000,000 | --SD | M] -- C:\Users\Katrin\AppData\Roaming\Microsoft
[2009.06.14 14:45:16 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Move Networks
[2009.09.10 19:52:12 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Mozilla
[2010.03.08 15:11:57 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Real
[2012.09.23 15:12:43 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\Skype
[2012.01.20 14:34:41 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\skypePM
[2009.05.27 15:47:10 | 000,000,000 | ---D | M] -- C:\Users\Katrin\AppData\Roaming\WildTangent
 
< %APPDATA%\*.exe /s >
[2010.03.14 13:37:43 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Katrin\AppData\Roaming\Facebook\uninstall.exe
[2009.02.12 20:37:34 | 000,097,144 | ---- | M] () -- C:\Users\Katrin\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2009.06.14 14:45:16 | 000,034,062 | ---- | M] () -- C:\Users\Katrin\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2010.06.29 22:59:47 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Katrin\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010.12.06 23:16:06 | 000,506,024 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Katrin\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011.01.25 18:52:28 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Katrin\AppData\Roaming\Real\Update\setup3.14\setup.exe
[2010.06.29 22:59:46 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Katrin\AppData\Roaming\Real\Update\temp\~Upg1\setup.exe
[2012.09.23 21:05:55 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Katrin\AppData\Roaming\Real\Update\temp\~Upg3\rnupgagent.exe
[2012.09.23 21:05:55 | 000,449,176 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
[2012.09.27 00:11:01 | 027,433,440 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\stub_data\RealPlayer.exe
[2012.09.27 00:08:08 | 000,760,128 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\stub_exe\RealPlayer.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.10.22 18:18:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\drivers\atapi.sys
[2008.10.22 18:18:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008.10.22 18:18:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008.10.22 18:18:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008.10.22 18:18:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<          >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,032,578 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.06.04 22:13:43 | 000,000,420 | -H-- | C] () -- C:\Windows\Tasks\User_Feed_Synchronization-{03C56D98-5866-419D-8803-52877CBEBD6D}.job
[2011.09.02 18:09:28 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000Core.job
[2011.09.02 18:09:33 | 000,001,142 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000UA.job
[2012.09.24 00:07:01 | 000,000,370 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateXML_Katrin.job
[2012.09.24 00:07:02 | 000,000,374 | ---- | C] () -- C:\Windows\Tasks\ReclaimerUpdateFiles_Katrin.job
[2012.09.27 00:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Katrin.job
 
========== Files - Unicode (All) ==========
[2009.10.23 20:39:16 | 253,264,526 | ---- | M] ()(C:\Users\Katrin\Desktop\????? Twilight (???? - ????) (??) CD2.rmvb) -- C:\Users\Katrin\Desktop\吸血新世紀 Twilight (暮光之城 - 無懼的愛) (中英) CD2.rmvb
[2009.10.23 20:34:47 | 253,264,526 | ---- | C] ()(C:\Users\Katrin\Desktop\????? Twilight (???? - ????) (??) CD2.rmvb) -- C:\Users\Katrin\Desktop\吸血新世紀 Twilight (暮光之城 - 無懼的愛) (中英) CD2.rmvb
[2009.10.23 20:22:16 | 271,335,757 | ---- | M] ()(C:\Users\Katrin\Desktop\????? Twilight (???? - ????) (??) CD1.rmvb) -- C:\Users\Katrin\Desktop\吸血新世紀 Twilight (暮光之城 - 無懼的愛) (中英) CD1.rmvb
[2009.10.23 20:17:23 | 271,335,757 | ---- | C] ()(C:\Users\Katrin\Desktop\????? Twilight (???? - ????) (??) CD1.rmvb) -- C:\Users\Katrin\Desktop\吸血新世紀 Twilight (暮光之城 - 無懼的愛) (中英) CD1.rmvb

< End of report >
--- --- ---


Danke
NB

cosinus 27.09.2012 21:02
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
Code:
:OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\SearchScopes\{ADE06538-AFDE-42E7-B8D7-95A956D6F8A7}: "URL" = http://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\SearchScopes\{D2D25FD0-79CC-4011-9334-FE8A3E86B25D}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
[2011.03.28 22:02:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\s5o9taw5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1650498633-834099574-219073364-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{cc992ac3-0e5f-11df-83cb-00238ba51d40}\Shell - "" = AutoRun
O33 - MountPoints2\{cc992ac3-0e5f-11df-83cb-00238ba51d40}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
:Files
C:\ProgramData\jpuozgymneljorl
C:\ProgramData\ilitcbgbrxmcbez
C:\Users\All Users\jpuozgymneljorl
C:\Users\All Users\ilitcbgbrxmcbez
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

tn1982 29.09.2012 08:48
Hallo,

vielen Dank, hier das logfile:
Code:
All processes killed
========== OTL ==========
HKU\S-1-5-21-1650498633-834099574-219073364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1650498633-834099574-219073364-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1650498633-834099574-219073364-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1650498633-834099574-219073364-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKEY_USERS\S-1-5-21-1650498633-834099574-219073364-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1650498633-834099574-219073364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ADE06538-AFDE-42E7-B8D7-95A956D6F8A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADE06538-AFDE-42E7-B8D7-95A956D6F8A7}\ not found.
Registry key HKEY_USERS\S-1-5-21-1650498633-834099574-219073364-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D2D25FD0-79CC-4011-9334-FE8A3E86B25D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D2D25FD0-79CC-4011-9334-FE8A3E86B25D}\ not found.
C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\s5o9taw5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\s5o9taw5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\s5o9taw5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Katrin\AppData\Roaming\mozilla\Firefox\Profiles\s5o9taw5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
File C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll not found.
Registry value HKEY_USERS\S-1-5-21-1650498633-834099574-219073364-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1650498633-834099574-219073364-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
File C:\Programme\AOL\AOL Toolbar 5.0\aoltb.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc992ac3-0e5f-11df-83cb-00238ba51d40}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc992ac3-0e5f-11df-83cb-00238ba51d40}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc992ac3-0e5f-11df-83cb-00238ba51d40}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc992ac3-0e5f-11df-83cb-00238ba51d40}\ not found.
File F:\LaunchU3.exe -a not found.
========== FILES ==========
C:\ProgramData\jpuozgymneljorl moved successfully.
C:\ProgramData\ilitcbgbrxmcbez folder moved successfully.
File\Folder C:\Users\All Users\jpuozgymneljorl not found.
File\Folder C:\Users\All Users\ilitcbgbrxmcbez not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Katrin\Desktop\1_Trojaner\cmd.bat deleted successfully.
C:\Users\Katrin\Desktop\1_Trojaner\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Katrin
->Temp folder emptied: 679724619 bytes
->Temporary Internet Files folder emptied: 309457536 bytes
->Java cache emptied: 3464901 bytes
->FireFox cache emptied: 77879176 bytes
->Apple Safari cache emptied: 1642496 bytes
->Flash cache emptied: 135101 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 92925262 bytes
RecycleBin emptied: 6476342966 bytes
 
Total Files Cleaned = 7.288,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 09292012_093444

Files\Folders moved on Reboot...
C:\Users\Katrin\AppData\Local\Temp\ehmsas.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 01.10.2012 10:27
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

tn1982 01.10.2012 16:03
Hallo,
hier das Logfile von TDSS-Killer
Code:
16:59:10.0490 5948  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
16:59:10.0756 5948  ============================================================
16:59:10.0757 5948  Current date / time: 2012/10/01 16:59:10.0756
16:59:10.0757 5948  SystemInfo:
16:59:10.0757 5948 
16:59:10.0757 5948  OS Version: 6.0.6001 ServicePack: 1.0
16:59:10.0757 5948  Product type: Workstation
16:59:10.0757 5948  ComputerName: KATRIN-PC
16:59:10.0757 5948  UserName: Katrin
16:59:10.0757 5948  Windows directory: C:\Windows
16:59:10.0757 5948  System windows directory: C:\Windows
16:59:10.0757 5948  Processor architecture: Intel x86
16:59:10.0757 5948  Number of processors: 2
16:59:10.0757 5948  Page size: 0x1000
16:59:10.0757 5948  Boot type: Normal boot
16:59:10.0757 5948  ============================================================
16:59:12.0464 5948  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:59:12.0566 5948  ============================================================
16:59:12.0566 5948  \Device\Harddisk0\DR0:
16:59:12.0641 5948  MBR partitions:
16:59:12.0641 5948  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23EFBFC1
16:59:12.0641 5948  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23EFC000, BlocksNum 0x1531000
16:59:12.0641 5948  ============================================================
16:59:12.0993 5948  C: <-> \Device\Harddisk0\DR0\Partition1
16:59:13.0130 5948  D: <-> \Device\Harddisk0\DR0\Partition2
16:59:13.0130 5948  ============================================================
16:59:13.0131 5948  Initialize success
16:59:13.0131 5948  ============================================================
16:59:26.0730 3760  ============================================================
16:59:26.0730 3760  Scan started
16:59:26.0730 3760  Mode: Manual; SigCheck; TDLFS;
16:59:26.0730 3760  ============================================================
16:59:27.0202 3760  ================ Scan system memory ========================
16:59:27.0202 3760  System memory - ok
16:59:27.0202 3760  ================ Scan services =============================
16:59:27.0367 3760  [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer  C:\Windows\system32\DRIVERS\Accelerometer.sys
16:59:27.0448 3760  Accelerometer - ok
16:59:27.0478 3760  [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI            C:\Windows\system32\drivers\acpi.sys
16:59:27.0494 3760  ACPI - ok
16:59:27.0543 3760  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
16:59:27.0563 3760  adp94xx - ok
16:59:27.0581 3760  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci        C:\Windows\system32\drivers\adpahci.sys
16:59:27.0594 3760  adpahci - ok
16:59:27.0601 3760  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
16:59:27.0611 3760  adpu160m - ok
16:59:27.0619 3760  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
16:59:27.0631 3760  adpu320 - ok
16:59:27.0696 3760  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
16:59:27.0784 3760  AeLookupSvc - ok
16:59:27.0937 3760  [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe
16:59:27.0961 3760  AESTFilters - ok
16:59:28.0042 3760  [ 48EB99503533C27AC6135648E5474457 ] AFD            C:\Windows\system32\drivers\afd.sys
16:59:28.0091 3760  AFD - ok
16:59:28.0154 3760  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:59:28.0164 3760  agp440 - ok
16:59:28.0211 3760  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
16:59:28.0222 3760  aic78xx - ok
16:59:28.0245 3760  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
16:59:28.0270 3760  ALG - ok
16:59:28.0287 3760  [ 3D76FDA1A10ACC3DC84728F55C29B6D4 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:59:28.0295 3760  aliide - ok
16:59:28.0616 3760  ALSysIO - ok
16:59:28.0669 3760  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
16:59:28.0678 3760  amdagp - ok
16:59:28.0697 3760  [ 5B92E7839F5A1FBC1B39DE67758AD6F8 ] amdide          C:\Windows\system32\drivers\amdide.sys
16:59:28.0706 3760  amdide - ok
16:59:28.0724 3760  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
16:59:28.0749 3760  AmdK7 - ok
16:59:28.0760 3760  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
16:59:28.0785 3760  AmdK8 - ok
16:59:28.0843 3760  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
16:59:28.0904 3760  Appinfo - ok
16:59:28.0995 3760  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:59:29.0004 3760  Apple Mobile Device - ok
16:59:29.0036 3760  [ 5D2888182FB46632511ACEE92FDAD522 ] arc            C:\Windows\system32\drivers\arc.sys
16:59:29.0046 3760  arc - ok
16:59:29.0077 3760  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
16:59:29.0086 3760  arcsas - ok
16:59:29.0112 3760  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:59:29.0152 3760  AsyncMac - ok
16:59:29.0158 3760  [ 9C0E70031905ADBF94EDB9EA14AF943B ] atapi          C:\Windows\system32\drivers\atapi.sys
16:59:29.0166 3760  atapi - ok
16:59:29.0213 3760  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:59:29.0241 3760  AudioEndpointBuilder - ok
16:59:29.0249 3760  [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
16:59:29.0275 3760  Audiosrv - ok
16:59:29.0368 3760  [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc          C:\Program Files\Microsoft\BingBar\BBSvc.EXE
16:59:29.0382 3760  BBSvc - ok
16:59:29.0444 3760  [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate        C:\Program Files\Microsoft\BingBar\SeaPort.EXE
16:59:29.0457 3760  BBUpdate - ok
16:59:29.0542 3760  [ F92DCC68A89F0B97A286E38C0BA8F860 ] BCM43XX        C:\Windows\system32\DRIVERS\bcmwl6.sys
16:59:29.0920 3760  BCM43XX - ok
16:59:29.0975 3760  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:59:30.0018 3760  Beep - ok
16:59:30.0084 3760  [ 8582E233C346AEFE759833E8A30DD697 ] BFE            C:\Windows\System32\bfe.dll
16:59:30.0138 3760  BFE - ok
16:59:30.0220 3760  [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS            C:\Windows\System32\qmgr.dll
16:59:30.0303 3760  BITS - ok
16:59:30.0348 3760  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
16:59:30.0411 3760  blbdrive - ok
16:59:30.0497 3760  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:59:30.0511 3760  Bonjour Service - ok
16:59:30.0559 3760  [ 8153396D5551276227FA146900F734E6 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:59:30.0586 3760  bowser - ok
16:59:30.0631 3760  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
16:59:30.0649 3760  BrFiltLo - ok
16:59:30.0662 3760  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
16:59:30.0705 3760  BrFiltUp - ok
16:59:30.0750 3760  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
16:59:30.0775 3760  Browser - ok
16:59:30.0794 3760  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
16:59:30.0987 3760  Brserid - ok
16:59:31.0043 3760  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
16:59:31.0086 3760  BrSerWdm - ok
16:59:31.0096 3760  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
16:59:31.0166 3760  BrUsbMdm - ok
16:59:31.0172 3760  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
16:59:31.0214 3760  BrUsbSer - ok
16:59:31.0257 3760  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
16:59:31.0299 3760  BTHMODEM - ok
16:59:31.0325 3760  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:59:31.0376 3760  cdfs - ok
16:59:31.0423 3760  [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
16:59:31.0446 3760  cdrom - ok
16:59:31.0475 3760  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc    C:\Windows\System32\certprop.dll
16:59:31.0499 3760  CertPropSvc - ok
16:59:31.0523 3760  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:59:31.0565 3760  circlass - ok
16:59:31.0625 3760  [ 0703B9DEE7EEC6D6370EDEBD43D0F5C2 ] CLFS            C:\Windows\system32\CLFS.sys
16:59:31.0637 3760  CLFS - ok
16:59:31.0712 3760  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:59:31.0721 3760  clr_optimization_v2.0.50727_32 - ok
16:59:31.0775 3760  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:59:31.0785 3760  clr_optimization_v4.0.30319_32 - ok
16:59:31.0836 3760  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:59:31.0877 3760  CmBatt - ok
16:59:31.0905 3760  [ D36372A6EA6805EFBE8884D10772313F ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:59:31.0913 3760  cmdide - ok
16:59:32.0008 3760  [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:59:32.0016 3760  Com4QLBEx - ok
16:59:32.0022 3760  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:59:32.0031 3760  Compbatt - ok
16:59:32.0038 3760  COMSysApp - ok
16:59:32.0050 3760  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
16:59:32.0058 3760  crcdisk - ok
16:59:32.0071 3760  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
16:59:32.0095 3760  Crusoe - ok
16:59:32.0138 3760  [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:59:32.0163 3760  CryptSvc - ok
16:59:32.0234 3760  [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:59:32.0315 3760  DcomLaunch - ok
16:59:32.0380 3760  [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:59:32.0406 3760  DfsC - ok
16:59:32.0495 3760  [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR            C:\Windows\system32\DFSR.exe
16:59:32.0622 3760  DFSR - ok
16:59:32.0688 3760  [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
16:59:32.0713 3760  Dhcp - ok
16:59:32.0739 3760  [ 64109E623ABD6955C8FB110B592E68B7 ] disk            C:\Windows\system32\drivers\disk.sys
16:59:32.0749 3760  disk - ok
16:59:32.0795 3760  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:59:32.0849 3760  Dnscache - ok
16:59:32.0874 3760  [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc        C:\Windows\System32\dot3svc.dll
16:59:32.0901 3760  dot3svc - ok
16:59:32.0956 3760  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
16:59:33.0003 3760  DPS - ok
16:59:33.0046 3760  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
16:59:33.0063 3760  drmkaud - ok
16:59:33.0101 3760  [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
16:59:33.0182 3760  DXGKrnl - ok
16:59:33.0211 3760  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
16:59:33.0258 3760  E1G60 - ok
16:59:33.0296 3760  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
16:59:33.0336 3760  EapHost - ok
16:59:33.0371 3760  [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache          C:\Windows\system32\drivers\ecache.sys
16:59:33.0381 3760  Ecache - ok
16:59:33.0463 3760  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
16:59:33.0487 3760  ehRecvr - ok
16:59:33.0502 3760  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
16:59:33.0556 3760  ehSched - ok
16:59:33.0570 3760  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
16:59:33.0601 3760  ehstart - ok
16:59:33.0662 3760  [ 23B62471681A124889978F6295B3F4C6 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
16:59:33.0680 3760  elxstor - ok
16:59:33.0724 3760  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
16:59:33.0772 3760  EMDMgmt - ok
16:59:33.0809 3760  [ 004B2EA6CC2598EC5F0552E43CE29CEF ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
16:59:33.0847 3760  enecir - ok
16:59:33.0891 3760  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:59:33.0914 3760  ErrDev - ok
16:59:33.0948 3760  [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem    C:\Windows\system32\es.dll
16:59:34.0009 3760  EventSystem - ok
16:59:34.0040 3760  [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat          C:\Windows\system32\drivers\exfat.sys
16:59:34.0068 3760  exfat - ok
16:59:34.0132 3760  [ 42F721C52EEF2D6DF9372A53813A83EF ] ezSharedSvc    C:\Windows\System32\ezsvc7.dll
16:59:34.0165 3760  ezSharedSvc ( UnsignedFile.Multi.Generic ) - warning
16:59:34.0166 3760  ezSharedSvc - detected UnsignedFile.Multi.Generic (1)
16:59:34.0196 3760  [ 3C489390C2E2064563727752AF8EAB9E ] fastfat        C:\Windows\system32\drivers\fastfat.sys
16:59:34.0223 3760  fastfat - ok
16:59:34.0289 3760  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
16:59:34.0331 3760  fdc - ok
16:59:34.0373 3760  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
16:59:34.0422 3760  fdPHost - ok
16:59:34.0451 3760  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:59:34.0521 3760  FDResPub - ok
16:59:34.0551 3760  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:59:34.0560 3760  FileInfo - ok
16:59:34.0595 3760  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
16:59:34.0618 3760  Filetrace - ok
16:59:34.0631 3760  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:59:34.0666 3760  flpydisk - ok
16:59:34.0674 3760  [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:59:34.0686 3760  FltMgr - ok
16:59:34.0736 3760  [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:59:34.0743 3760  FontCache3.0.0.0 - ok
16:59:34.0774 3760  [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:59:34.0792 3760  Fs_Rec - ok
16:59:34.0810 3760  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
16:59:34.0819 3760  gagp30kx - ok
16:59:34.0876 3760  [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
16:59:34.0886 3760  GameConsoleService - ok
16:59:34.0909 3760  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:59:34.0915 3760  GEARAspiWDM - ok
16:59:34.0968 3760  [ D9F1113D9401185245573350712F92FC ] gpsvc          C:\Windows\System32\gpsvc.dll
16:59:35.0040 3760  gpsvc - ok
16:59:35.0114 3760  [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc          C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
16:59:35.0122 3760  gusvc - ok
16:59:35.0164 3760  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:59:35.0231 3760  HdAudAddService - ok
16:59:35.0253 3760  [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
16:59:35.0304 3760  HDAudBus - ok
16:59:35.0337 3760  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
16:59:35.0378 3760  HidBth - ok
16:59:35.0414 3760  [ 5A87127718873BD7F3BD7AC42B951D8E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
16:59:35.0470 3760  HidIr - ok
16:59:35.0497 3760  [ 8FA640195279ACE21BEA91396A0054FC ] hidserv        C:\Windows\system32\hidserv.dll
16:59:35.0540 3760  hidserv - ok
16:59:35.0579 3760  [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:59:35.0615 3760  HidUsb - ok
16:59:35.0652 3760  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:59:35.0697 3760  hkmsvc - ok
16:59:35.0778 3760  [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
16:59:35.0783 3760  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
16:59:35.0783 3760  HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
16:59:35.0807 3760  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
16:59:35.0816 3760  HpCISSs - ok
16:59:35.0857 3760  [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
16:59:35.0863 3760  hpdskflt - ok
16:59:35.0883 3760  [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:59:35.0934 3760  HpqKbFiltr - ok
16:59:35.0988 3760  [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
16:59:35.0996 3760  hpqwmiex - ok
16:59:36.0047 3760  [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv          C:\Windows\system32\Hpservice.exe
16:59:36.0053 3760  hpsrv - ok
16:59:36.0124 3760  [ 96E241624C71211A79C84F50A8E71CAB ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:59:36.0162 3760  HTTP - ok
16:59:36.0221 3760  [ C6B032D69650985468160FC9937CF5B4 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
16:59:36.0230 3760  i2omp - ok
16:59:36.0268 3760  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
16:59:36.0289 3760  i8042prt - ok
16:59:36.0300 3760  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
16:59:36.0315 3760  iaStorV - ok
16:59:36.0398 3760  [ A4E43A7AB1202356BEBEB6B798F15488 ] ICQ Service    C:\Program Files\ICQ6Toolbar\ICQ Service.exe
16:59:36.0408 3760  ICQ Service - ok
16:59:36.0489 3760  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:59:36.0521 3760  IDriverT ( UnsignedFile.Multi.Generic ) - warning
16:59:36.0521 3760  IDriverT - detected UnsignedFile.Multi.Generic (1)
16:59:36.0603 3760  [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:59:36.0636 3760  idsvc - ok
16:59:36.0660 3760  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
16:59:36.0669 3760  iirsp - ok
16:59:36.0703 3760  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT          C:\Windows\System32\ikeext.dll
16:59:36.0738 3760  IKEEXT - ok
16:59:36.0806 3760  [ DD512A049BD7B4BCE8A83554C5EFF2C1 ] intelide        C:\Windows\system32\drivers\intelide.sys
16:59:36.0815 3760  intelide - ok
16:59:36.0832 3760  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:59:36.0878 3760  intelppm - ok
16:59:36.0930 3760  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
16:59:36.0984 3760  IPBusEnum - ok
16:59:37.0014 3760  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:59:37.0063 3760  IpFilterDriver - ok
16:59:37.0118 3760  [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:59:37.0170 3760  iphlpsvc - ok
16:59:37.0176 3760  IpInIp - ok
16:59:37.0228 3760  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
16:59:37.0275 3760  IPMIDRV - ok
16:59:37.0309 3760  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
16:59:37.0335 3760  IPNAT - ok
16:59:37.0426 3760  [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
16:59:37.0449 3760  iPod Service - ok
16:59:37.0490 3760  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:59:37.0533 3760  IRENUM - ok
16:59:37.0572 3760  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:59:37.0581 3760  isapnp - ok
16:59:37.0638 3760  [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
16:59:37.0651 3760  iScsiPrt - ok
16:59:37.0657 3760  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
16:59:37.0666 3760  iteatapi - ok
16:59:37.0678 3760  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
16:59:37.0687 3760  iteraid - ok
16:59:37.0738 3760  [ A69A1B991824B98F744913555F665893 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
16:59:37.0797 3760  JMCR - ok
16:59:37.0920 3760  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
16:59:37.0933 3760  kbdclass - ok
16:59:37.0960 3760  [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
16:59:38.0015 3760  kbdhid - ok
16:59:38.0067 3760  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso          C:\Windows\system32\lsass.exe
16:59:38.0114 3760  KeyIso - ok
16:59:38.0145 3760  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:59:38.0170 3760  KSecDD - ok
16:59:38.0237 3760  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
16:59:38.0271 3760  KtmRm - ok
16:59:38.0304 3760  [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:59:38.0368 3760  LanmanServer - ok
16:59:38.0415 3760  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:59:38.0477 3760  LanmanWorkstation - ok
16:59:38.0536 3760  [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:59:38.0541 3760  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:59:38.0542 3760  LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:59:38.0581 3760  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:59:38.0606 3760  lltdio - ok
16:59:38.0650 3760  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
16:59:38.0689 3760  lltdsvc - ok
16:59:38.0726 3760  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
16:59:38.0772 3760  lmhosts - ok
16:59:38.0787 3760  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
16:59:38.0799 3760  LSI_FC - ok
16:59:38.0806 3760  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
16:59:38.0818 3760  LSI_SAS - ok
16:59:38.0845 3760  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
16:59:38.0856 3760  LSI_SCSI - ok
16:59:38.0864 3760  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
16:59:38.0890 3760  luafv - ok
16:59:38.0909 3760  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
16:59:38.0943 3760  Mcx2Svc - ok
16:59:38.0986 3760  [ 0001CE609D66632FA17B84705F658879 ] megasas        C:\Windows\system32\drivers\megasas.sys
16:59:38.0995 3760  megasas - ok
16:59:39.0022 3760  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
16:59:39.0041 3760  MegaSR - ok
16:59:39.0075 3760  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
16:59:39.0105 3760  MMCSS - ok
16:59:39.0143 3760  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
16:59:39.0196 3760  Modem - ok
16:59:39.0219 3760  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
16:59:39.0246 3760  monitor - ok
16:59:39.0296 3760  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:59:39.0306 3760  mouclass - ok
16:59:39.0330 3760  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:59:39.0355 3760  mouhid - ok
16:59:39.0375 3760  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
16:59:39.0386 3760  MountMgr - ok
16:59:39.0479 3760  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:59:39.0491 3760  MozillaMaintenance - ok
16:59:39.0524 3760  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:59:39.0535 3760  mpio - ok
16:59:39.0561 3760  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:59:39.0582 3760  mpsdrv - ok
16:59:39.0615 3760  [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:59:39.0680 3760  MpsSvc - ok
16:59:39.0708 3760  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
16:59:39.0719 3760  Mraid35x - ok
16:59:39.0726 3760  [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:59:39.0807 3760  MRxDAV - ok
16:59:39.0870 3760  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:59:39.0932 3760  mrxsmb - ok
16:59:39.0954 3760  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:59:39.0970 3760  mrxsmb10 - ok
16:59:39.0978 3760  [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:59:39.0991 3760  mrxsmb20 - ok
16:59:40.0013 3760  [ AA305CFF241DA187BD5077DE4A2A043D ] msahci          C:\Windows\system32\drivers\msahci.sys
16:59:40.0023 3760  msahci - ok
16:59:40.0034 3760  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
16:59:40.0045 3760  msdsm - ok
16:59:40.0063 3760  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
16:59:40.0092 3760  MSDTC - ok
16:59:40.0124 3760  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:59:40.0153 3760  Msfs - ok
16:59:40.0507 3760  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:59:40.0516 3760  msisadrv - ok
16:59:40.0716 3760  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
16:59:40.0768 3760  MSiSCSI - ok
16:59:40.0773 3760  msiserver - ok
16:59:40.0820 3760  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
16:59:40.0848 3760  MSKSSRV - ok
16:59:40.0887 3760  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:59:40.0911 3760  MSPCLOCK - ok
16:59:40.0932 3760  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
16:59:40.0975 3760  MSPQM - ok
16:59:41.0009 3760  [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
16:59:41.0020 3760  MsRPC - ok
16:59:41.0048 3760  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
16:59:41.0056 3760  mssmbios - ok
16:59:41.0081 3760  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
16:59:41.0106 3760  MSTEE - ok
16:59:42.0172 3760  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup            C:\Windows\system32\Drivers\mup.sys
16:59:42.0183 3760  Mup - ok
16:59:42.0344 3760  [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent        C:\Windows\system32\qagentRT.dll
16:59:42.0378 3760  napagent - ok
16:59:42.0430 3760  [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
16:59:42.0441 3760  NativeWifiP - ok
16:59:42.0529 3760  [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:59:42.0552 3760  NDIS - ok
16:59:42.0596 3760  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:59:42.0633 3760  NdisTapi - ok
16:59:42.0660 3760  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
16:59:42.0686 3760  Ndisuio - ok
16:59:42.0729 3760  [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
16:59:42.0793 3760  NdisWan - ok
16:59:42.0947 3760  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
16:59:42.0973 3760  NDProxy - ok
16:59:43.0024 3760  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
16:59:43.0133 3760  NetBIOS - ok
16:59:43.0185 3760  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
16:59:43.0211 3760  netbt - ok
16:59:43.0234 3760  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon        C:\Windows\system32\lsass.exe
16:59:43.0246 3760  Netlogon - ok
16:59:43.0284 3760  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
16:59:43.0311 3760  Netman - ok
16:59:43.0331 3760  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
16:59:43.0385 3760  netprofm - ok
16:59:43.0425 3760  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:59:43.0435 3760  NetTcpPortSharing - ok
16:59:43.0533 3760  [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
16:59:43.0612 3760  NETw3v32 - ok
16:59:43.0660 3760  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
16:59:43.0669 3760  nfrd960 - ok
16:59:43.0709 3760  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:59:43.0755 3760  NlaSvc - ok
16:59:43.0761 3760  [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:59:43.0792 3760  Npfs - ok
16:59:43.0818 3760  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
16:59:43.0843 3760  nsi - ok
16:59:43.0848 3760  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:59:43.0873 3760  nsiproxy - ok
16:59:43.0936 3760  [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:59:43.0967 3760  Ntfs - ok
16:59:44.0005 3760  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
16:59:44.0065 3760  ntrigdigi - ok
16:59:44.0087 3760  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
16:59:44.0111 3760  Null - ok
16:59:44.0134 3760  [ A103162C62C336C2CB3C5E1E2773D17B ] NVHDA          C:\Windows\system32\drivers\nvhda32v.sys
16:59:44.0142 3760  NVHDA - ok
16:59:44.0427 3760  [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:59:44.0854 3760  nvlddmkm - ok
16:59:44.0887 3760  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:59:44.0897 3760  nvraid - ok
16:59:44.0913 3760  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:59:44.0922 3760  nvstor - ok
16:59:44.0978 3760  [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc          C:\Windows\system32\nvvsvc.exe
16:59:44.0989 3760  nvsvc - ok
16:59:45.0016 3760  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:59:45.0030 3760  nv_agp - ok
16:59:45.0042 3760  NwlnkFlt - ok
16:59:45.0053 3760  NwlnkFwd - ok
16:59:45.0156 3760  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:59:45.0176 3760  odserv - ok
16:59:45.0214 3760  [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
16:59:45.0238 3760  ohci1394 - ok
16:59:45.0269 3760  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:59:45.0280 3760  ose - ok
16:59:45.0332 3760  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
16:59:45.0440 3760  p2pimsvc - ok
16:59:45.0453 3760  [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:59:45.0494 3760  p2psvc - ok
16:59:45.0529 3760  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
16:59:45.0603 3760  Parport - ok
16:59:45.0630 3760  [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr        C:\Windows\system32\drivers\partmgr.sys
16:59:45.0641 3760  partmgr - ok
16:59:45.0667 3760  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
16:59:45.0708 3760  Parvdm - ok
16:59:45.0733 3760  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:59:45.0746 3760  PcaSvc - ok
16:59:45.0769 3760  [ 01B94418DEB235DFF777CC80076354B4 ] pci            C:\Windows\system32\drivers\pci.sys
16:59:45.0780 3760  pci - ok
16:59:45.0790 3760  [ 1D8B3D8DF8EB7FCF2F0AC02F9F947802 ] pciide          C:\Windows\system32\drivers\pciide.sys
16:59:45.0798 3760  pciide - ok
16:59:45.0829 3760  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
16:59:45.0840 3760  pcmcia - ok
16:59:45.0887 3760  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:59:45.0991 3760  PEAUTH - ok
16:59:46.0077 3760  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
16:59:46.0156 3760  pla - ok
16:59:46.0208 3760  [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:59:46.0264 3760  PlugPlay - ok
16:59:46.0298 3760  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
16:59:46.0320 3760  PNRPAutoReg - ok
16:59:46.0333 3760  [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
16:59:46.0376 3760  PNRPsvc - ok
16:59:46.0444 3760  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
16:59:46.0491 3760  PolicyAgent - ok
16:59:46.0546 3760  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:59:46.0570 3760  PptpMiniport - ok
16:59:46.0602 3760  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor      C:\Windows\system32\drivers\processr.sys
16:59:46.0626 3760  Processor - ok
16:59:46.0671 3760  [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc        C:\Windows\system32\profsvc.dll
16:59:46.0697 3760  ProfSvc - ok
16:59:46.0712 3760  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:59:46.0724 3760  ProtectedStorage - ok
16:59:46.0743 3760  [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
16:59:46.0762 3760  PSched - ok
16:59:46.0839 3760  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
16:59:46.0872 3760  ql2300 - ok
16:59:46.0915 3760  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
16:59:46.0924 3760  ql40xx - ok
16:59:46.0969 3760  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
16:59:46.0987 3760  QWAVE - ok
16:59:46.0997 3760  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:59:47.0039 3760  QWAVEdrv - ok
16:59:47.0070 3760  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:59:47.0093 3760  RasAcd - ok
16:59:47.0105 3760  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
16:59:47.0131 3760  RasAuto - ok
16:59:47.0148 3760  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
16:59:47.0190 3760  Rasl2tp - ok
16:59:47.0228 3760  [ AFB474438762F0418060653F7294D92C ] RasMan          C:\Windows\System32\rasmans.dll
16:59:47.0245 3760  RasMan - ok
16:59:47.0260 3760  [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:59:47.0306 3760  RasPppoe - ok
16:59:47.0346 3760  [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
16:59:47.0370 3760  RasSstp - ok
16:59:47.0388 3760  [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
16:59:47.0435 3760  rdbss - ok
16:59:47.0468 3760  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:59:47.0517 3760  RDPCDD - ok
16:59:47.0551 3760  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
16:59:47.0579 3760  rdpdr - ok
16:59:47.0585 3760  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:59:47.0608 3760  RDPENCDD - ok
16:59:47.0626 3760  [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
16:59:47.0660 3760  RDPWD - ok
16:59:47.0716 3760  [ D5F08CC3D19B1C7F49619B9DAD43C0CE ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
16:59:47.0747 3760  Recovery Service for Windows - ok
16:59:47.0803 3760  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:59:47.0828 3760  RemoteAccess - ok
16:59:47.0874 3760  [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:59:47.0926 3760  RemoteRegistry - ok
16:59:48.0004 3760  [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo      C:\Program Files\CyberLink\Shared files\RichVideo.exe
16:59:48.0027 3760  RichVideo ( UnsignedFile.Multi.Generic ) - warning
16:59:48.0027 3760  RichVideo - detected UnsignedFile.Multi.Generic (1)
16:59:48.0055 3760  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
16:59:48.0108 3760  RpcLocator - ok
16:59:48.0225 3760  [ 301AE00E12408650BADDC04DBC832830 ] RpcSs          C:\Windows\system32\rpcss.dll
16:59:48.0329 3760  RpcSs - ok
16:59:48.0480 3760  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:59:48.0504 3760  rspndr - ok
16:59:48.0583 3760  [ 174B9514CD1A0C33CE4BBC02A3C81A62 ] RTL8169        C:\Windows\system32\DRIVERS\Rtlh86.sys
16:59:48.0635 3760  RTL8169 - ok
16:59:48.0657 3760  [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs          C:\Windows\system32\lsass.exe
16:59:48.0669 3760  SamSs - ok
16:59:48.0693 3760  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:59:48.0701 3760  sbp2port - ok
16:59:48.0728 3760  [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:59:48.0771 3760  SCardSvr - ok
16:59:48.0819 3760  [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule        C:\Windows\system32\schedsvc.dll
16:59:48.0888 3760  Schedule - ok
16:59:48.0921 3760  [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc    C:\Windows\System32\certprop.dll
16:59:48.0944 3760  SCPolicySvc - ok
16:59:48.0984 3760  [ 126EA89BCC413EE45E3004FB0764888F ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
16:59:49.0009 3760  sdbus - ok
16:59:49.0043 3760  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:59:49.0075 3760  SDRSVC - ok
16:59:49.0095 3760  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:59:49.0158 3760  secdrv - ok
16:59:49.0189 3760  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
16:59:49.0249 3760  seclogon - ok
16:59:49.0300 3760  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
16:59:49.0325 3760  SENS - ok
16:59:49.0350 3760  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
16:59:49.0417 3760  Serenum - ok
16:59:49.0445 3760  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
16:59:49.0514 3760  Serial - ok
16:59:49.0520 3760  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
16:59:49.0544 3760  sermouse - ok
16:59:49.0580 3760  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:59:49.0607 3760  SessionEnv - ok
16:59:49.0620 3760  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
16:59:49.0665 3760  sffdisk - ok
16:59:49.0692 3760  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:59:49.0739 3760  sffp_mmc - ok
16:59:49.0766 3760  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
16:59:49.0790 3760  sffp_sd - ok
16:59:49.0808 3760  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
16:59:49.0851 3760  sfloppy - ok
16:59:49.0881 3760  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:59:49.0937 3760  SharedAccess - ok
16:59:49.0977 3760  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:59:50.0050 3760  ShellHWDetection - ok
16:59:50.0081 3760  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
16:59:50.0090 3760  sisagp - ok
16:59:50.0115 3760  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
16:59:50.0124 3760  SiSRaid2 - ok
16:59:50.0150 3760  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
16:59:50.0160 3760  SiSRaid4 - ok
16:59:50.0252 3760  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files\Skype\Updater\Updater.exe
16:59:50.0261 3760  SkypeUpdate - ok
16:59:50.0398 3760  [ 0BA91E1358AD25236863039BB2609A2E ] slsvc          C:\Windows\system32\SLsvc.exe
16:59:50.0537 3760  slsvc - ok
16:59:50.0595 3760  [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
16:59:50.0621 3760  SLUINotify - ok
16:59:50.0653 3760  [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
16:59:50.0679 3760  Smb - ok
16:59:50.0721 3760  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:59:50.0733 3760  SNMPTRAP - ok
16:59:50.0746 3760  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
16:59:50.0755 3760  spldr - ok
16:59:50.0802 3760  [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler        C:\Windows\System32\spoolsv.exe
16:59:50.0830 3760  Spooler - ok
16:59:50.0884 3760  [ 2252AEF839B1093D16761189F45AF885 ] srv            C:\Windows\system32\DRIVERS\srv.sys
16:59:50.0945 3760  srv - ok
16:59:50.0975 3760  [ B7FF59408034119476B00A81BB53D5D1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:59:51.0007 3760  srv2 - ok
16:59:51.0031 3760  [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:59:51.0067 3760  srvnet - ok
16:59:51.0103 3760  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
16:59:51.0157 3760  SSDPSRV - ok
16:59:51.0257 3760  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
16:59:51.0298 3760  SstpSvc - ok
16:59:51.0499 3760  [ 05AE358CD777BF8857F512A18E1DE7AA ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
16:59:51.0511 3760  STacSV - ok
16:59:51.0604 3760  [ E69A606872650B46DE54EC15DCC93529 ] STHDA          C:\Windows\system32\DRIVERS\stwrt.sys
16:59:51.0620 3760  STHDA - ok
16:59:51.0688 3760  [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc          C:\Windows\System32\wiaservc.dll
16:59:51.0734 3760  stisvc - ok
16:59:51.0782 3760  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
16:59:51.0791 3760  swenum - ok
16:59:51.0839 3760  [ B36C7CDB86F7F7A8E884479219766950 ] swprv          C:\Windows\System32\swprv.dll
16:59:51.0892 3760  swprv - ok
16:59:51.0897 3760  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
16:59:51.0908 3760  Symc8xx - ok
16:59:51.0932 3760  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
16:59:51.0940 3760  Sym_hi - ok
16:59:51.0956 3760  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
16:59:51.0964 3760  Sym_u3 - ok
16:59:52.0032 3760  [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
16:59:52.0046 3760  SynTP - ok
16:59:52.0072 3760  [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain        C:\Windows\system32\sysmain.dll
16:59:52.0126 3760  SysMain - ok
16:59:52.0186 3760  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:59:52.0236 3760  TabletInputService - ok
16:59:52.0271 3760  [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv        C:\Windows\System32\tapisrv.dll
16:59:52.0334 3760  TapiSrv - ok
16:59:52.0418 3760  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
16:59:52.0461 3760  TBS - ok
16:59:52.0517 3760  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
16:59:52.0552 3760  Tcpip - ok
16:59:52.0570 3760  [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
16:59:52.0598 3760  Tcpip6 - ok
16:59:52.0635 3760  [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:59:52.0697 3760  tcpipreg - ok
16:59:52.0717 3760  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:59:52.0765 3760  TDPIPE - ok
16:59:52.0781 3760  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
16:59:52.0824 3760  TDTCP - ok
16:59:52.0848 3760  [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
16:59:52.0872 3760  tdx - ok
16:59:52.0881 3760  [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
16:59:52.0890 3760  TermDD - ok
16:59:52.0931 3760  [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService    C:\Windows\System32\termsrv.dll
16:59:52.0962 3760  TermService - ok
16:59:52.0988 3760  [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes          C:\Windows\system32\shsvcs.dll
16:59:53.0004 3760  Themes - ok
16:59:53.0021 3760  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
16:59:53.0046 3760  THREADORDER - ok
16:59:53.0057 3760  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
16:59:53.0084 3760  TrkWks - ok
16:59:53.0144 3760  [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:59:53.0193 3760  TrustedInstaller - ok
16:59:53.0257 3760  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:59:53.0281 3760  tssecsrv - ok
16:59:53.0337 3760  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
16:59:53.0359 3760  tunmp - ok
16:59:53.0365 3760  [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:59:53.0377 3760  tunnel - ok
16:59:53.0480 3760  [ BB313AE85EC95B7CB87FC5ED53F3A22B ] TVCapSvc        C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
16:59:53.0491 3760  TVCapSvc - ok
16:59:53.0527 3760  [ 0C66E48654AFD8A6BCFBCE22E7FAB251 ] TVSched        C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
16:59:53.0534 3760  TVSched - ok
16:59:53.0559 3760  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
16:59:53.0568 3760  uagp35 - ok
16:59:53.0592 3760  [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:59:53.0635 3760  udfs - ok
16:59:53.0684 3760  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
16:59:53.0709 3760  UI0Detect - ok
16:59:53.0724 3760  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:59:53.0734 3760  uliagpkx - ok
16:59:53.0760 3760  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci        C:\Windows\system32\drivers\uliahci.sys
16:59:53.0772 3760  uliahci - ok
16:59:53.0799 3760  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
16:59:53.0809 3760  UlSata - ok
16:59:53.0829 3760  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
16:59:53.0839 3760  ulsata2 - ok
16:59:53.0852 3760  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
16:59:53.0876 3760  umbus - ok
16:59:53.0891 3760  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
16:59:53.0921 3760  upnphost - ok
16:59:53.0978 3760  [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
16:59:53.0996 3760  USBAAPL - ok
16:59:54.0029 3760  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
16:59:54.0048 3760  usbccgp - ok
16:59:54.0095 3760  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:59:54.0138 3760  usbcir - ok
16:59:54.0158 3760  [ CEBE90821810E76320155BEBA722FCF9 ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
16:59:54.0183 3760  usbehci - ok
16:59:54.0199 3760  [ CC6B28E4CE39951357963119CE47B143 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:59:54.0247 3760  usbhub - ok
16:59:54.0279 3760  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
16:59:54.0339 3760  usbohci - ok
16:59:54.0361 3760  [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
16:59:54.0403 3760  usbprint - ok
16:59:54.0436 3760  [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:59:54.0460 3760  USBSTOR - ok
16:59:54.0486 3760  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
16:59:54.0504 3760  usbuhci - ok
16:59:54.0574 3760  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
16:59:54.0598 3760  usbvideo - ok
16:59:54.0628 3760  [ 032A0ACC3909AE7215D524E29D536797 ] UxSms          C:\Windows\System32\uxsms.dll
16:59:54.0670 3760  UxSms - ok
16:59:54.0716 3760  [ B13BC395B9D6116628F5AF47E0802AC4 ] vds            C:\Windows\System32\vds.exe
16:59:54.0772 3760  vds - ok
16:59:54.0849 3760  [ 87B06E1F30B749A114F74622D013F8D4 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
16:59:54.0906 3760  vga - ok
16:59:54.0929 3760  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
16:59:54.0973 3760  VgaSave - ok
16:59:55.0005 3760  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
16:59:55.0014 3760  viaagp - ok
16:59:55.0021 3760  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7          C:\Windows\system32\drivers\viac7.sys
16:59:55.0046 3760  ViaC7 - ok
16:59:55.0061 3760  [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C ] viaide          C:\Windows\system32\drivers\viaide.sys
16:59:55.0070 3760  viaide - ok
16:59:55.0087 3760  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:59:55.0096 3760  volmgr - ok
16:59:55.0111 3760  [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
16:59:55.0124 3760  volmgrx - ok
16:59:55.0155 3760  [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
16:59:55.0168 3760  volsnap - ok
16:59:55.0175 3760  [ 587253E09325E6BF226B299774B728A9 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
16:59:55.0186 3760  vsmraid - ok
16:59:55.0228 3760  [ D5FB73D19C46ADE183F968E13F186B23 ] VSS            C:\Windows\system32\vssvc.exe
16:59:55.0279 3760  VSS - ok
16:59:55.0308 3760  [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time        C:\Windows\system32\w32time.dll
16:59:55.0359 3760  W32Time - ok
16:59:55.0406 3760  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
16:59:55.0449 3760  WacomPen - ok
16:59:55.0471 3760  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
16:59:55.0489 3760  Wanarp - ok
16:59:55.0493 3760  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:59:55.0513 3760  Wanarpv6 - ok
16:59:55.0560 3760  [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
16:59:55.0600 3760  wcncsvc - ok
16:59:55.0650 3760  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:59:55.0694 3760  WcsPlugInService - ok
16:59:55.0725 3760  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
16:59:55.0733 3760  Wd - ok
16:59:55.0777 3760  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:59:55.0799 3760  Wdf01000 - ok
16:59:55.0830 3760  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:59:55.0856 3760  WdiServiceHost - ok
16:59:55.0860 3760  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
16:59:55.0886 3760  WdiSystemHost - ok
16:59:55.0926 3760  [ CF9A5F41789B642DB967021DE06A2713 ] WebClient      C:\Windows\System32\webclnt.dll
16:59:55.0941 3760  WebClient - ok
16:59:55.0984 3760  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:59:56.0045 3760  Wecsvc - ok
16:59:56.0061 3760  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
16:59:56.0083 3760  wercplsupport - ok
16:59:56.0117 3760  [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:59:56.0156 3760  WerSvc - ok
16:59:56.0215 3760  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
16:59:56.0228 3760  WinDefend - ok
16:59:56.0235 3760  WinHttpAutoProxySvc - ok
16:59:56.0295 3760  [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
16:59:56.0321 3760  Winmgmt - ok
16:59:56.0372 3760  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM          C:\Windows\system32\WsmSvc.dll
16:59:56.0440 3760  WinRM - ok
16:59:56.0579 3760  [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc        C:\Windows\System32\wlansvc.dll
16:59:56.0665 3760  Wlansvc - ok
16:59:56.0711 3760  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
16:59:56.0762 3760  WmiAcpi - ok
16:59:56.0800 3760  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:59:56.0825 3760  wmiApSrv - ok
16:59:56.0905 3760  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
16:59:56.0989 3760  WMPNetworkSvc - ok
16:59:57.0052 3760  [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:59:57.0105 3760  WPCSvc - ok
16:59:57.0131 3760  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:59:57.0193 3760  WPDBusEnum - ok
16:59:57.0250 3760  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
16:59:57.0268 3760  WpdUsb - ok
16:59:57.0369 3760  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:59:57.0396 3760  WPFFontCache_v0400 - ok
16:59:57.0432 3760  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
16:59:57.0473 3760  ws2ifsl - ok
16:59:57.0518 3760  [ 683DD16B590372F2C9661D277F35E49C ] wscsvc          C:\Windows\System32\wscsvc.dll
16:59:57.0557 3760  wscsvc - ok
16:59:57.0562 3760  WSearch - ok
16:59:57.0642 3760  [ 6298277B73C77FA99106B271A7525163 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:59:57.0726 3760  wuauserv - ok
16:59:57.0797 3760  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:59:57.0822 3760  WUDFRd - ok
16:59:57.0867 3760  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
16:59:57.0894 3760  wudfsvc - ok
16:59:57.0949 3760  [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
16:59:58.0021 3760  yukonwlh - ok
16:59:58.0122 3760  [ BDFDE977F5E88A539187AEF24DED7C40 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
16:59:58.0129 3760  {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
16:59:58.0135 3760  ================ Scan global ===============================
16:59:58.0160 3760  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:59:58.0218 3760  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
16:59:58.0230 3760  [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
16:59:58.0272 3760  [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
16:59:58.0279 3760  [Global] - ok
16:59:58.0279 3760  ================ Scan MBR ==================================
16:59:58.0302 3760  [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
16:59:59.0402 3760  \Device\Harddisk0\DR0 - ok
16:59:59.0402 3760  ================ Scan VBR ==================================
16:59:59.0405 3760  [ A86C8F28B8C84BF7D600823C3363B40C ] \Device\Harddisk0\DR0\Partition1
16:59:59.0407 3760  \Device\Harddisk0\DR0\Partition1 - ok
16:59:59.0426 3760  [ 701942C8BF86C5B69699ACC7552D3306 ] \Device\Harddisk0\DR0\Partition2
16:59:59.0427 3760  \Device\Harddisk0\DR0\Partition2 - ok
16:59:59.0428 3760  ============================================================
16:59:59.0428 3760  Scan finished
16:59:59.0428 3760  ============================================================
16:59:59.0441 5968  Detected object count: 5
16:59:59.0442 5968  Actual detected object count: 5
17:00:12.0871 5968  ezSharedSvc ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:12.0871 5968  ezSharedSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:00:12.0871 5968  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:12.0871 5968  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:00:12.0874 5968  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:12.0874 5968  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:00:12.0876 5968  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:12.0876 5968  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:00:12.0876 5968  RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
17:00:12.0876 5968  RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:01:24.0791 1548  Deinitialize success

cosinus 02.10.2012 11:18
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

tn1982 02.10.2012 16:55
Hallo,

combofix hab ich ausgeführt. Soweit sieht alles gut aus - keine Windows-Fehler erkennbar.

Hier die Logdatei:

Combofix Logfile:
Code:
ComboFix 12-10-02.02 - Katrin 02.10.2012  16:55:30.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.3038.1784 [GMT 2:00]
ausgeführt von:: c:\users\Katrin\Desktop\1_Trojaner\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-02 bis 2012-10-02  ))))))))))))))))))))))))))))))
.
.
2012-10-02 15:05 . 2012-10-02 15:05        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-10-02 15:01 . 2012-10-02 15:01        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F669B0BC-A802-44E0-B2AF-36666B15084C}\offreg.dll
2012-09-30 07:59 . 2012-08-30 08:17        6980552        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F669B0BC-A802-44E0-B2AF-36666B15084C}\mpengine.dll
2012-09-23 18:35 . 2012-09-23 18:35        --------        d-----w-        c:\program files\ESET
2012-09-23 13:52 . 2009-07-14 17:45        38480        ----a-w-        c:\windows\system32\drivers\WdfLdr.sys
2012-09-23 13:52 . 2009-07-14 17:45        445008        ----a-w-        c:\windows\system32\drivers\Wdf01000.sys
2012-09-23 13:09 . 2012-09-23 13:09        --------        d-----w-        c:\program files\Common Files\Skype
2012-09-20 19:35 . 2012-09-20 19:35        --------        d-----w-        c:\users\Katrin\AppData\Roaming\Malwarebytes
2012-09-20 19:35 . 2012-09-20 19:35        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-20 19:35 . 2012-09-20 19:35        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-09-20 19:35 . 2012-09-07 15:04        22856        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-28 17:09 . 2012-06-27 19:14        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-02 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Facebook Update"="c:\users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-29 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-10-14 2299176]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-09-25 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-09-25 189736]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2008-09-24 206120]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-23 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000Core.job
- c:\users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 13:14]
.
2012-09-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000UA.job
- c:\users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-02 13:14]
.
2012-09-27 c:\windows\Tasks\ReclaimerUpdateFiles_Katrin.job
- c:\users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 19:05]
.
2012-09-26 c:\windows\Tasks\ReclaimerUpdateXML_Katrin.job
- c:\users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 19:05]
.
2012-10-02 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Katrin.job
- c:\users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-09-23 19:05]
.
2010-12-18 c:\windows\Tasks\User_Feed_Synchronization-{03C56D98-5866-419D-8803-52877CBEBD6D}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar-Suche - c:\programdata\AOL\ieToolbar\resources\de-DE\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Katrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Katrin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{B4378362-FE6D-408B-82E4-64270E7EE215}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Katrin\AppData\Roaming\Mozilla\Firefox\Profiles\s5o9taw5.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-UCam_Menu - c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdateLBPShortCut - c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdatePSTShortCut - c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdateP2GoShortCut - c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
HKLM-Run-UpdatePDIRShortCut - c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-02 17:06
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
Zeit der Fertigstellung: 2012-10-02  17:14:22
ComboFix-quarantined-files.txt  2012-10-02 15:14
.
Vor Suchlauf: 8 Verzeichnis(se), 136.774.529.024 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 136.445.218.816 Bytes frei
.
- - End Of File - - 9414588F4EE3BD2D73E5F33C306921E2
--- --- ---

cosinus 02.10.2012 20:06
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

tn1982 03.10.2012 15:16
Hallo,

GMER ist mit Fehlermeldung...reagiert nicht mehr mehrfach abgebrochen.

Hier die Logdateien von OSAM und aswMBR:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 14:55:42 on 03.10.2012

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Apple Inc. Safari 5.0.5 (7533.21.1)

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000Core.job" - "Facebook Inc." - C:\Users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe
"FacebookUpdateTaskUserS-1-5-21-1650498633-834099574-219073364-1000UA.job" - "Facebook Inc." - C:\Users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe
"ReclaimerUpdateFiles_Katrin.job" - "RealNetworks, Inc." - C:\Users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
"ReclaimerUpdateXML_Katrin.job" - "RealNetworks, Inc." - C:\Users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe
"RNUpgradeHelperLogonPrompt_Katrin.job" - "RealNetworks, Inc." - C:\Users\Katrin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"hpaccelerometercp.CPL" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ProtectSmart Hard Drive Protection" - "Hewlett-Packard Corporation" - C:\Windows\system32\hpaccelerometercp.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ALSysIO" (ALSysIO) - ? - C:\Users\Katrin\AppData\Local\Temp\ALSysIO.sys  (File not found)
"catchme" (catchme) - ? - C:\Users\Katrin\AppData\Local\Temp\catchme.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"pxdiipob" (pxdiipob) - ? - C:\Users\Katrin\AppData\Local\Temp\pxdiipob.sys  (Hidden registry entry, rootkit activity | File not found)
"{55662437-DA8C-40c0-AADA-2C816A897A49}" ({55662437-DA8C-40c0-AADA-2C816A897A49}) - ? - C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{B1759355-3EEC-4C1E-B0F1-B719FE26E377} "Google Dictionary Compression filter" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\Program Files\Sminst\ShellvRTF.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{0CCA191D-13A6-4E29-B746-314DEE697D83} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader5.ocx / hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
{8100D56A-5661-482C-BEE8-AFECE305D968} "Facebook Photo Uploader 5 Control" - "The Facebook" - C:\Windows\Downloaded Program Files\PhotoUploader55.ocx / hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
{EDFCB7CB-942C-4822-AF14-F0B687409848} "Image Uploader Control" - "Aurigma, Inc." - C:\Windows\Downloaded Program Files\ImageUploader4.ocx / hxxp://www.lokalisten.de/iup/ImageUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
{77BF5300-1474-4EC7-9980-D32B190E9B07} "ClsidExtension" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{77BF5300-1474-4EC7-9980-D32B190E9B07} "Skype" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll
{C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} "Skype add-on (mastermind)" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Katrin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Facebook Update" - "Facebook Inc." - "C:\Users\Katrin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"HPAdvisor" - "Hewlett-Packard" - C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
"LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"CLMLServer for HP TouchSmart" - "CyberLink" - "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
"DVDAgent" - "CyberLink Corp." - "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
"HP Health Check Scheduler" - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
"QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SmartMenu" - "Hewlett-Packard" - %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"TSMAgent" - "CyberLink Corp." - "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
"TVAgent" - "CyberLink Corp." - "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE
"Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll
"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard" - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Recovery Service for Windows" (Recovery Service for Windows) - ? - C:\Program Files\SMINST\BLService.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"TV Background Capture Service (TVBCS)" (TVCapSvc) - ? - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
"TV Task Scheduler (TVTS)" (TVSched) - ? - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]


Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-03 14:56:48
-----------------------------
14:56:48.884    OS Version: Windows 6.0.6001 Service Pack 1
14:56:48.885    Number of processors: 2 586 0x170A
14:56:48.887    ComputerName: KATRIN-PC  UserName: Katrin
14:56:51.111    Initialize success
14:59:24.079    AVAST engine defs: 12100301
15:00:13.707    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:00:13.712    Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 3
15:00:13.729    Disk 0 MBR read successfully
15:00:13.732    Disk 0 MBR scan
15:00:13.737    Disk 0 unknown MBR code
15:00:13.740    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      294391 MB offset 63
15:00:13.774    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        10850 MB offset 602914816
15:00:13.782    Disk 0 scanning sectors +625135616
15:00:13.851    Disk 0 scanning C:\Windows\system32\drivers
15:00:29.530    Service scanning
15:00:55.084    Modules scanning
15:01:06.289    Disk 0 trace - called modules:
15:01:06.312    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys ataport.SYS PCIIDEX.SYS msahci.sys tcpip.sys NETIO.SYS dxgkrnl.sys nvlddmkm.sys
15:01:06.318    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8685f580]
15:01:06.323    3 CLASSPNP.SYS[805cf745] -> nt!IofCallDriver -> [0x8685fc48]
15:01:06.329    5 hpdskflt.sys[8b5a4f92] -> nt!IofCallDriver -> [0x85531850]
15:01:06.334    7 acpi.sys[806906a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85f28398]
15:01:08.101    AVAST engine scan C:\Windows
15:01:13.980    AVAST engine scan C:\Windows\system32
15:04:49.290    AVAST engine scan C:\Windows\system32\drivers
15:05:12.005    AVAST engine scan C:\Users\Katrin
16:02:50.487    AVAST engine scan C:\ProgramData
16:07:31.167    Scan finished successfully
16:11:06.754    Disk 0 MBR has been saved successfully to "C:\Users\Katrin\Desktop\1_Trojaner\MBR.dat"
16:11:06.760    The log file has been saved successfully to "C:\Users\Katrin\Desktop\1_Trojaner\aswMBR.txt"

cosinus 03.10.2012 19:34
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

tn1982 05.10.2012 20:45
Hallo,

fixMBR hab ich ausgeführt und das System nochmal gescannt. Hier das Logfile:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-05 20:13:39
-----------------------------
20:13:39.261    OS Version: Windows 6.0.6001 Service Pack 1
20:13:39.261    Number of processors: 2 586 0x170A
20:13:39.262    ComputerName: KATRIN-PC  UserName: Katrin
20:13:41.150    Initialize success
20:13:49.181    AVAST engine defs: 12100501
20:14:11.902    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:14:11.905    Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 3
20:14:11.952    Disk 0 MBR read successfully
20:14:11.956    Disk 0 MBR scan
20:14:11.964    Disk 0 Windows VISTA default MBR code
20:14:11.970    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS      294391 MB offset 63
20:14:12.009    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        10850 MB offset 602914816
20:14:12.018    Disk 0 scanning sectors +625135616
20:14:12.085    Disk 0 scanning C:\Windows\system32\drivers
20:14:23.272    Service scanning
20:14:52.400    Modules scanning
20:15:00.987    Disk 0 trace - called modules:
20:15:01.023    ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll acpi.sys ataport.SYS PCIIDEX.SYS msahci.sys
20:15:01.028    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8674e480]
20:15:01.033    3 CLASSPNP.SYS[805cd745] -> nt!IofCallDriver -> [0x8674ec48]
20:15:01.038    5 hpdskflt.sys[8b5b3f92] -> nt!IofCallDriver -> [0x85f90870]
20:15:01.043    7 acpi.sys[8068d6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8552f8e0]
20:15:02.802    AVAST engine scan C:\Windows
20:15:07.614    AVAST engine scan C:\Windows\system32
20:19:24.107    AVAST engine scan C:\Windows\system32\drivers
20:20:02.511    AVAST engine scan C:\Users\Katrin
21:21:09.542    AVAST engine scan C:\ProgramData
21:26:26.469    Scan finished successfully
21:40:03.621    Disk 0 MBR has been saved successfully to "C:\Users\Katrin\Desktop\1_Trojaner\MBR.dat"
21:40:03.628    The log file has been saved successfully to "C:\Users\Katrin\Desktop\1_Trojaner\aswMBR.txt"
Vielen Dank

NB

cosinus 07.10.2012 03:52
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

tn1982 09.10.2012 20:34
Hallo,

habe zwischenzeitlich auch den CCleaner laufen lassen, hier die Logfiles von Antimalware und SuperantiSpyware:

Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.09.09

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Katrin :: KATRIN-PC [Administrator]

09.10.2012 19:11:56
mbam-log-2012-10-09 (19-11-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 468204
Laufzeit: 2 Stunde(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
SUPERAntiSpyware Scann-Protokoll
hxxp://www.superantispyware.com

Generiert 10/09/2012 bei 06:53 PM

Version der Applikation : 5.6.1008

Version der Kern-Datenbank : 9366
Version der Spur-Datenbank : 7178

Scan Art      : kompletter Scann
Totale Scann-Zeit : 02:38:38

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 1 (Build 6.00.6001)
UAC On - Administrator

Gescannte Speicherelemente  : 688
Erfasste Speicher-Bedrohungen  : 0
Gescannte Register-Elemente  : 37576
Erfasste Register-Bedrohungen  : 0
Gescannte Datei-Elemente    : 241795
Erfasste Datei-Elemente  : 0
Gruß

NB

cosinus 09.10.2012 20:37
Keine Funde! :daumenhoc

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

tn1982 11.10.2012 15:11
Hallo,

keine weiteren Unregelmäßigkeiten feststellbar.

Ist mit dieser defogger noch was zu beachten, virtuelle Laufwerke hab ich keine eingebunden ?

Auf jeden Fall nochmal vielen Dank für die kompetente Hilfe

Gruß

NB

cosinus 11.10.2012 15:41
wenn du eh keine virtuellen Laufwerke hast kannst das mit dem defogger ignorieren

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:25 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19