phishing und trojaner

#1 Hallo,

ich war gerade auf dem online portal meiner bank und wurde aufgefordert diverse Tan nummern einzugeben. Hab dann bei der Bank angerufen und die haben mir mitgeteilt dass das eine phishing seite ist und ich wahrscheinlich einen trojaner drauf hab.

ich hab jetzt einen scan mit sophos gemacht und die logfiles von OTL

OTL.txt

Code

OTL logfile created on: 06.09.2010 11:30:53 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Florian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 171,82 Gb Total Space | 83,19 Gb Free Space | 48,41% Space Free | Partition Type: NTFS
Drive D: | 114,55 Gb Total Space | 89,82 Gb Free Space | 78,41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FLO
Current User Name: Florian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavProgress.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE (VIA)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\javaougc.dll ()
MOD - C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IPSECSHM) -- C:\Windows\System32\DRIVERS\ipsecw2k.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (ASUSProcObsrv) -- E:\I386\AsProcOb.sys File not found
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (BazisVirtualCDBus) -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SRS_PremiumSound_Service) -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynasUSB) -- C:\Windows\System32\drivers\synasUSB.sys (SIA Syncrosoft)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.n-tv.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.n-tv.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.02 13:09:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.24 03:11:17 | 000,000,000 | ---D | M]
 
[2010.04.10 04:40:55 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions
[2010.04.10 06:20:21 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\d1bpydfq.default\extensions
[2010.04.10 04:46:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\d1bpydfq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.04.10 04:44:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\d1bpydfq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.06 10:44:46 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\tlx3r7tp.default\extensions
[2010.04.11 06:33:36 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\tlx3r7tp.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.08.18 23:07:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\tlx3r7tp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.06 10:44:46 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.07.28 15:25:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.28 15:25:41 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.28 15:25:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.28 15:25:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.28 15:25:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.197 213.191.74.19 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0401a265-9f06-11df-8035-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{0401a265-9f06-11df-8035-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found
O33 - MountPoints2\{0401a26a-9f06-11df-8035-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{0401a26a-9f06-11df-8035-90e6ba12a779}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{10dfd725-6ede-11df-b4f1-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{10dfd725-6ede-11df-b4f1-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\StartUp.exe -- File not found
O33 - MountPoints2\{1c0cbfd9-5d23-11df-a4e7-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{1c0cbfd9-5d23-11df-a4e7-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found
O33 - MountPoints2\{1c0cbfda-5d23-11df-a4e7-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{1c0cbfda-5d23-11df-a4e7-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found
O33 - MountPoints2\{28f0bda1-8998-11df-bae7-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{28f0bda1-8998-11df-bae7-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\StartUp.exe -- File not found
O33 - MountPoints2\{71e2a658-6ca3-11df-a385-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{71e2a658-6ca3-11df-a385-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\FahrenheitAutoRun.exe -- File not found
O33 - MountPoints2\{71e2a65a-6ca3-11df-a385-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{71e2a65a-6ca3-11df-a385-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\FahrenheitAutoRun.exe -- File not found
O33 - MountPoints2\{71e2a65c-6ca3-11df-a385-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{71e2a65c-6ca3-11df-a385-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\FahrenheitAutoRun.exe -- File not found
O33 - MountPoints2\{85fce837-9d73-11df-8753-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{85fce837-9d73-11df-8753-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\Installer.exe -- File not found
O33 - MountPoints2\{a46171b7-451f-11df-8823-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{a46171b7-451f-11df-8823-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\{a46171b7-451f-11df-8823-90e6ba12a779}\Shell\configure\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\{a46171b7-451f-11df-8823-90e6ba12a779}\Shell\install\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\{d43700d7-9daf-11df-8928-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{d43700d7-9daf-11df-8928-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\Installer.exe -- File not found
O33 - MountPoints2\{d8f86db7-5d37-11df-b497-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{d8f86db7-5d37-11df-b497-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\FileRgn.exe -- File not found
O33 - MountPoints2\{eb9399d9-61ac-11df-bf19-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{eb9399d9-61ac-11df-bf19-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: lprenify - (C:\Windows\javaougc.dll) - C:\Windows\javaougc.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.09.06 11:29:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2010.08.31 00:11:48 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Windows Server
[2010.08.19 14:11:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.08.11 20:43:47 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010.08.11 18:05:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 18:05:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 18:05:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 18:05:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 18:05:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 18:05:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 18:05:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 18:05:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 18:05:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 18:05:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 18:05:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 18:05:08 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 18:05:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 18:05:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 18:05:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 18:05:07 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 18:04:59 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 18:04:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 18:04:55 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 18:04:55 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.07 20:23:48 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\skypePM
[2010.08.07 20:21:08 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Skype
[2010.08.07 20:20:36 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.08.07 20:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.08.07 20:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.04.10 13:57:04 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Florian\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Florian\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Florian\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Florian\AppData\Local\bass.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.09.06 11:30:18 | 002,097,152 | -HS- | M] () -- C:\Users\Florian\ntuser.dat
[2010.09.06 11:29:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2010.09.06 09:54:05 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010.09.06 09:51:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.06 09:51:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.06 09:51:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.06 09:51:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.06 01:51:26 | 000,524,288 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.06 01:51:26 | 000,065,536 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.04 17:25:59 | 000,372,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.03 14:45:26 | 002,491,378 | -H-- | M] () -- C:\Users\Florian\AppData\Local\IconCache.db
[2010.09.03 13:14:00 | 000,001,523 | ---- | M] () -- C:\Users\Florian\AppData\Local\RecConfig.xml
[2010.09.02 14:04:54 | 000,046,592 | -H-- | M] () -- C:\Windows\javaougc.dll
[2010.09.02 04:55:24 | 000,046,592 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.02 04:52:02 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.02 04:52:01 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.02 04:52:01 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.02 04:52:00 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.02 04:51:59 | 001,427,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 19:34:23 | 000,011,311 | ---- | M] () -- C:\Users\Florian\Documents\Mietvertrag Kündigung.docx
[2010.09.01 14:50:02 | 000,046,592 | -H-- | M] () -- C:\Windows\System32\javaougc.dll
[2010.08.28 15:02:42 | 000,010,338 | ---- | M] () -- C:\Users\Florian\Desktop\Microsoft Office Word-Dokument (neu).docx
[2010.08.24 22:10:05 | 000,019,456 | ---- | M] () -- C:\Users\Florian\AppData\Local\WebpageIcons.db
[2010.08.22 13:41:20 | 000,446,303 | ---- | M] () -- C:\Users\Florian\Desktop\EMA - Biowaiver Giudance.pdf
[2010.08.19 14:59:45 | 000,019,702 | ---- | M] () -- C:\Users\Florian\Desktop\eb27c7666d282cbfaa62530dbdec1ffb.pdf
[2010.08.12 18:16:07 | 000,348,116 | ---- | M] () -- C:\Users\Florian\Desktop\C19111.pdf
[2010.08.12 13:09:56 | 000,707,344 | ---- | M] () -- C:\Users\Florian\Desktop\BE462lect05.pdf
[2010.08.11 20:31:28 | 000,085,835 | ---- | M] () -- C:\Users\Florian\Desktop\WC500003664.pdf
[2010.08.07 20:23:49 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.07 20:20:37 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.09.02 14:04:54 | 000,046,592 | -H-- | C] () -- C:\Windows\javaougc.dll
[2010.09.01 14:50:02 | 000,046,592 | -H-- | C] () -- C:\Windows\System32\javaougc.dll
[2010.08.28 15:00:51 | 000,010,338 | ---- | C] () -- C:\Users\Florian\Desktop\Microsoft Office Word-Dokument (neu).docx
[2010.08.23 15:48:22 | 000,011,311 | ---- | C] () -- C:\Users\Florian\Documents\Mietvertrag Kündigung.docx
[2010.08.22 13:27:31 | 000,446,303 | ---- | C] () -- C:\Users\Florian\Desktop\EMA - Biowaiver Giudance.pdf
[2010.08.19 14:59:45 | 000,019,702 | ---- | C] () -- C:\Users\Florian\Desktop\eb27c7666d282cbfaa62530dbdec1ffb.pdf
[2010.08.12 18:16:06 | 000,348,116 | ---- | C] () -- C:\Users\Florian\Desktop\C19111.pdf
[2010.08.12 13:09:56 | 000,707,344 | ---- | C] () -- C:\Users\Florian\Desktop\BE462lect05.pdf
[2010.08.11 20:31:28 | 000,085,835 | ---- | C] () -- C:\Users\Florian\Desktop\WC500003664.pdf
[2010.08.07 20:23:49 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.07 20:20:37 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.04 02:07:51 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.06.25 03:22:12 | 000,001,523 | ---- | C] () -- C:\Users\Florian\AppData\Local\RecConfig.xml
[2010.06.13 19:26:10 | 000,019,456 | ---- | C] () -- C:\Users\Florian\AppData\Local\WebpageIcons.db
[2010.06.08 17:16:25 | 000,016,555 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\AllChars.xml
[2010.06.08 17:16:25 | 000,000,000 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\AllChars-example.xml
[2010.05.14 19:04:16 | 000,230,952 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys
[2010.05.11 21:57:58 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.05.11 21:57:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.04.11 22:37:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.04.10 16:52:24 | 000,046,592 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.10 04:33:31 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.04.10 04:23:56 | 000,000,680 | ---- | C] () -- C:\Users\Florian\AppData\Local\d3d9caps.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Florian\AppData\Local\lame_enc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Florian\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Florian\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Florian\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Florian\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Florian\AppData\Local\no23xwrapper.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.09.06 11:13:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ICQ
[2010.09.06 01:51:29 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

Extras.txt

Code

OTL Extras logfile created on: 06.09.2010 11:30:53 - Run 1
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Florian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 171,82 Gb Total Space | 83,19 Gb Free Space | 48,41% Space Free | Partition Type: NTFS
Drive D: | 114,55 Gb Total Space | 89,82 Gb Free Space | 78,41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FLO
Current User Name: Florian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C6C2768-2E42-4D19-992C-270A7867EAD9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1F286C55-B96A-455C-9AA0-BFAF3C27F8BC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2255CF83-4B01-4038-8CB5-DD98EAE494E5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{43855BE4-4B6D-4B08-9220-3CA9FDAFC4FD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{50D27A6A-F23A-44D4-8D58-56DD665CABFF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{535A9A9F-1E75-466F-8DF5-BB805C607F4E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6B74A950-9B91-4B3B-B671-36E14DE351DC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8314B776-6B6E-4E98-A88A-B86516A0B0BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{89191F5D-8581-4058-8C3F-2E501499B9DD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{8C944007-B5CB-4D9A-85A5-AD427C98538A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A17A6E72-268E-42CD-B9EF-EA5688CDBC58}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A4ECC4EB-8A5C-4E5B-A543-CC3853828673}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B589913C-BCDE-47CF-91CB-227769A2BB0A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B93EB3E0-F9D5-436D-B2C7-1DD2621089C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D3033F6C-C0E2-4382-9C35-7706B9ADDE53}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D41A20F8-71D3-4047-8CCB-191AF41D81FF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E0DD1CD5-C57B-499F-BA09-D3210094DCA1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ED8FB0F8-3666-4839-B99D-0EA6EE49DB6D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F72BAC3B-2B4B-4955-81DE-3399CEE61732}" = lport=138 | protocol=17 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061EF0EE-BB44-411A-9031-1E97BE3B38BF}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{0DB8EDC2-A6DF-4A6B-9403-796705628E29}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{0FD8DFDC-FFD3-4051-B24E-1513F0D4C234}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{1BBBE238-91BE-4602-A76C-C472FB381972}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{1F3CE820-22BF-4EF6-BA7E-0A6CB243D3DB}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{21E1CE64-F006-465C-8873-9C61CB71C187}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{48998FD9-85A5-4457-8411-78E1C1DA9271}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{4C4BC29B-2A37-4C22-9A39-06319DB7752E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{51E04342-2453-4CDD-84E1-8410F4725F16}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{546CACB6-2D69-497B-9A16-FA7B0BB6F67D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5D7E6E90-AF91-4542-82D8-A415FED2EE34}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E76DB1F-6ADD-4EB9-B4ED-0728856CCDAB}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{7D4C32FF-9C49-4F4D-8813-633C3735A49F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{82DD96E3-674F-44EE-B119-6CD73541ED0F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{8DFB17F8-F818-4465-9947-499755539D1D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{985E4178-46A6-45AA-8B50-5178781F0D45}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{9DDF9B91-068B-4950-A924-1FB8D3C786AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A40A1C5D-FAA7-453A-AEF7-895B0EFBD7E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B54FFA30-B38E-4866-9415-1FDA0EDB2A8A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D37C443D-D512-44E8-8E50-4FB2AE1BCFAD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D3C5239D-8B55-4275-99D9-F427CB43B2BC}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{D6B52804-16B1-408C-B241-65FB3F847B5E}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{DFEB449C-275E-4523-A58C-EC32D053E4C7}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{ED2F5C14-0DE9-4E62-88FE-D0BFA9BA4F21}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{EFC99F33-AD97-40FA-93EA-E39C9FD548C0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{F14DCCD8-4D78-471E-A8A3-1AAE257499A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F2B33BA3-46B4-4B33-9B83-B32EBB5F0335}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{F8F5B4E6-422F-40FF-B54D-16154451923C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F90F194B-FF9D-454F-BEC3-A300878A139F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{FBB44444-CC62-40E2-B279-31BD6DBD5ECE}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{076CB3E5-AF79-4356-9F1E-1EDD0CE8C151}C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
"TCP Query User{43E0C4F7-A3BC-4F1C-ACB3-B2CC5319645F}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{AB974237-6BC8-442A-8A1A-41B4D52BD31C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{EACB17F8-C190-4AA7-BA22-3F37B798DC75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{EB609D36-BFEC-467F-A261-31810D499E60}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{43ABE705-E88A-45F5-8389-3CC12BCFB96D}C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
"UDP Query User{9829E1BE-BE34-4714-B423-33D649978EF4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{DEAB7CD3-711C-49BB-9569-66EB41F8E2FA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{ED9191EF-79EC-4348-BEEF-365029D85318}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{F1D37A8E-6BC8-4867-88D7-E409AAF44F89}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"apulSoft apEQ" = apulSoft apEQ
"ASIO4ALL" = ASIO4ALL
"CCleaner" = CCleaner
"CVPiano-Modeled" = CVPiano-Modeled
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"JDownloader" = JDownloader
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"PoiZone" = PoiZone
"RealPlayer 12.0" = RealPlayer
"Sakura" = Sakura
"Sawer" = Sawer
"sfArk" = sfArk
"sfArkXTc" = sfArkXTc
"SpellForce" = SpellForce
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"Toxic Biohazard" = Toxic Biohazard
"TVWiz" = Intel(R) TV Wizard
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinCDEmu" = WinCDEmu
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 03.09.2010 06:05:04 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:04 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
[ OSession Events ]
Error - 19.05.2010 09:02:16 | Computer Name = Flo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.06.2010 12:03:34 | Computer Name = Flo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.07.2010 18:24:13 | Computer Name = Flo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.08.2010 17:55:32 | Computer Name = Flo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 372
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.08.2010 18:07:56 | Computer Name = Flo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.09.2010 22:32:55 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 02.09.2010 06:02:29 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 02.09.2010 10:04:51 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 02.09.2010 20:36:20 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 03.09.2010 05:34:18 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 04.09.2010 11:26:57 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 05.09.2010 03:59:04 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 05.09.2010 13:40:24 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 05.09.2010 18:03:27 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 06.09.2010 03:53:04 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

Sophos hat 2 Sachen gefunden, hier die Speicherorte

Code

C:\Users\Florian\AppData\Local\Temp\0.22265947006406595.exe
C:\Users\Florian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1a3682d0-220ae06e

Ich habe versucht das gmer rootkit auszuführen, das ist aber während dem Scan abgestürzt.

Das Betriebssystem ist Vista 32 bit
Ich habe vor ca. 2 Wochen bei der Wohnungssuche via google verschiedene Seiten angeklickt, dabei wurde ich dann auf Seiten weitergeleitet die irgendwie versucht haben mir Viren Scans anzudrehen und erzählt haben mein System sei nicht sicher.

Der Pc läuft ansonsten aber normal.

Ich hoffe ihr könnt mir helfen, vielen Dank schonmal.

Viele Grüße,

shivva

#2 Hi,

Wichtig: Bitte alle Programme, die wir einsetzen, jetzt und später mit Rechtsklick "Als Administrator" starten.

1. Starte bitte OTL, kopiere unten in das Script-Feld rein:

Zitat

:OTL
MOD - C:\Windows\javaougc.dll ()
O33 - MountPoints2\{0401a265-9f06-11df-8035-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{0401a265-9f06-11df-8035-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found
O33 - MountPoints2\{0401a26a-9f06-11df-8035-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{0401a26a-9f06-11df-8035-90e6ba12a779}\Shell\AutoRun\command - "" = F:\AUTORUN.EXE -- File not found
O33 - MountPoints2\{10dfd725-6ede-11df-b4f1-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{10dfd725-6ede-11df-b4f1-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\StartUp.exe -- File not found
O33 - MountPoints2\{1c0cbfd9-5d23-11df-a4e7-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{1c0cbfd9-5d23-11df-a4e7-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found
O33 - MountPoints2\{1c0cbfda-5d23-11df-a4e7-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{1c0cbfda-5d23-11df-a4e7-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found
O33 - MountPoints2\{28f0bda1-8998-11df-bae7-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{28f0bda1-8998-11df-bae7-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\StartUp.exe -- File not found
O33 - MountPoints2\{71e2a658-6ca3-11df-a385-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{71e2a658-6ca3-11df-a385-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\FahrenheitAutoRun.exe -- File not found
O33 - MountPoints2\{71e2a65a-6ca3-11df-a385-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{71e2a65a-6ca3-11df-a385-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\FahrenheitAutoRun.exe -- File not found
O33 - MountPoints2\{71e2a65c-6ca3-11df-a385-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{71e2a65c-6ca3-11df-a385-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\FahrenheitAutoRun.exe -- File not found
O33 - MountPoints2\{85fce837-9d73-11df-8753-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{85fce837-9d73-11df-8753-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\Installer.exe -- File not found
O33 - MountPoints2\{a46171b7-451f-11df-8823-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{a46171b7-451f-11df-8823-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\{a46171b7-451f-11df-8823-90e6ba12a779}\Shell\configure\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\{a46171b7-451f-11df-8823-90e6ba12a779}\Shell\install\command - "" = Z:\SETUP.EXE -- File not found
O33 - MountPoints2\{d43700d7-9daf-11df-8928-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{d43700d7-9daf-11df-8928-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\Installer.exe -- File not found
O33 - MountPoints2\{d8f86db7-5d37-11df-b497-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{d8f86db7-5d37-11df-b497-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\FileRgn.exe -- File not found
O33 - MountPoints2\{eb9399d9-61ac-11df-bf19-90e6ba12a779}\Shell - "" = AutoRun
O33 - MountPoints2\{eb9399d9-61ac-11df-bf19-90e6ba12a779}\Shell\AutoRun\command - "" = Z:\setup.exe -- File not found
O36 - AppCertDlls: lprenify - (C:\Windows\javaougc.dll) - C:\Windows\javaougc.dll ()
[2010.08.11 20:43:47 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010.09.02 14:04:54 | 000,046,592 | -H-- | C] () -- C:\Windows\javaougc.dll
[2010.09.01 14:50:02 | 000,046,592 | -H-- | C] () -- C:\Windows\System32\javaougc.dll


:Commands
[purity]
[emptytemp]
[emptyflash]

und klicke auf Run Fix. Unter Umständen ist ein Neustart notwendig. Poste bitte das Fix Log.

2. Malwarebytes
http://www.malwarebytes.org/affiliates/g2g/mbam-setup.exe
Malwarebytes bitte installieren, aktualisieren, einen Quick Scan durchführen, evt. Funde entfernen lassen und das Log posten.

3. RootRepeal
http://sites.google.com/site/rootrepeal/
Starte RootRepeal.
Beende alle anderen Programme.
Gehe unten auf den Reiter Report.
Klicke auf Scan.
Setze alle Häkchen.
Bestätige mit OK.
Falls gefragt, wähle Laufwerk C:
Bestätige mit OK.
Am Ende des Scans wird ein Log eingeblendet, poste es bitte.

#3 Vielen Dank für die schnelle Antwort.

Als erstes die log von Malwarebytes:

Code

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4554

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

06.09.2010 13:31:38
mbam-log-2010-09-06 (13-31-38).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 144142
Laufzeit: 6 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Die log für OTL hat sich geschlossen, als Malwarebytes einen Neustart gemacht hat. Da ich die log jetzt nicht mehr wiederfinde, mach ich noch mal einen Scan wie am Anfang und poste das log davon, hoffe das ist okay.

OTL.txt

Code

OTL logfile created on: 06.09.2010 17:20:00 - Run 3
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Florian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 171,82 Gb Total Space | 83,30 Gb Free Space | 48,48% Space Free | Partition Type: NTFS
Drive D: | 114,55 Gb Total Space | 89,82 Gb Free Space | 78,41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FLO
Current User Name: Florian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE (VIA)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IPSECSHM) -- C:\Windows\System32\DRIVERS\ipsecw2k.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (ASUSProcObsrv) -- E:\I386\AsProcOb.sys File not found
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (BazisVirtualCDBus) -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SRS_PremiumSound_Service) -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynasUSB) -- C:\Windows\System32\drivers\synasUSB.sys (SIA Syncrosoft)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.n-tv.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.n-tv.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.02 13:09:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.24 03:11:17 | 000,000,000 | ---D | M]
 
[2010.04.10 04:40:55 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions
[2010.04.10 06:20:21 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\d1bpydfq.default\extensions
[2010.04.10 04:46:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\d1bpydfq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.04.10 04:44:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\d1bpydfq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.06 10:44:46 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\tlx3r7tp.default\extensions
[2010.04.11 06:33:36 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\tlx3r7tp.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.08.18 23:07:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\tlx3r7tp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.06 10:44:46 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.07.28 15:25:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.28 15:25:41 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.28 15:25:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.28 15:25:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.28 15:25:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.109.123.197 213.191.74.19 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.09.06 13:24:47 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010.09.06 13:24:10 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Malwarebytes
[2010.09.06 13:24:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.06 13:24:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.06 13:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.06 13:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.06 13:20:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.09.06 11:29:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2010.08.31 00:11:48 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\Windows Server
[2010.08.19 14:11:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.08.11 18:05:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 18:05:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 18:05:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 18:05:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 18:05:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 18:05:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 18:05:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 18:05:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 18:05:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 18:05:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 18:05:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 18:05:08 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 18:05:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 18:05:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 18:05:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 18:05:07 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 18:04:59 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 18:04:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 18:04:55 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 18:04:55 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.07 20:23:48 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\skypePM
[2010.08.07 20:21:08 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Skype
[2010.08.07 20:20:36 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.08.07 20:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.08.07 20:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.04.10 13:57:04 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Florian\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Florian\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Florian\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Florian\AppData\Local\bass.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.09.06 17:19:38 | 002,097,152 | -HS- | M] () -- C:\Users\Florian\ntuser.dat
[2010.09.06 17:17:37 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010.09.06 17:14:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.06 17:14:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.06 17:14:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.06 17:14:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.06 15:15:50 | 000,524,288 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.06 15:15:50 | 000,065,536 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.06 15:15:34 | 002,493,640 | -H-- | M] () -- C:\Users\Florian\AppData\Local\IconCache.db
[2010.09.06 13:24:04 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.06 11:29:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2010.09.04 17:25:59 | 000,372,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.03 13:14:00 | 000,001,523 | ---- | M] () -- C:\Users\Florian\AppData\Local\RecConfig.xml
[2010.09.02 04:55:24 | 000,046,592 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.02 04:52:02 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.02 04:52:01 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.02 04:52:01 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.02 04:52:00 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.02 04:51:59 | 001,427,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 19:34:23 | 000,011,311 | ---- | M] () -- C:\Users\Florian\Documents\Mietvertrag Kündigung.docx
[2010.08.28 15:02:42 | 000,010,338 | ---- | M] () -- C:\Users\Florian\Desktop\Microsoft Office Word-Dokument (neu).docx
[2010.08.24 22:10:05 | 000,019,456 | ---- | M] () -- C:\Users\Florian\AppData\Local\WebpageIcons.db
[2010.08.22 13:41:20 | 000,446,303 | ---- | M] () -- C:\Users\Florian\Desktop\EMA - Biowaiver Giudance.pdf
[2010.08.19 14:59:45 | 000,019,702 | ---- | M] () -- C:\Users\Florian\Desktop\eb27c7666d282cbfaa62530dbdec1ffb.pdf
[2010.08.12 18:16:07 | 000,348,116 | ---- | M] () -- C:\Users\Florian\Desktop\C19111.pdf
[2010.08.12 13:09:56 | 000,707,344 | ---- | M] () -- C:\Users\Florian\Desktop\BE462lect05.pdf
[2010.08.11 20:31:28 | 000,085,835 | ---- | M] () -- C:\Users\Florian\Desktop\WC500003664.pdf
[2010.08.07 20:23:49 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.07 20:20:37 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.09.06 13:24:04 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.28 15:00:51 | 000,010,338 | ---- | C] () -- C:\Users\Florian\Desktop\Microsoft Office Word-Dokument (neu).docx
[2010.08.23 15:48:22 | 000,011,311 | ---- | C] () -- C:\Users\Florian\Documents\Mietvertrag Kündigung.docx
[2010.08.22 13:27:31 | 000,446,303 | ---- | C] () -- C:\Users\Florian\Desktop\EMA - Biowaiver Giudance.pdf
[2010.08.19 14:59:45 | 000,019,702 | ---- | C] () -- C:\Users\Florian\Desktop\eb27c7666d282cbfaa62530dbdec1ffb.pdf
[2010.08.12 18:16:06 | 000,348,116 | ---- | C] () -- C:\Users\Florian\Desktop\C19111.pdf
[2010.08.12 13:09:56 | 000,707,344 | ---- | C] () -- C:\Users\Florian\Desktop\BE462lect05.pdf
[2010.08.11 20:31:28 | 000,085,835 | ---- | C] () -- C:\Users\Florian\Desktop\WC500003664.pdf
[2010.08.07 20:23:49 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.08.07 20:20:37 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.04 02:07:51 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.06.25 03:22:12 | 000,001,523 | ---- | C] () -- C:\Users\Florian\AppData\Local\RecConfig.xml
[2010.06.13 19:26:10 | 000,019,456 | ---- | C] () -- C:\Users\Florian\AppData\Local\WebpageIcons.db
[2010.06.08 17:16:25 | 000,016,555 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\AllChars.xml
[2010.06.08 17:16:25 | 000,000,000 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\AllChars-example.xml
[2010.05.14 19:04:16 | 000,230,952 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys
[2010.05.11 21:57:58 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.05.11 21:57:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.04.11 22:37:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.04.10 16:52:24 | 000,046,592 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.10 04:33:31 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.04.10 04:23:56 | 000,000,680 | ---- | C] () -- C:\Users\Florian\AppData\Local\d3d9caps.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Florian\AppData\Local\lame_enc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Florian\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Florian\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Florian\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Florian\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Florian\AppData\Local\no23xwrapper.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.09.06 11:13:38 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ICQ
[2010.09.06 15:16:05 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

Extras.txt

Code

OTL Extras logfile created on: 06.09.2010 17:20:00 - Run 3
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Florian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 171,82 Gb Total Space | 83,30 Gb Free Space | 48,48% Space Free | Partition Type: NTFS
Drive D: | 114,55 Gb Total Space | 89,82 Gb Free Space | 78,41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FLO
Current User Name: Florian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C6C2768-2E42-4D19-992C-270A7867EAD9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{1F286C55-B96A-455C-9AA0-BFAF3C27F8BC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2255CF83-4B01-4038-8CB5-DD98EAE494E5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{43855BE4-4B6D-4B08-9220-3CA9FDAFC4FD}" = rport=137 | protocol=17 | dir=out | app=system | 
"{50D27A6A-F23A-44D4-8D58-56DD665CABFF}" = lport=445 | protocol=6 | dir=in | app=system | 
"{535A9A9F-1E75-466F-8DF5-BB805C607F4E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6B74A950-9B91-4B3B-B671-36E14DE351DC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8314B776-6B6E-4E98-A88A-B86516A0B0BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{89191F5D-8581-4058-8C3F-2E501499B9DD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{8C944007-B5CB-4D9A-85A5-AD427C98538A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A17A6E72-268E-42CD-B9EF-EA5688CDBC58}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A4ECC4EB-8A5C-4E5B-A543-CC3853828673}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B589913C-BCDE-47CF-91CB-227769A2BB0A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{B93EB3E0-F9D5-436D-B2C7-1DD2621089C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D3033F6C-C0E2-4382-9C35-7706B9ADDE53}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D41A20F8-71D3-4047-8CCB-191AF41D81FF}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E0DD1CD5-C57B-499F-BA09-D3210094DCA1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{ED8FB0F8-3666-4839-B99D-0EA6EE49DB6D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F72BAC3B-2B4B-4955-81DE-3399CEE61732}" = lport=138 | protocol=17 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061EF0EE-BB44-411A-9031-1E97BE3B38BF}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{0DB8EDC2-A6DF-4A6B-9403-796705628E29}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{0FD8DFDC-FFD3-4051-B24E-1513F0D4C234}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{1BBBE238-91BE-4602-A76C-C472FB381972}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{1F3CE820-22BF-4EF6-BA7E-0A6CB243D3DB}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{21E1CE64-F006-465C-8873-9C61CB71C187}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe | 
"{48998FD9-85A5-4457-8411-78E1C1DA9271}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{4C4BC29B-2A37-4C22-9A39-06319DB7752E}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{51E04342-2453-4CDD-84E1-8410F4725F16}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe | 
"{546CACB6-2D69-497B-9A16-FA7B0BB6F67D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5D7E6E90-AF91-4542-82D8-A415FED2EE34}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5E76DB1F-6ADD-4EB9-B4ED-0728856CCDAB}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{7D4C32FF-9C49-4F4D-8813-633C3735A49F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{82DD96E3-674F-44EE-B119-6CD73541ED0F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{8DFB17F8-F818-4465-9947-499755539D1D}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{985E4178-46A6-45AA-8B50-5178781F0D45}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{9DDF9B91-068B-4950-A924-1FB8D3C786AD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A40A1C5D-FAA7-453A-AEF7-895B0EFBD7E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B54FFA30-B38E-4866-9415-1FDA0EDB2A8A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D37C443D-D512-44E8-8E50-4FB2AE1BCFAD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D3C5239D-8B55-4275-99D9-F427CB43B2BC}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{D6B52804-16B1-408C-B241-65FB3F847B5E}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{DFEB449C-275E-4523-A58C-EC32D053E4C7}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{ED2F5C14-0DE9-4E62-88FE-D0BFA9BA4F21}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{EFC99F33-AD97-40FA-93EA-E39C9FD548C0}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{F14DCCD8-4D78-471E-A8A3-1AAE257499A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F2B33BA3-46B4-4B33-9B83-B32EBB5F0335}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe | 
"{F8F5B4E6-422F-40FF-B54D-16154451923C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F90F194B-FF9D-454F-BEC3-A300878A139F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{FBB44444-CC62-40E2-B279-31BD6DBD5ECE}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"TCP Query User{076CB3E5-AF79-4356-9F1E-1EDD0CE8C151}C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
"TCP Query User{43E0C4F7-A3BC-4F1C-ACB3-B2CC5319645F}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | 
"TCP Query User{AB974237-6BC8-442A-8A1A-41B4D52BD31C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{EACB17F8-C190-4AA7-BA22-3F37B798DC75}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{EB609D36-BFEC-467F-A261-31810D499E60}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{43ABE705-E88A-45F5-8389-3CC12BCFB96D}C:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe | 
"UDP Query User{9829E1BE-BE34-4714-B423-33D649978EF4}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{DEAB7CD3-711C-49BB-9569-66EB41F8E2FA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{ED9191EF-79EC-4348-BEEF-365029D85318}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{F1D37A8E-6BC8-4867-88D7-E409AAF44F89}C:\program files\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii\versions\base15405\sc2.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{4B6B024F-F6D4-4A7B-8ADA-F9F8370320CC}" = SRS Premium Sound
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"apulSoft apEQ" = apulSoft apEQ
"ASIO4ALL" = ASIO4ALL
"CCleaner" = CCleaner
"CVPiano-Modeled" = CVPiano-Modeled
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FL Studio 9" = FL Studio 9
"Hardcore" = Hardcore
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IL Download Manager" = IL Download Manager
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"PoiZone" = PoiZone
"RealPlayer 12.0" = RealPlayer
"Sakura" = Sakura
"Sawer" = Sawer
"sfArk" = sfArk
"sfArkXTc" = sfArkXTc
"SpellForce" = SpellForce
"Syncrosoft License Control" = Syncrosoft Lizenz Kontrolle
"Toxic Biohazard" = Toxic Biohazard
"TVWiz" = Intel(R) TV Wizard
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinCDEmu" = WinCDEmu
"WinRAR archiver" = WinRAR
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 03.09.2010 06:05:05 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 04.09.2010 11:27:28 | Computer Name = Flo | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.09.2010 04:00:10 | Computer Name = Flo | Source = WinMgmt | ID = 10
Description = 
 
Error - 05.09.2010 04:42:54 | Computer Name = Flo | Source = Windows Search Service | ID = 3013
Description = 
 
[ OSession Events ]
Error - 19.05.2010 09:02:16 | Computer Name = Flo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.06.2010 12:03:34 | Computer Name = Flo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 23.07.2010 18:24:13 | Computer Name = Flo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.08.2010 17:55:32 | Computer Name = Flo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 372
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.08.2010 18:07:56 | Computer Name = Flo | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6535.5005, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 02.09.2010 20:36:20 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 03.09.2010 05:34:18 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 04.09.2010 11:26:57 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 05.09.2010 03:59:04 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 05.09.2010 13:40:24 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 05.09.2010 18:03:27 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 06.09.2010 03:53:04 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 06.09.2010 07:22:57 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 06.09.2010 07:34:14 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
Error - 06.09.2010 11:15:05 | Computer Name = Flo | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >

Root Repeal hat sich irgendwann aufgehängt, bzw. es hat 2 Stunden lang das gleiche angezeigt und es kam kein Fortschritt mehr.
Das Stoppen des Scans hat auch nicht funktioniert, ich hab ca. eine halbe Stunde gewartet, dann hab ich das Fenster geschlossen. Als ich den Scan erneut starten wollte, bekam ich beim öffnen des Programms eine Fehlermeldung, die nach einem Neustart nicht mehr kam.

Soll ich den Scan mit Root Repeal nochmal machen? Ich weiß nicht genau ob es sich aufgehangen hat ode nicht, aber es kam wie gesagt ca. 2 Stunden lang gar nichts mehr.

#4 Zwei Stunden sind zu viel, hat sich wohl aufgehängt. Lassen wir ihn erstmal.

1. Lade bitte diese Datei:

Zitat

C:\Windows\System32\agremove.exe

bei Virustotal hoch
http://www.virustotal.com/
und poste den Link zum Ergebnis der Auswertung.

2. Arbeite bitte diese Anleitung ab und poste das Log:
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

#5 Also ich hab das mit combofix versucht, aber der pc fährt grad seit 45 minuten runter...
Wird das noch was oder muss ich einen kaltstart machen?

#6 Kaltstart.
Falls nach dem Neustart kein Log eingeblendet wird, suche bitte unter C:\Combofix.txt oder C:\Qoobox. Falls nichts zu finden ist, versuche Combofix bitte erneut auszuführen.

#7 okay.

erst mal der link:
http://www.virustotal.com/file-scan/report.html?id=cd1dc21c324eec7f73f935f41cc4901e48709f1dcf62f4ed421f4db9dc708acb-1283798221

und hier das log

Code

ComboFix 10-09-06.02 - Florian 06.09.2010  20:55:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3036.1643 [GMT 2:00]
ausgeführt von:: c:\users\Florian\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Florian\AppData\Local\lame_enc.dll
c:\users\Florian\AppData\Local\no23xwrapper.dll
c:\users\Florian\AppData\Local\ogg.dll
c:\users\Florian\AppData\Local\vorbis.dll
c:\users\Florian\AppData\Local\vorbisenc.dll
c:\users\Florian\AppData\Local\vorbisfile.dll
c:\users\Florian\AppData\Local\Windows Server
c:\users\Florian\AppData\Local\Windows Server\admin.txt
c:\users\Florian\AppData\Local\Windows Server\flags.ini
c:\users\Florian\AppData\Local\Windows Server\server.dat
c:\users\Florian\AppData\Local\Windows Server\uses32.dat

Infizierte Kopie von c:\windows\system32\wininit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe wurde wiederhergestellt 

Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe wurde wiederhergestellt 

Infizierte Kopie von c:\windows\System32\autochk.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe wurde wiederhergestellt 

Infizierte Kopie von c:\windows\system32\wininit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe wurde wiederhergestellt
Infizierte Kopie von c:\windows\explorer.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\SoftwareDistribution\Download\15d05090e6f876555f2419af621dda9f\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe wurde wiederhergestellt
.
(((((((((((((((((((((((   Dateien erstellt von 2010-08-06 bis 2010-09-06  ))))))))))))))))))))))))))))))
.

2010-09-06 20:12 . 2010-09-06 20:12    17408    ----a-w-    c:\windows\system32\rpcnetp.dll
2010-09-06 20:11 . 2010-09-06 20:11    17408    ----a-w-    c:\windows\system32\rpcnetp.exe
2010-09-06 19:04 . 2010-09-06 20:12    --------    d-----w-    c:\users\Florian\AppData\Local\temp
2010-09-06 19:04 . 2010-09-06 19:04    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-09-06 19:04 . 2010-09-06 19:04    --------    d-----w-    c:\users\Administrator\AppData\Local\temp
2010-09-06 11:24 . 2010-09-06 15:17    44544    ----a-w-    c:\windows\system32\agremove.exe
2010-09-06 11:24 . 2010-09-06 11:24    --------    d-----w-    c:\users\Florian\AppData\Roaming\Malwarebytes
2010-09-06 11:24 . 2010-04-29 13:39    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-06 11:24 . 2010-09-06 11:24    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2010-09-06 11:24 . 2010-09-06 11:24    --------    d-----w-    c:\programdata\Malwarebytes
2010-09-06 11:24 . 2010-04-29 13:39    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys
2010-09-06 11:20 . 2010-09-06 11:20    --------    d-----w-    C:\_OTL
2010-08-19 12:11 . 2010-08-19 12:11    --------    d-----w-    c:\windows\Sun
2010-08-11 16:04 . 2010-06-21 13:37    2037760    ----a-w-    c:\windows\system32\win32k.sys
2010-08-11 16:04 . 2010-06-18 17:31    36864    ----a-w-    c:\windows\system32\rtutils.dll
2010-08-11 16:04 . 2010-06-08 17:35    3548040    ----a-w-    c:\windows\system32\ntoskrnl.exe
2010-08-11 16:04 . 2010-06-08 17:35    3600768    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2010-08-11 16:04 . 2010-06-11 16:15    1248768    ----a-w-    c:\windows\system32\msxml3.dll
2010-08-11 16:04 . 2010-06-18 15:04    302080    ----a-w-    c:\windows\system32\drivers\srv.sys
2010-08-11 16:04 . 2010-06-18 15:04    144896    ----a-w-    c:\windows\system32\drivers\srv2.sys
2010-08-11 16:04 . 2010-06-16 16:04    905088    ----a-w-    c:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 18:48 . 2010-04-10 13:48    --------    d-----w-    c:\users\Florian\AppData\Roaming\ICQ
2010-09-03 11:50 . 2010-04-12 11:26    --------    d-----w-    c:\program files\JDownloader
2010-09-02 11:33 . 2010-08-07 18:21    --------    d-----w-    c:\users\Florian\AppData\Roaming\Skype
2010-09-02 11:18 . 2010-08-07 18:23    --------    d-----w-    c:\users\Florian\AppData\Roaming\skypePM
2010-09-02 10:01 . 2010-04-11 19:26    --------    d-----w-    c:\program files\Microsoft Silverlight
2010-09-02 02:58 . 2010-04-12 12:08    --------    d-----w-    c:\users\Florian\AppData\Roaming\vlc
2010-09-02 02:52 . 2008-04-16 11:11    621952    ----a-w-    c:\windows\system32\perfh007.dat
2010-09-02 02:52 . 2008-04-16 11:11    123852    ----a-w-    c:\windows\system32\perfc007.dat
2010-09-01 15:39 . 2010-09-01 15:39    808176    ----a-w-    c:\programdata\Sophos\AutoUpdate\Cache\savxp\savi.dll
2010-09-01 15:39 . 2010-09-01 15:39    2327792    ----a-w-    c:\programdata\Sophos\AutoUpdate\Cache\savxp\veex.dll
2010-09-01 15:39 . 2010-09-01 15:39    185584    ----a-w-    c:\programdata\Sophos\AutoUpdate\Cache\savxp\osdp.dll
2010-08-31 18:12 . 2010-05-31 17:08    --------    d-----w-    c:\users\Florian\AppData\Roaming\dvdcss
2010-08-26 12:49 . 2010-06-13 17:26    --------    d-----w-    c:\program files\Zattoo4
2010-08-23 13:20 . 2010-04-10 13:48    --------    d-----w-    c:\program files\ICQ7.1
2010-08-23 12:58 . 2010-08-01 20:13    --------    d-----w-    c:\program files\Common Files\Blizzard Entertainment
2010-08-23 09:47 . 2010-08-01 20:13    --------    d-----w-    c:\programdata\Blizzard Entertainment
2010-08-23 09:46 . 2010-08-03 21:59    --------    d-----w-    c:\program files\R.G. Mechanics
2010-08-23 09:45 . 2010-08-07 18:20    --------    d-----r-    c:\program files\Skype
2010-08-12 13:13 . 2010-04-10 11:57    114688    ----a-w-    c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\security.dll
2010-08-11 18:05 . 2010-04-11 04:29    --------    d-----w-    c:\programdata\Microsoft Help
2010-08-07 18:23 . 2010-08-07 18:23    56    ---ha-w-    c:\windows\system32\ezsidmv.dat
2010-08-07 18:20 . 2010-08-07 18:20    --------    d-----w-    c:\program files\Common Files\Skype
2010-08-07 18:20 . 2010-08-07 18:20    --------    d-----w-    c:\programdata\Skype
2010-08-07 01:56 . 2010-04-10 11:58    499712    ----a-w-    c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\sipsmanagement.dll
2010-08-04 00:07 . 2010-08-04 00:07    43520    ----a-w-    c:\windows\system32\CmdLineExt03.dll
2010-08-03 23:44 . 2010-08-03 23:44    --------    d-----w-    c:\program files\JoWooD
2010-08-02 11:50 . 2010-08-01 20:38    47364    ----a-w-    c:\programdata\Blizzard Entertainment\Battle.net\Cache\Download\Scan.dll
2010-08-02 11:09 . 2010-08-02 11:09    0    ----a-w-    c:\windows\nsreg.dat
2010-08-02 11:00 . 2010-08-02 11:00    100432    ----a-w-    c:\users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-21 10:44 . 2010-04-10 11:57    233472    ----a-w-    c:\programdata\Sophos\AutoUpdate\Cache\savxp\program files\sophos\sophos anti-virus\module retargetable folder\filterprocessors.dll
2010-07-14 19:15 . 2010-07-14 19:15    --------    d-----w-    c:\program files\Lavalys
2010-07-11 00:29 . 2010-07-11 00:29    --------    d-----w-    c:\program files\Native Instruments
2010-07-09 00:44 . 2010-07-09 00:44    --------    d-----w-    c:\programdata\WindowsSearch
2010-06-26 06:05 . 2010-08-11 16:05    916480    ----a-w-    c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 16:05    71680    ----a-w-    c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 16:05    109056    ----a-w-    c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 16:05    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-06-25 00:48 . 2010-06-25 00:48    3262    ----a-r-    c:\users\Florian\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\controlPanelIcon.exe
2010-06-25 00:48 . 2010-06-25 00:48    10134    ----a-r-    c:\users\Florian\AppData\Roaming\Microsoft\Installer\{22B0E143-2B0B-435B-9F56-136A3D16065F}\SystemFolder_msiexec.exe
2010-06-14 21:34 . 2010-06-14 21:34    1700352    ----a-w-    c:\windows\system32\gdiplus.dll
2010-06-11 16:16 . 2010-08-11 16:05    274944    ----a-w-    c:\windows\system32\schannel.dll
2008-01-21 02:23 . 2008-01-21 02:23    397312    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
2008-01-21 02:23 . 2008-01-21 02:23    397312    --sha-w-    c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\WinMail.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SRS Premium Sound"="c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe" [2009-03-19 3261688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-23 17149952]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ASUS\ATKOSD2\ATKOSD2.exe" [2009-03-04 8392704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):38,69,dd,b8,b9,d9,ca,01

R3 ASUSProcObsrv;ASUS Process Creation/Termination Observer;e:\i386\AsProcOb.sys [x]
S0 rpcnetp;rpcnetp; [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys [2009-12-06 135320]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.n-tv.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\Florian\AppData\Roaming\Mozilla\Firefox\Profiles\tlx3r7tp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.n-tv.de/
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 22:14
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r??????????????????????????????????????????????? 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\AUDIODG.EXE
c:\program files\Sophos\Sophos Anti-Virus\SavService.exe
c:\program files\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\windows\System32\rpcnetp.exe
c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\ASUS\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Hotkey\HControl.exe
c:\program files\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files\ASUS\ATK Hotkey\WDC.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-06  22:20:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-06 20:20

Vor Suchlauf: 6 Verzeichnis(se), 89.293.524.992 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 87.585.546.240 Bytes frei

- - End Of File - - FF09FD6B971E363FF4B889FEBED943D3

#8 Allerhand...

Ok, agremov.exe ist wohl eine legitime Datei.

1. Starte bitte RootRepeal, gehe diesmal nicht auf Report, sondern belasse alles wie es ist und klicke gleich auf Scan. Das sollte nur wenige Sekunden dauern. Klicke dann auf Save Report, speichere das Log irgendwo ab und poste es dann bitte.

#9 Okay, hier das log

Code

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/09/07 09:50
Program Version:        Version 1.3.5.0
Windows Version:        Windows Vista SP2
==================================================

Drivers
-------------------
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x8068A000    Size: 286720    File Visible: -    Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x81C0E000    Size: 3903488    File Visible: -    Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8F808000    Size: 294912    File Visible: -    Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x807A2000    Size: 32768    File Visible: -    Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x807AA000    Size: 122880    File Visible: -    Signed: -
Status: -

Name: athr.sys
Image Path: C:\Windows\system32\DRIVERS\athr.sys
Address: 0x8E80B000    Size: 1200128    File Visible: -    Signed: -
Status: -

Name: ATKACPI.sys
Image Path: C:\Windows\system32\DRIVERS\ATKACPI.sys
Address: 0x8E98E000    Size: 32768    File Visible: -    Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x8071A000    Size: 40960    File Visible: -    Signed: -
Status: -

Name: BazisVirtualCDBus.sys
Image Path: C:\Windows\system32\DRIVERS\BazisVirtualCDBus.sys
Address: 0x8EB3C000    Size: 155648    File Visible: -    Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8F581000    Size: 28672    File Visible: -    Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80488000    Size: 32768    File Visible: -    Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xAB890000    Size: 102400    File Visible: -    Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x98280000    Size: 57344    File Visible: -    Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0xAC129000    Size: 90112    File Visible: -    Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8E972000    Size: 98304    File Visible: -    Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804D1000    Size: 917504    File Visible: -    Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x89F9A000    Size: 135168    File Visible: -    Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80490000    Size: 266240    File Visible: -    Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8E98A000    Size: 14208    File Visible: -    Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x80717000    Size: 10496    File Visible: -    Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x901C2000    Size: 53248    File Visible: -    Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x89FBB000    Size: 36864    File Visible: -    Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8F8FF000    Size: 94208    File Visible: -    Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x89F89000    Size: 69632    File Visible: -    Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8F530000    Size: 151552    File Visible: -    Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x901DA000    Size: 32768    File Visible: No    Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x901CF000    Size: 45056    File Visible: No    Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x901E2000    Size: 40960    File Visible: -    Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8E70B000    Size: 659456    File Visible: -    Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x89F62000    Size: 159744    File Visible: -    Signed: -
Status: -

Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0xAC0F5000    Size: 163840    File Visible: -    Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x805B1000    Size: 65536    File Visible: -    Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x807C8000    Size: 204800    File Visible: -    Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8F571000    Size: 36864    File Visible: -    Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x89CF9000    Size: 110592    File Visible: -    Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x81FC7000    Size: 208896    File Visible: -    Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x89D61000    Size: 577536    File Visible: -    Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8F591000    Size: 28672    File Visible: -    Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0xAB806000    Size: 446464    File Visible: -    Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8E941000    Size: 77824    File Visible: -    Signed: -
Status: -

Name: igdkmd32.sys
Image Path: C:\Windows\system32\DRIVERS\igdkmd32.sys
Address: 0x8DE0C000    Size: 9433088    File Visible: -    Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x89D14000    Size: 61440    File Visible: -    Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8E95C000    Size: 45056    File Visible: -    Signed: -
Status: -

Name: kbfiltr.sys
Image Path: C:\Windows\system32\DRIVERS\kbfiltr.sys
Address: 0x8E954000    Size: 32768    File Visible: -    Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80400000    Size: 28672    File Visible: -    Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\drivers\ks.sys
Address: 0x8EA85000    Size: 172032    File Visible: -    Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x82209000    Size: 462848    File Visible: -    Signed: -
Status: -

Name: L1E60x86.sys
Image Path: C:\Windows\system32\DRIVERS\L1E60x86.sys
Address: 0x8E930000    Size: 69632    File Visible: -    Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x8EBEB000    Size: 65536    File Visible: -    Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8F92F000    Size: 110592    File Visible: -    Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x80407000    Size: 458752    File Visible: -    Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x901EC000    Size: 61440    File Visible: -    Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8E967000    Size: 45056    File Visible: -    Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x80792000    Size: 65536    File Visible: -    Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xAB8A9000    Size: 86016    File Visible: -    Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0xAB8BE000    Size: 135168    File Visible: -    Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0xAB8DF000    Size: 126976    File Visible: -    Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0xAB8FE000    Size: 233472    File Visible: -    Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0xAB937000    Size: 98304    File Visible: -    Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8F5D5000    Size: 45056    File Visible: -    Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x806D9000    Size: 32768    File Visible: -    Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8E996000    Size: 192512    File Visible: -    Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x82385000    Size: 176128    File Visible: -    Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8EB64000    Size: 40960    File Visible: -    Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x89F53000    Size: 61440    File Visible: -    Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8227A000    Size: 1093632    File Visible: -    Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8EAC6000    Size: 45056    File Visible: -    Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x8F400000    Size: 40960    File Visible: -    Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8EAD1000    Size: 143360    File Visible: -    Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8EBB0000    Size: 69632    File Visible: -    Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8F898000    Size: 57344    File Visible: -    Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8F850000    Size: 204800    File Visible: -    Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x823B0000    Size: 241664    File Visible: -    Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8F5E0000    Size: 57344    File Visible: -    Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8F8F5000    Size: 40960    File Visible: -    Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x89E02000    Size: 1114112    File Visible: -    Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x81C0E000    Size: 3903488    File Visible: -    Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8F57A000    Size: 28672    File Visible: -    Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x8E9C5000    Size: 172032    File Visible: -    Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8F882000    Size: 90112    File Visible: -    Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x80708000    Size: 61440    File Visible: -    Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x806E1000    Size: 159744    File Visible: -    Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x8077D000    Size: 28672    File Visible: -    Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x80784000    Size: 57344    File Visible: -    Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xAC00D000    Size: 909312    File Visible: -    Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x81C0E000    Size: 3903488    File Visible: -    Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8F503000    Size: 184320    File Visible: -    Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80477000    Size: 69632    File Visible: -    Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8F5EE000    Size: 36864    File Visible: -    Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8EAAF000    Size: 94208    File Visible: -    Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8EAF4000    Size: 61440    File Visible: -    Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8EB03000    Size: 81920    File Visible: -    Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8EB17000    Size: 86016    File Visible: -    Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x81C0E000    Size: 3903488    File Visible: -    Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8F8B9000    Size: 245760    File Visible: -    Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8F5C5000    Size: 32768    File Visible: -    Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8F5CD000    Size: 32768    File Visible: -    Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAC13F000    Size: 49152    File Visible: No    Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x8E7D2000    Size: 77824    File Visible: -    Signed: -
Status: -

Name: savonaccess.sys
Image Path: C:\Windows\system32\DRIVERS\savonaccess.sys
Address: 0x8F555000    Size: 114688    File Visible: -    Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xAC0EB000    Size: 40960    File Visible: -    Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8EBD7000    Size: 81920    File Visible: -    Signed: -
Status: -

Name: sncduvc.SYS
Image Path: C:\Windows\system32\DRIVERS\sncduvc.SYS
Address: 0x901BB000    Size: 28672    File Visible: -    Signed: -
Status: -

Name: snp2uvc.sys
Image Path: C:\Windows\system32\DRIVERS\snp2uvc.sys
Address: 0x90002000    Size: 1752704    File Visible: -    Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x89F4B000    Size: 32768    File Visible: -    Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x8F94A000    Size: 720896    File Visible: -    Signed: -
Status: -

Name: srs_PremiumSound_i386.sys
Image Path: C:\Windows\system32\drivers\srs_PremiumSound_i386.sys
Address: 0x8EA4D000    Size: 225664    File Visible: -    Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xAB976000    Size: 319488    File Visible: -    Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0xAB94F000    Size: 159744    File Visible: -    Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xAB873000    Size: 118784    File Visible: -    Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8EA01000    Size: 266240    File Visible: -    Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\Windows\system32\DRIVERS\STREAM.SYS
Address: 0x901AE000    Size: 53248    File Visible: -    Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8EB62000    Size: 4992    File Visible: -    Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x89C0F000    Size: 958464    File Visible: -    Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xAC11D000    Size: 49152    File Visible: -    Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8EA42000    Size: 45056    File Visible: -    Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8EBC1000    Size: 90112    File Visible: -    Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8EB2C000    Size: 65536    File Visible: -    Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x98260000    Size: 36864    File Visible: -    Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x89FEF000    Size: 36864    File Visible: -    Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x89FE4000    Size: 45056    File Visible: -    Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8EB6E000    Size: 53248    File Visible: -    Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8F916000    Size: 94208    File Visible: -    Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8F92D000    Size: 8192    File Visible: -    Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8E7C3000    Size: 61440    File Visible: -    Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8EB7B000    Size: 217088    File Visible: -    Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x89D23000    Size: 253952    File Visible: -    Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8E7B8000    Size: 45056    File Visible: -    Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8F598000    Size: 49152    File Visible: -    Signed: -
Status: -

Name: viahduaa.sys
Image Path: C:\Windows\system32\drivers\viahduaa.sys
Address: 0x8F40A000    Size: 1019904    File Visible: -    Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8F5A4000    Size: 135168    File Visible: -    Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x80724000    Size: 61440    File Visible: -    Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x80733000    Size: 303104    File Visible: -    Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x89F12000    Size: 233472    File Visible: -    Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8F8A6000    Size: 77824    File Visible: -    Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8E7AC000    Size: 49152    File Visible: -    Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80601000    Size: 507904    File Visible: -    Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x8067D000    Size: 53248    File Visible: -    Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x98040000    Size: 2109440    File Visible: -    Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x98040000    Size: 2109440    File Visible: -    Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x806D0000    Size: 36864    File Visible: -    Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x81C0E000    Size: 3903488    File Visible: -    Signed: -
Status: -

#10 Gut, noch ein paar abschließende Scans.

1. Panda ActiveScan2.0
http://www.pandasecurity.com/homeusers/solutions/activescan/

Klicke auf Scan your PC now
Wähle Schneller Scan, klicke auf Jetzt scannen und folge den Anweisungen.
Am Ende des Scans wird eine Ergebnisseite angezeigt, oben rechts kann man die Ergebnisse in eine Textdatei speichern (Export In: ). Den Inhalt der Datei bitte posten.

2. DrWeb CureIt
http://www.trojaner-board.de/59299-anleitung-drweb-cureit.html

3. Kontrollscan mit OTL: Starte bitte OTL, klicke auf Quick Scan und poste die OTL.txt (Extras.txt wird diesmal nicht benötigt)

#11 Okay erst mal den Panda Scan:

Code

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-09-07 10:39:44
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
Sophos Anti-Virus                                                          Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00099612  adware/ipbill                      Adware              No        0         Yes            No           hkey_local_machine\software\microsoft\windows\currentversion\uninstall\hardcore
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           c:\users\florian\appdata\roaming\microsoft\windows\cookies\florian@doubleclick[1].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           c:\users\florian\appdata\roaming\microsoft\windows\cookies\florian@mediaplex[2].txt
00168056  Cookie/YieldManager                TrackingCookie      No        0         Yes            No           c:\users\florian\appdata\roaming\microsoft\windows\cookies\florian@ad.yieldmanager[2].txt
00168061  Cookie/Apmebf                      TrackingCookie      No        0         Yes            No           c:\users\florian\appdata\roaming\microsoft\windows\cookies\florian@apmebf[1].txt
00262020  Cookie/Atwola                      TrackingCookie      No        0         Yes            No           c:\users\florian\appdata\roaming\microsoft\windows\cookies\florian@atwola[1].txt
;===================================================================================================================================================================================
SUSPECTS
Sent      Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id        Severity       Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

#12 Beim Scan mit DrWeb kann ich nur den schnellen scan machen. Beim komplett Scan stürzt irgendwann der PC ab.
Der schnelle Scan hat auf jeden Fall nichts gefunden.

#13 So hier noch das log von OTL

Code

OTL logfile created on: 07.09.2010 14:18:48 - Run 4
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Florian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 171,82 Gb Total Space | 80,78 Gb Free Space | 47,01% Space Free | Partition Type: NTFS
Drive D: | 114,55 Gb Total Space | 89,82 Gb Free Space | 78,41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FLO
Current User Name: Florian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Windows\System32\rpcnetp.exe ()
PRC - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\temp\sophos_autoupdate1.dir\ALUpdate.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation)
PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE (VIA)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Windows\System32\lpksetup.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Florian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (rpcnetp) -- C:\Windows\System32\rpcnetp.dll ()
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IPSECSHM) -- C:\Windows\System32\DRIVERS\ipsecw2k.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (ASUSProcObsrv) -- E:\I386\AsProcOb.sys File not found
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (BazisVirtualCDBus) -- C:\Windows\System32\drivers\BazisVirtualCDBus.sys (SysProgs.org)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SRS_PremiumSound_Service) -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynasUSB) -- C:\Windows\System32\drivers\synasUSB.sys (SIA Syncrosoft)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.n-tv.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://www.n-tv.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.02 13:09:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.24 03:11:17 | 000,000,000 | ---D | M]
 
[2010.04.10 04:40:55 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Extensions
[2010.04.10 06:20:21 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\d1bpydfq.default\extensions
[2010.04.10 04:46:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\d1bpydfq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.04.10 04:44:04 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\d1bpydfq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.06 20:44:27 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\tlx3r7tp.default\extensions
[2010.04.11 06:33:36 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\tlx3r7tp.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010.08.18 23:07:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Florian\AppData\Roaming\mozilla\Firefox\Profiles\tlx3r7tp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.06 20:44:27 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.07.28 15:25:41 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.28 15:25:41 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.28 15:25:41 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.28 15:25:41 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.28 15:25:41 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.06 22:12:16 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SRS Premium Sound] C:\Program Files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe (SRS Labs, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll) - C:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.09.07 10:59:09 | 000,000,000 | ---D | C] -- C:\Users\Florian\DoctorWeb
[2010.09.07 10:30:31 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010.09.07 10:29:38 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010.09.06 22:20:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.09.06 22:20:52 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Local\temp
[2010.09.06 22:12:20 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010.09.06 20:53:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.09.06 20:53:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.09.06 20:52:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.09.06 20:52:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.09.06 20:52:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.09.06 13:24:47 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010.09.06 13:24:10 | 000,000,000 | ---D | C] -- C:\Users\Florian\AppData\Roaming\Malwarebytes
[2010.09.06 13:24:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.06 13:24:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.06 13:24:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.06 13:24:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.06 13:20:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.09.06 11:29:14 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2010.08.19 14:11:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.08.11 18:05:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 18:05:08 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 18:05:08 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.11 18:05:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 18:05:08 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 18:05:08 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 18:05:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 18:05:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 18:05:08 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 18:05:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 18:05:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 18:05:08 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 18:05:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 18:05:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 18:05:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 18:05:07 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 18:04:59 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 18:04:58 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 18:04:55 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 18:04:55 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.10 13:57:04 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Florian\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Florian\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Florian\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Florian\AppData\Local\bass.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.09.07 14:21:05 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010.09.07 14:19:19 | 002,097,152 | -HS- | M] () -- C:\Users\Florian\ntuser.dat
[2010.09.07 14:17:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.07 14:17:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 14:17:39 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.07 14:17:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.07 14:16:42 | 000,524,288 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.09.07 14:16:42 | 000,065,536 | -HS- | M] () -- C:\Users\Florian\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.09.07 13:41:33 | 266,248,595 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.09.07 10:46:51 | 049,165,656 | ---- | M] () -- C:\Users\Florian\Desktop\drweb-cureit.exe
[2010.09.06 22:12:24 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.09.06 22:12:16 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.09.06 20:43:46 | 003,839,056 | R--- | M] () -- C:\Users\Florian\Desktop\ComboFix.exe
[2010.09.06 13:24:04 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.06 11:29:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Florian\Desktop\OTL.exe
[2010.09.04 17:25:59 | 000,372,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.03 13:14:00 | 000,001,523 | ---- | M] () -- C:\Users\Florian\AppData\Local\RecConfig.xml
[2010.09.02 04:55:24 | 000,046,592 | ---- | M] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.02 04:52:02 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.02 04:52:01 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.02 04:52:01 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.02 04:52:00 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.02 04:51:59 | 001,427,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 19:34:23 | 000,011,311 | ---- | M] () -- C:\Users\Florian\Documents\Mietvertrag Kündigung.docx
[2010.08.28 15:02:42 | 000,010,338 | ---- | M] () -- C:\Users\Florian\Desktop\Microsoft Office Word-Dokument (neu).docx
[2010.08.24 22:10:05 | 000,019,456 | ---- | M] () -- C:\Users\Florian\AppData\Local\WebpageIcons.db
[2010.08.22 13:41:20 | 000,446,303 | ---- | M] () -- C:\Users\Florian\Desktop\EMA - Biowaiver Giudance.pdf
[2010.08.19 14:59:45 | 000,019,702 | ---- | M] () -- C:\Users\Florian\Desktop\eb27c7666d282cbfaa62530dbdec1ffb.pdf
[2010.08.12 18:16:07 | 000,348,116 | ---- | M] () -- C:\Users\Florian\Desktop\C19111.pdf
[2010.08.12 13:09:56 | 000,707,344 | ---- | M] () -- C:\Users\Florian\Desktop\BE462lect05.pdf
[2010.08.11 20:31:28 | 000,085,835 | ---- | M] () -- C:\Users\Florian\Desktop\WC500003664.pdf
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.09.07 12:37:52 | 266,248,595 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.09.07 10:42:24 | 049,165,656 | ---- | C] () -- C:\Users\Florian\Desktop\drweb-cureit.exe
[2010.09.06 22:12:07 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010.09.06 22:11:43 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010.09.06 20:53:12 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.09.06 20:53:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.09.06 20:53:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.09.06 20:53:12 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.09.06 20:53:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.09.06 20:53:12 | 000,031,232 | ---- | C] () -- C:\Windows\NIRCMD.exe
[2010.09.06 20:43:11 | 003,839,056 | R--- | C] () -- C:\Users\Florian\Desktop\ComboFix.exe
[2010.09.06 13:24:04 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.28 15:00:51 | 000,010,338 | ---- | C] () -- C:\Users\Florian\Desktop\Microsoft Office Word-Dokument (neu).docx
[2010.08.23 15:48:22 | 000,011,311 | ---- | C] () -- C:\Users\Florian\Documents\Mietvertrag Kündigung.docx
[2010.08.22 13:27:31 | 000,446,303 | ---- | C] () -- C:\Users\Florian\Desktop\EMA - Biowaiver Giudance.pdf
[2010.08.19 14:59:45 | 000,019,702 | ---- | C] () -- C:\Users\Florian\Desktop\eb27c7666d282cbfaa62530dbdec1ffb.pdf
[2010.08.12 18:16:06 | 000,348,116 | ---- | C] () -- C:\Users\Florian\Desktop\C19111.pdf
[2010.08.12 13:09:56 | 000,707,344 | ---- | C] () -- C:\Users\Florian\Desktop\BE462lect05.pdf
[2010.08.11 20:31:28 | 000,085,835 | ---- | C] () -- C:\Users\Florian\Desktop\WC500003664.pdf
[2010.08.04 02:07:51 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.06.25 03:22:12 | 000,001,523 | ---- | C] () -- C:\Users\Florian\AppData\Local\RecConfig.xml
[2010.06.13 19:26:10 | 000,019,456 | ---- | C] () -- C:\Users\Florian\AppData\Local\WebpageIcons.db
[2010.06.08 17:16:25 | 000,016,555 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\AllChars.xml
[2010.06.08 17:16:25 | 000,000,000 | ---- | C] () -- C:\Users\Florian\AppData\Roaming\AllChars-example.xml
[2010.05.14 19:04:16 | 000,230,952 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys
[2010.05.11 21:57:58 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.05.11 21:57:58 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.04.11 22:37:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.04.10 16:52:24 | 000,046,592 | ---- | C] () -- C:\Users\Florian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.10 04:33:31 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010.04.10 04:23:56 | 000,000,680 | ---- | C] () -- C:\Users\Florian\AppData\Local\d3d9caps.dat
[2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.09.06 20:48:43 | 000,000,000 | ---D | M] -- C:\Users\Florian\AppData\Roaming\ICQ
[2010.09.07 12:39:46 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

#14 Hm,

Starte bitte OTL, klicke zunächst auf None, kopiere dann unten in das Script-Feld rein:

Zitat

hklm\software\microsoft\windows\currentversion\uninstall|hardcore /rs

und klicke auf Run Scan. Sollte schnell gehen. Poste dann bitte die OTL.txt.

#15 ging echt schnell

Code

OTL logfile created on: 07.09.2010 16:24:52 - Run 5
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Users\Florian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 171,82 Gb Total Space | 80,58 Gb Free Space | 46,90% Space Free | Partition Type: NTFS
Drive D: | 114,55 Gb Total Space | 89,82 Gb Free Space | 78,41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FLO
Current User Name: Florian
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]<     hklm\software\microsoft\windows\currentversion\uninstall|hardcore /rs >[/color]
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Hardcore\\DisplayName: Hardcore
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Hardcore\\HelpLink: http://www.image-line.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Hardcore\\Publisher: Image-Line
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\Hardcore\\UninstallString: C:\Program Files\Image-Line\Hardcore\uninstall.exe [2009.10.26 12:09:18 | 000,263,622 | ---- | M] ()
< End of report >