Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BKA Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 28.09.2011, 11:31   #1
jk_hamburg
 
BKA Trojaner - Standard

BKA Trojaner



Hallo,

habe wie schon im Titel geschrieben den BKA Trojaner auf einem Laptop. Nun habe ich mich hier schon ein wenig umgesehen im Forum. Habe mir OTLPENet runtergeladen und damit eine CD erstellt nun habe ich den Laptop auch gestartet bekommen und einen Scan mit OTL durgeführt .

Hier nun die Scans:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 9/27/2011 8:57:11 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275.41 Gb Total Space | 184.47 Gb Free Space | 66.98% Space Free | Partition Type: NTFS
Drive D: | 22.66 Gb Total Space | 12.51 Gb Free Space | 55.20% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2008/10/24 08:54:32 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/24 08:54:30 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/07/22 04:20:57 | 000,069,120 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/02 06:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto] -- C:\Program Files\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007/10/03 09:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/09/11 09:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2009/05/27 13:46:02 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/27 13:45:56 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/27 13:45:54 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/07/10 23:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/03/12 21:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/11/08 13:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/08/30 14:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007/08/28 09:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/06/25 07:37:24 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/06/01 04:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007/05/25 03:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/05/25 03:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2003/04/28 05:27:06 | 000,009,867 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Anika_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\Anika_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\Anika_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Anika_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/25 14:59:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 04:34:14 | 000,000,000 | ---D | M]
 
[2008/09/12 12:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anika\AppData\Roaming\Mozilla\Extensions
[2011/04/21 08:17:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions
[2009/09/14 10:09:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/16 10:09:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/08/16 10:07:54 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2009/11/06 05:14:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/16 18:11:54 | 000,000,873 | ---- | M] () -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\searchplugins\conduit.xml
[2009/03/15 09:16:17 | 000,001,632 | ---- | M] () -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\searchplugins\live-search.xml
[2010/09/02 17:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/02 17:19:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/10/23 09:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010/08/01 06:23:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/08/01 06:23:22 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/08/01 06:23:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/08/01 06:23:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/08/01 06:23:22 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\Anika_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Anika_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CtrlVol]  File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Anika_ON_C..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - ("Explorer.exe") - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Anika_ON_C Winlogon: Shell - (C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe) - C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe ()
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTART.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/09/27 02:34:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2002/03/11 05:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002/03/11 04:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011/09/27 20:48:23 | 000,000,186 | ---- | M] () -- C:\RECOVER (D).lnk
[2011/09/27 13:39:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/27 13:38:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 13:38:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 13:38:44 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/09/27 13:38:41 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/27 13:38:25 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/27 11:23:51 | 000,627,756 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/09/27 11:23:51 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/09/27 11:23:51 | 000,125,870 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/09/27 11:23:51 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/09/27 11:15:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/27 01:49:31 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/09/27 01:42:30 | 000,367,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011/09/27 20:48:23 | 000,000,186 | ---- | C] () -- C:\RECOVER (D).lnk
[2011/09/27 13:38:25 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/15 16:05:51 | 000,000,066 | ---- | C] () -- C:\Users\Anika\AppData\default.pls
[2011/01/05 15:02:43 | 000,000,680 | ---- | C] () -- C:\Users\Anika\AppData\Local\d3d9caps.dat
[2010/09/02 17:21:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/20 12:59:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/20 12:59:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/20 12:58:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/16 14:35:41 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/06/16 14:25:09 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/03 13:33:23 | 000,018,944 | ---- | C] () -- C:\Users\Anika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/23 15:50:08 | 000,000,000 | ---- | C] () -- C:\Users\Anika\AppData\Roaming\Default.PLS
[2008/10/05 07:39:51 | 000,000,626 | ---- | C] () -- C:\Users\Anika\AppData\Roaming\wklnhst.dat
[2008/07/17 08:50:28 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008/07/17 07:56:03 | 000,627,756 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/07/17 07:56:03 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/07/17 07:56:03 | 000,125,870 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/07/17 07:56:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008/07/17 05:54:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008/07/17 03:35:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/07/17 02:04:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/07/14 05:32:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/05/29 16:56:14 | 000,037,375 | ---- | C] () -- C:\Program Files\openoffice.org-xsltfilter.cab
[2008/05/29 16:56:13 | 002,678,080 | ---- | C] () -- C:\Program Files\openoffice.org-writer.cab
[2008/05/29 16:56:04 | 000,207,388 | ---- | C] () -- C:\Program Files\openoffice.org-testtool.cab
[2008/05/29 16:56:02 | 002,504,975 | ---- | C] () -- C:\Program Files\openoffice.org-pyuno.cab
[2008/05/29 16:55:44 | 000,052,152 | ---- | C] () -- C:\Program Files\openoffice.org-onlineupdate.cab
[2008/05/29 16:55:43 | 001,209,478 | ---- | C] () -- C:\Program Files\openoffice.org-math.cab
[2008/05/29 16:55:39 | 000,118,910 | ---- | C] () -- C:\Program Files\openoffice.org-javafilter.cab
[2008/05/29 16:55:38 | 001,395,007 | ---- | C] () -- C:\Program Files\openoffice.org-impress.cab
[2008/05/29 16:55:32 | 000,086,870 | ---- | C] () -- C:\Program Files\openoffice.org-graphicfilter.cab
[2008/05/29 16:55:31 | 001,046,365 | ---- | C] () -- C:\Program Files\openoffice.org-draw.cab
[2008/05/29 16:55:31 | 000,002,769 | ---- | C] () -- C:\Program Files\openoffice.org-emailmerge.cab
[2008/05/29 16:55:26 | 002,031,954 | ---- | C] () -- C:\Program Files\openoffice.org-core09.cab
[2008/05/29 16:55:19 | 000,305,784 | ---- | C] () -- C:\Program Files\openoffice.org-core08.cab
[2008/05/29 16:55:13 | 004,249,333 | ---- | C] () -- C:\Program Files\openoffice.org-core07.cab
[2008/05/29 16:55:02 | 028,871,584 | ---- | C] () -- C:\Program Files\openoffice.org-core06.cab
[2008/05/29 16:51:04 | 018,634,513 | ---- | C] () -- C:\Program Files\openoffice.org-core05.cab
[2008/05/29 16:50:07 | 016,503,595 | ---- | C] () -- C:\Program Files\openoffice.org-core04.cab
[2008/05/29 16:49:16 | 009,117,929 | ---- | C] () -- C:\Program Files\openoffice.org-core03.cab
[2008/05/29 16:48:55 | 003,861,568 | ---- | C] () -- C:\Program Files\openoffice.org-core02.cab
[2008/05/29 16:48:42 | 015,099,632 | ---- | C] () -- C:\Program Files\openoffice.org-core01.cab
[2008/05/29 16:48:11 | 004,871,833 | ---- | C] () -- C:\Program Files\openoffice.org-calc.cab
[2008/05/29 16:47:53 | 001,912,368 | ---- | C] () -- C:\Program Files\openoffice.org-base.cab
[2008/05/29 16:47:46 | 000,043,005 | ---- | C] () -- C:\Program Files\openoffice.org-activex.cab
[2008/05/29 16:47:43 | 004,376,576 | ---- | C] () -- C:\Program Files\openofficeorg24.msi
[2008/05/29 16:47:43 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini
[2008/02/08 16:33:18 | 000,323,584 | ---- | C] () -- C:\Program Files\setup.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,367,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,595,386 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/11/04 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Degener
[2010/08/16 10:09:26 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/11/04 19:08:05 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ebner
[2009/07/08 06:29:57 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\OpenOffice.org
[2008/10/05 07:43:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Template
[2010/07/08 18:01:22 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ulead Systems
[2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2008/07/17 08:50:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2010/11/08 09:09:44 | 000,000,000 | ---D | M] -- C:\ProgramData\Degener
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2008/07/17 08:52:51 | 000,000,000 | ---D | M] -- C:\ProgramData\fun communications
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2008/07/17 09:49:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Ulead Systems
[2008/09/05 11:45:25 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2010/08/03 17:03:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom
[2010/08/25 15:03:00 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2008/07/17 09:47:31 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2011/04/27 13:40:11 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
Extra.txt
Code:
ATTFilter
OTL Extras logfile created on: 9/27/2011 8:57:11 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275.41 Gb Total Space | 184.47 Gb Free Space | 66.98% Space Free | Partition Type: NTFS
Drive D: | 22.66 Gb Total Space | 12.51 Gb Free Space | 55.20% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A787B327-ABF4-4655-8FC3-01F65FB68880}_is1" = Vortest 7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EXMARaLDA_is1" = EXMARaLDA 1.4
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LetsTrade" = LetsTrade Komponenten
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Drivers" = NVIDIA Drivers
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVAnts 1.0" = TVAnts 1.0
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
< End of report >
         
Ich hoffe Ihr könnt mir helfen.

mfg

Jan

Alt 29.09.2011, 10:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - Standard

BKA Trojaner



Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Anika_ON_C\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\Anika_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
[2010/08/16 10:09:27 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010/08/16 10:07:54 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKU\Anika_ON_C\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Anika_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O20 - HKU\Anika_ON_C Winlogon: Shell - (C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe) - C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTART.EXE
:Files
C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe
:Commands
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen!
2.) Ordner movedfiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________

__________________

Alt 29.09.2011, 12:42   #3
jk_hamburg
 
BKA Trojaner - Standard

BKA Trojaner



Hallo Arne,

ich habe nun deinen "Fix" durchgeführt. denke es hat soweit alles klappt Windows startet wieder normal. Die gewünschen Datein bzw Die Zip Datei habe ich auch schon erfolgreich hochgeladen . Nun hier noch die Log Datei:

Code:
ATTFilter
========== OTL ==========
HKLM\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files\DVDVideoSoftTB\tbDVDV.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Program Files\softonic-de3\tbsoft.dll moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\Anika_ON_C\Software\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\Anika_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_USERS\Anika_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
Prefs.js: "Live Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files\softonic-de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_USERS\Anika_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Program Files\DVDVideoSoftTB\tbDVDV.dll not found.
Registry value HKEY_USERS\Anika_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_USERS\Anika_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe deleted successfully.
C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{de5b0161-7b57-11dd-84c8-806e6f6e6963}\ not found.
File E:\AUTOSTART.EXE not found.
========== FILES ==========
File\Folder C:\Users\Anika\AppData\Local\Temp\0.6105569158567732.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 09292011_161836

Files\Folders moved on Reboot...
File\Folder X:\AUTORUN.INF not found!

Registry entries deleted on Reboot...
         
danke nochmals für die hilfe!!!



mfg Jan
__________________

Alt 29.09.2011, 13:13   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - Standard

BKA Trojaner



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Führe danach auch bitte ESET aus, danach sehen wir weiter.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.09.2011, 19:27   #5
jk_hamburg
 
BKA Trojaner - Standard

BKA Trojaner



So ich habe nun mit Malware gescannt sowie mit dem Online Scanner

hier nun die Logfiles:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7827

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

29.09.2011 16:53:53
mbam-log-2011-09-29 (16-53-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 338439
Laufzeit: 1 Stunde(n), 45 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d00a502ca5b7d642a6c8d35ef92cbd14
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-29 06:17:19
# local_time=2011-09-29 08:17:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 8291 8291 0 0
# compatibility_mode=5892 16776638 100 100 13479850 154842122 0 0
# compatibility_mode=8192 67108863 100 0 131 131 0 0
# scanned=170824
# found=2
# cleaned=0
# scan_time=10845
C:\Users\Anika\Downloads\SoftonicDownloader64308.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\09292011_161836\C_Users\Anika\AppData\Local\Temp\0.6105569158567732.exe	a variant of Win32/Injector.GAW trojan (unable to clean)	00000000000000000000000000000000	I
         

ich hoffe ihr könnt mir weiterhelfen.

danke im vorraus

mfg

jan


Alt 29.09.2011, 19:32   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - Standard

BKA Trojaner



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
--> BKA Trojaner

Alt 29.09.2011, 20:19   #7
jk_hamburg
 
BKA Trojaner - Standard

BKA Trojaner



das ging ja schnell mit der antwort, so habe alles wie beschrieben ausgeführt .

hier die log.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.09.2011 20:48:02 - Run 1
OTL by OldTimer - Version 3.2.29.1     Folder = C:\Users\Anika\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 47,21% Memory free
6,19 Gb Paging File | 4,73 Gb Available in Paging File | 76,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 185,13 Gb Free Space | 67,22% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,51 Gb Free Space | 55,20% Space Free | Partition Type: FAT32
 
Computer Name: ANIKA-PC | User Name: Anika | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.29 20:44:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Anika\Desktop\OTL.exe
PRC - [2011.09.09 17:43:18 | 001,220,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2011.09.08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2011.09.08 06:46:00 | 002,401,120 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2011.09.01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.08.12 06:10:32 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2010.08.01 12:23:20 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.07.22 10:20:56 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2008.07.03 11:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.11.02 12:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 12:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2007.11.02 12:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 12:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 12:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 12:27:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll
MOD - [2007.11.02 12:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 12:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.01 06:16:22 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2008.07.22 10:20:57 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.07.11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.07.11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.07.11 01:14:02 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.07.11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.07.11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.07.11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011.07.11 01:13:42 | 000,032,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2008.07.11 05:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.03.13 03:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.08.30 20:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.06.25 13:37:24 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\Si3531.sys -- (Si3531)
DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:12.0.0.1806
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011.09.29 15:00:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011.09.29 15:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.25 20:59:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.05 10:34:14 | 000,000,000 | ---D | M]
 
[2008.09.12 18:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anika\AppData\Roaming\mozilla\Extensions
[2011.09.29 15:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anika\AppData\Roaming\mozilla\Firefox\Profiles\oxoatvf9.default\extensions
[2009.09.14 16:09:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Anika\AppData\Roaming\mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.06 11:14:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Anika\AppData\Roaming\mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.17 00:11:54 | 000,000,873 | ---- | M] () -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\searchplugins\conduit.xml
[2009.03.15 15:16:17 | 000,001,632 | ---- | M] () -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\searchplugins\live-search.xml
[2010.09.02 23:19:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.02 23:19:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.09.29 15:00:29 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX
[2008.10.05 14:15:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2009.07.07 17:35:24 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.10.23 15:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.08.01 12:23:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.01 12:23:22 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.01 12:23:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.01 12:23:22 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.01 12:23:22 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\8.0.552.237\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: getPlusPlus for Adobe 16248 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2011.09.29 22:18:46 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82CA42DF-4DA4-4380-B0B9-18728C41D813}: DhcpNameServer = 213.191.74.18 62.109.123.196
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - ("Explorer.exe") -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Anika\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Anika\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.29 22:18:45 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011.09.29 22:18:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.09.29 20:44:27 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Anika\Desktop\OTL.exe
[2011.09.29 17:14:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.09.29 16:12:37 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.09.29 15:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\ MALWAREBYTES ANTI-MALWARE 
[2011.09.29 15:02:18 | 000,000,000 | ---D | C] -- C:\Users\Anika\AppData\Roaming\AVG2012
[2011.09.29 15:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011.09.29 14:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011.09.29 14:59:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011.09.29 14:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.09.29 14:53:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.09.29 14:53:16 | 000,000,000 | ---D | C] -- C:\Users\Anika\AppData\Roaming\Malwarebytes
[2011.09.29 14:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.29 14:53:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.29 14:53:03 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.29 14:53:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.29 14:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.09.27 08:34:52 | 000,000,000 | -HSD | C] -- C:\found.000
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.29 20:55:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.29 20:55:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.29 20:45:49 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.09.29 20:44:32 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Anika\Desktop\OTL.exe
[2011.09.29 20:35:03 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.29 19:36:12 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.09.29 19:35:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.29 15:03:42 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.29 15:03:42 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.29 15:03:42 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.29 15:03:42 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.29 15:03:35 | 105,314,671 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.09.29 15:01:33 | 000,000,862 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011.09.29 14:55:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.29 14:54:58 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.29 14:53:08 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.28 02:48:23 | 000,000,186 | ---- | M] () -- C:\RECOVER (D).lnk
[2011.09.27 07:49:31 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.09.27 07:42:30 | 000,367,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.09.29 16:22:59 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2011.09.29 15:03:35 | 105,314,671 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.09.29 15:01:33 | 000,000,862 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011.09.29 14:53:08 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.28 02:48:23 | 000,000,186 | ---- | C] () -- C:\RECOVER (D).lnk
[2011.01.05 21:02:43 | 000,000,680 | ---- | C] () -- C:\Users\Anika\AppData\Local\d3d9caps.dat
[2010.09.02 23:21:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.20 18:59:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 18:59:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.20 18:58:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.06.16 20:35:41 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.16 20:25:09 | 000,027,839 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.02.03 19:33:23 | 000,018,944 | ---- | C] () -- C:\Users\Anika\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.23 21:50:08 | 000,000,000 | ---- | C] () -- C:\Users\Anika\AppData\Roaming\Default.PLS
[2008.10.05 13:39:51 | 000,000,626 | ---- | C] () -- C:\Users\Anika\AppData\Roaming\wklnhst.dat
[2008.07.17 14:50:28 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2008.07.17 13:56:03 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.07.17 13:56:03 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.07.17 13:56:03 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.07.17 13:56:03 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.07.17 11:54:02 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.07.17 09:35:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.07.17 08:04:27 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008.07.14 11:32:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.05.29 22:56:14 | 000,037,375 | ---- | C] () -- C:\Program Files\openoffice.org-xsltfilter.cab
[2008.05.29 22:56:13 | 002,678,080 | ---- | C] () -- C:\Program Files\openoffice.org-writer.cab
[2008.05.29 22:56:04 | 000,207,388 | ---- | C] () -- C:\Program Files\openoffice.org-testtool.cab
[2008.05.29 22:56:02 | 002,504,975 | ---- | C] () -- C:\Program Files\openoffice.org-pyuno.cab
[2008.05.29 22:55:44 | 000,052,152 | ---- | C] () -- C:\Program Files\openoffice.org-onlineupdate.cab
[2008.05.29 22:55:43 | 001,209,478 | ---- | C] () -- C:\Program Files\openoffice.org-math.cab
[2008.05.29 22:55:39 | 000,118,910 | ---- | C] () -- C:\Program Files\openoffice.org-javafilter.cab
[2008.05.29 22:55:38 | 001,395,007 | ---- | C] () -- C:\Program Files\openoffice.org-impress.cab
[2008.05.29 22:55:32 | 000,086,870 | ---- | C] () -- C:\Program Files\openoffice.org-graphicfilter.cab
[2008.05.29 22:55:31 | 001,046,365 | ---- | C] () -- C:\Program Files\openoffice.org-draw.cab
[2008.05.29 22:55:31 | 000,002,769 | ---- | C] () -- C:\Program Files\openoffice.org-emailmerge.cab
[2008.05.29 22:55:26 | 002,031,954 | ---- | C] () -- C:\Program Files\openoffice.org-core09.cab
[2008.05.29 22:55:19 | 000,305,784 | ---- | C] () -- C:\Program Files\openoffice.org-core08.cab
[2008.05.29 22:55:13 | 004,249,333 | ---- | C] () -- C:\Program Files\openoffice.org-core07.cab
[2008.05.29 22:55:02 | 028,871,584 | ---- | C] () -- C:\Program Files\openoffice.org-core06.cab
[2008.05.29 22:51:04 | 018,634,513 | ---- | C] () -- C:\Program Files\openoffice.org-core05.cab
[2008.05.29 22:50:07 | 016,503,595 | ---- | C] () -- C:\Program Files\openoffice.org-core04.cab
[2008.05.29 22:49:16 | 009,117,929 | ---- | C] () -- C:\Program Files\openoffice.org-core03.cab
[2008.05.29 22:48:55 | 003,861,568 | ---- | C] () -- C:\Program Files\openoffice.org-core02.cab
[2008.05.29 22:48:42 | 015,099,632 | ---- | C] () -- C:\Program Files\openoffice.org-core01.cab
[2008.05.29 22:48:11 | 004,871,833 | ---- | C] () -- C:\Program Files\openoffice.org-calc.cab
[2008.05.29 22:47:53 | 001,912,368 | ---- | C] () -- C:\Program Files\openoffice.org-base.cab
[2008.05.29 22:47:46 | 000,043,005 | ---- | C] () -- C:\Program Files\openoffice.org-activex.cab
[2008.05.29 22:47:43 | 004,376,576 | ---- | C] () -- C:\Program Files\openofficeorg24.msi
[2008.05.29 22:47:43 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini
[2008.02.08 22:33:18 | 000,323,584 | ---- | C] () -- C:\Program Files\setup.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,367,304 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.09.29 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\AVG2012
[2010.11.05 01:07:56 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Degener
[2010.08.16 16:09:26 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.05 01:08:05 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ebner
[2009.07.08 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\OpenOffice.org
[2008.10.05 13:43:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Template
[2010.07.09 00:01:22 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ulead Systems
[2011.09.29 14:54:00 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.09.07 18:35:32 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Adobe
[2010.08.26 12:36:38 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Apple Computer
[2011.09.29 15:02:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\AVG2012
[2010.08.17 00:35:54 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\CyberLink
[2010.11.05 01:07:56 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Degener
[2010.08.16 16:09:26 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.11.05 01:08:05 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ebner
[2008.09.07 18:12:26 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Google
[2008.09.05 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Identities
[2008.09.07 18:24:50 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Macromedia
[2011.09.29 14:53:16 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Media Center Programs
[2011.09.29 13:50:34 | 000,000,000 | --SD | M] -- C:\Users\Anika\AppData\Roaming\Microsoft
[2008.09.12 18:49:34 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Mozilla
[2009.02.03 19:29:12 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Nero
[2009.02.03 19:30:47 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\NeroDigital™
[2009.07.08 12:29:57 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\OpenOffice.org
[2009.07.08 11:55:29 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\OpenOffice.org2
[2011.09.29 14:58:17 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Skype
[2011.09.29 14:39:25 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\skypePM
[2008.10.05 13:43:18 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Template
[2010.07.09 00:01:22 | 000,000,000 | ---D | M] -- C:\Users\Anika\AppData\Roaming\Ulead Systems
 
< %APPDATA%\*.exe /s >
[2011.03.13 15:41:22 | 002,832,544 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Anika\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.09.23 17:37:30 | 000,022,352 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2009.09.23 17:37:30 | 000,034,112 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
 
< %SYSTEMDRIVE%\*.exe >
[2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.07.10 16:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.07.10 16:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.07.10 16:33:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<           >

< End of report >
         
--- --- ---

[/CODE]

Alt 29.09.2011, 20:21   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - Standard

BKA Trojaner



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.09.2011, 09:54   #9
jk_hamburg
 
BKA Trojaner - Standard

BKA Trojaner



so nun habe ich den scan mit dem kaspersky tdsskiller durchgeführt.

hier nun das ergebniss:

Code:
ATTFilter
10:18:49.0611 6000	TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
10:18:49.0783 6000	============================================================
10:18:49.0783 6000	Current date / time: 2011/09/30 10:18:49.0783
10:18:49.0783 6000	SystemInfo:
10:18:49.0783 6000	
10:18:49.0783 6000	OS Version: 6.0.6002 ServicePack: 2.0
10:18:49.0783 6000	Product type: Workstation
10:18:49.0783 6000	ComputerName: ANIKA-PC
10:18:49.0783 6000	UserName: Anika
10:18:49.0783 6000	Windows directory: C:\Windows
10:18:49.0783 6000	System windows directory: C:\Windows
10:18:49.0783 6000	Processor architecture: Intel x86
10:18:49.0783 6000	Number of processors: 2
10:18:49.0783 6000	Page size: 0x1000
10:18:49.0783 6000	Boot type: Normal boot
10:18:49.0783 6000	============================================================
10:18:50.0345 6000	Initialize success
10:18:58.0441 5464	============================================================
10:18:58.0441 5464	Scan started
10:18:58.0441 5464	Mode: Manual; SigCheck; TDLFS; 
10:18:58.0441 5464	============================================================
10:18:59.0221 5464	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
10:18:59.0564 5464	ACPI - ok
10:18:59.0705 5464	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
10:18:59.0892 5464	adp94xx - ok
10:19:00.0141 5464	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
10:19:00.0297 5464	adpahci - ok
10:19:00.0609 5464	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
10:19:00.0641 5464	adpu160m - ok
10:19:00.0875 5464	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
10:19:00.0890 5464	adpu320 - ok
10:19:01.0187 5464	AFD             (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
10:19:01.0467 5464	AFD - ok
10:19:01.0842 5464	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
10:19:01.0873 5464	agp440 - ok
10:19:02.0232 5464	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
10:19:02.0263 5464	aic78xx - ok
10:19:02.0450 5464	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
10:19:02.0466 5464	aliide - ok
10:19:02.0793 5464	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
10:19:02.0809 5464	amdagp - ok
10:19:02.0981 5464	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
10:19:03.0012 5464	amdide - ok
10:19:03.0651 5464	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
10:19:04.0447 5464	AmdK7 - ok
10:19:04.0650 5464	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
10:19:04.0806 5464	AmdK8 - ok
10:19:05.0071 5464	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
10:19:05.0087 5464	arc - ok
10:19:05.0570 5464	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
10:19:05.0586 5464	arcsas - ok
10:19:05.0757 5464	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
10:19:05.0804 5464	AsyncMac - ok
10:19:05.0976 5464	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
10:19:05.0991 5464	atapi - ok
10:19:06.0163 5464	ATSWPDRV        (69e65a2ce11619f0c868967ca9540b80) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
10:19:06.0241 5464	ATSWPDRV - ok
10:19:06.0631 5464	AVGIDSDriver    (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
10:19:06.0662 5464	AVGIDSDriver - ok
10:19:07.0037 5464	AVGIDSEH        (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
10:19:07.0068 5464	AVGIDSEH - ok
10:19:07.0317 5464	AVGIDSFilter    (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
10:19:07.0333 5464	AVGIDSFilter - ok
10:19:07.0614 5464	AVGIDSShim      (54d710b7d2e30e1ddc8ce2c6e685576b) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
10:19:07.0629 5464	AVGIDSShim - ok
10:19:07.0879 5464	Avgldx86        (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys
10:19:07.0895 5464	Avgldx86 - ok
10:19:08.0394 5464	Avgmfx86        (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
10:19:08.0409 5464	Avgmfx86 - ok
10:19:08.0612 5464	Avgrkx86        (4def59ff7d09b9ce59739102b49fd526) C:\Windows\system32\DRIVERS\avgrkx86.sys
10:19:08.0628 5464	Avgrkx86 - ok
10:19:10.0188 5464	Avgtdix         (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
10:19:10.0219 5464	Avgtdix - ok
10:19:10.0453 5464	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
10:19:10.0562 5464	Beep - ok
10:19:10.0749 5464	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
10:19:10.0843 5464	blbdrive - ok
10:19:11.0030 5464	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
10:19:11.0139 5464	bowser - ok
10:19:11.0373 5464	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
10:19:11.0436 5464	BrFiltLo - ok
10:19:11.0592 5464	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
10:19:11.0654 5464	BrFiltUp - ok
10:19:11.0904 5464	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
10:19:12.0107 5464	Brserid - ok
10:19:12.0247 5464	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
10:19:12.0356 5464	BrSerWdm - ok
10:19:12.0497 5464	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
10:19:12.0606 5464	BrUsbMdm - ok
10:19:12.0824 5464	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
10:19:12.0918 5464	BrUsbSer - ok
10:19:13.0089 5464	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
10:19:13.0230 5464	BTHMODEM - ok
10:19:13.0495 5464	Cam5607         (48f64a84054771b2fef55606adf57557) C:\Windows\system32\Drivers\BisonC07.sys
10:19:13.0557 5464	Cam5607 - ok
10:19:13.0651 5464	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
10:19:13.0713 5464	cdfs - ok
10:19:13.0838 5464	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
10:19:13.0916 5464	cdrom - ok
10:19:14.0103 5464	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
10:19:14.0166 5464	circlass - ok
10:19:14.0322 5464	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
10:19:14.0353 5464	CLFS - ok
10:19:14.0447 5464	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
10:19:14.0509 5464	CmBatt - ok
10:19:14.0556 5464	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
10:19:14.0587 5464	cmdide - ok
10:19:14.0618 5464	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
10:19:14.0634 5464	Compbatt - ok
10:19:14.0649 5464	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
10:19:14.0681 5464	crcdisk - ok
10:19:14.0852 5464	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
10:19:14.0930 5464	Crusoe - ok
10:19:15.0164 5464	DfsC            (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
10:19:15.0211 5464	DfsC - ok
10:19:15.0289 5464	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
10:19:15.0320 5464	disk - ok
10:19:15.0398 5464	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
10:19:15.0476 5464	drmkaud - ok
10:19:15.0570 5464	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
10:19:15.0617 5464	DXGKrnl - ok
10:19:15.0663 5464	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:19:15.0726 5464	E1G60 - ok
10:19:15.0835 5464	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
10:19:15.0851 5464	Ecache - ok
10:19:16.0038 5464	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
10:19:16.0116 5464	elxstor - ok
10:19:16.0319 5464	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
10:19:16.0397 5464	ErrDev - ok
10:19:16.0584 5464	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
10:19:16.0677 5464	exfat - ok
10:19:16.0787 5464	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
10:19:16.0849 5464	fastfat - ok
10:19:16.0896 5464	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
10:19:16.0958 5464	fdc - ok
10:19:17.0005 5464	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
10:19:17.0036 5464	FileInfo - ok
10:19:17.0099 5464	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
10:19:17.0177 5464	Filetrace - ok
10:19:17.0208 5464	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:19:17.0286 5464	flpydisk - ok
10:19:17.0364 5464	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
10:19:17.0395 5464	FltMgr - ok
10:19:17.0598 5464	fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
10:19:17.0613 5464	fssfltr - ok
10:19:17.0754 5464	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
10:19:17.0801 5464	Fs_Rec - ok
10:19:17.0910 5464	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
10:19:17.0941 5464	gagp30kx - ok
10:19:18.0019 5464	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:19:18.0035 5464	GEARAspiWDM - ok
10:19:18.0331 5464	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
10:19:18.0456 5464	HdAudAddService - ok
10:19:18.0659 5464	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:19:18.0768 5464	HDAudBus - ok
10:19:18.0893 5464	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
10:19:18.0986 5464	HidBth - ok
10:19:19.0033 5464	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
10:19:19.0158 5464	HidIr - ok
10:19:19.0236 5464	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
10:19:19.0283 5464	HidUsb - ok
10:19:19.0361 5464	Hotkey          (8b566ea71d5b76157a9cdb78f25a5731) C:\Windows\system32\drivers\Hotkey.sys
10:19:19.0392 5464	Hotkey ( UnsignedFile.Multi.Generic ) - warning
10:19:19.0392 5464	Hotkey - detected UnsignedFile.Multi.Generic (1)
10:19:19.0485 5464	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
10:19:19.0517 5464	HpCISSs - ok
10:19:19.0595 5464	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
10:19:19.0688 5464	HTTP - ok
10:19:19.0782 5464	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
10:19:19.0813 5464	i2omp - ok
10:19:20.0031 5464	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
10:19:20.0094 5464	i8042prt - ok
10:19:20.0265 5464	iaStor          (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
10:19:20.0297 5464	iaStor - ok
10:19:20.0468 5464	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
10:19:20.0484 5464	iaStorV - ok
10:19:20.0624 5464	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
10:19:20.0640 5464	iirsp - ok
10:19:20.0921 5464	IntcAzAudAddService (5d26ccb06e1f3b5c26e863df3f4f2611) C:\Windows\system32\drivers\RTKVHDA.sys
10:19:21.0404 5464	IntcAzAudAddService - ok
10:19:21.0560 5464	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
10:19:21.0591 5464	intelide - ok
10:19:21.0747 5464	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
10:19:21.0794 5464	intelppm - ok
10:19:21.0950 5464	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:19:22.0044 5464	IpFilterDriver - ok
10:19:22.0169 5464	IpInIp - ok
10:19:22.0371 5464	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
10:19:22.0434 5464	IPMIDRV - ok
10:19:22.0637 5464	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
10:19:22.0683 5464	IPNAT - ok
10:19:22.0886 5464	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
10:19:22.0933 5464	IRENUM - ok
10:19:23.0198 5464	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
10:19:23.0229 5464	isapnp - ok
10:19:23.0417 5464	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
10:19:23.0448 5464	iScsiPrt - ok
10:19:23.0869 5464	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
10:19:23.0885 5464	iteatapi - ok
10:19:24.0056 5464	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
10:19:24.0087 5464	iteraid - ok
10:19:24.0197 5464	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
10:19:24.0212 5464	kbdclass - ok
10:19:24.0368 5464	kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
10:19:24.0446 5464	kbdhid - ok
10:19:24.0774 5464	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
10:19:24.0867 5464	KSecDD - ok
10:19:25.0023 5464	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
10:19:25.0101 5464	lltdio - ok
10:19:25.0257 5464	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
10:19:25.0289 5464	LSI_FC - ok
10:19:25.0351 5464	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
10:19:25.0367 5464	LSI_SAS - ok
10:19:25.0398 5464	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
10:19:25.0429 5464	LSI_SCSI - ok
10:19:25.0476 5464	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
10:19:25.0538 5464	luafv - ok
10:19:25.0694 5464	MBAMProtector   (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
10:19:25.0725 5464	MBAMProtector - ok
10:19:25.0850 5464	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
10:19:25.0881 5464	megasas - ok
10:19:25.0959 5464	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
10:19:26.0006 5464	MegaSR - ok
10:19:26.0053 5464	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
10:19:26.0115 5464	Modem - ok
10:19:26.0147 5464	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
10:19:26.0209 5464	monitor - ok
10:19:26.0240 5464	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
10:19:26.0271 5464	mouclass - ok
10:19:26.0303 5464	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
10:19:26.0365 5464	mouhid - ok
10:19:26.0412 5464	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
10:19:26.0443 5464	MountMgr - ok
10:19:26.0474 5464	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
10:19:26.0505 5464	mpio - ok
10:19:26.0552 5464	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
10:19:26.0630 5464	mpsdrv - ok
10:19:26.0739 5464	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
10:19:26.0755 5464	Mraid35x - ok
10:19:26.0849 5464	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
10:19:26.0927 5464	MRxDAV - ok
10:19:26.0973 5464	mrxsmb          (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:19:27.0036 5464	mrxsmb - ok
10:19:27.0083 5464	mrxsmb10        (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:19:27.0161 5464	mrxsmb10 - ok
10:19:27.0192 5464	mrxsmb20        (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:19:27.0223 5464	mrxsmb20 - ok
10:19:27.0270 5464	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
10:19:27.0301 5464	msahci - ok
10:19:27.0348 5464	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
10:19:27.0379 5464	msdsm - ok
10:19:27.0410 5464	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
10:19:27.0473 5464	Msfs - ok
10:19:27.0504 5464	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
10:19:27.0535 5464	msisadrv - ok
10:19:27.0566 5464	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
10:19:27.0629 5464	MSKSSRV - ok
10:19:27.0660 5464	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
10:19:27.0722 5464	MSPCLOCK - ok
10:19:27.0769 5464	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
10:19:27.0831 5464	MSPQM - ok
10:19:27.0894 5464	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
10:19:27.0925 5464	MsRPC - ok
10:19:27.0972 5464	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
10:19:28.0034 5464	mssmbios - ok
10:19:28.0065 5464	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
10:19:28.0112 5464	MSTEE - ok
10:19:28.0159 5464	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
10:19:28.0206 5464	Mup - ok
10:19:28.0268 5464	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
10:19:28.0299 5464	NativeWifiP - ok
10:19:28.0393 5464	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
10:19:28.0455 5464	NDIS - ok
10:19:28.0611 5464	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
10:19:28.0689 5464	NdisTapi - ok
10:19:28.0939 5464	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
10:19:29.0001 5464	Ndisuio - ok
10:19:29.0173 5464	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:19:29.0220 5464	NdisWan - ok
10:19:29.0298 5464	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
10:19:29.0376 5464	NDProxy - ok
10:19:29.0423 5464	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
10:19:29.0501 5464	NetBIOS - ok
10:19:29.0594 5464	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
10:19:29.0657 5464	netbt - ok
10:19:29.0797 5464	NETw4v32        (4547b8aedd8119fcc127fdc7f282e983) C:\Windows\system32\DRIVERS\NETw4v32.sys
10:19:30.0015 5464	NETw4v32 - ok
10:19:30.0140 5464	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
10:19:30.0156 5464	nfrd960 - ok
10:19:30.0265 5464	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
10:19:30.0343 5464	Npfs - ok
10:19:30.0421 5464	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
10:19:30.0483 5464	nsiproxy - ok
10:19:30.0577 5464	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
10:19:30.0749 5464	Ntfs - ok
10:19:30.0873 5464	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
10:19:30.0967 5464	ntrigdigi - ok
10:19:31.0014 5464	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
10:19:31.0170 5464	Null - ok
10:19:31.0451 5464	nvlddmkm        (b0cc8b78a9f0c6d9c8909b9bf874a4de) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:19:32.0043 5464	nvlddmkm - ok
10:19:32.0184 5464	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
10:19:32.0199 5464	nvraid - ok
10:19:32.0262 5464	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
10:19:32.0293 5464	nvstor - ok
10:19:32.0340 5464	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
10:19:32.0371 5464	nv_agp - ok
10:19:32.0402 5464	NwlnkFlt - ok
10:19:32.0418 5464	NwlnkFwd - ok
10:19:32.0496 5464	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
10:19:32.0605 5464	ohci1394 - ok
10:19:32.0699 5464	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
10:19:32.0855 5464	Parport - ok
10:19:32.0933 5464	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
10:19:32.0964 5464	partmgr - ok
10:19:33.0026 5464	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
10:19:33.0135 5464	Parvdm - ok
10:19:33.0198 5464	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
10:19:33.0229 5464	pci - ok
10:19:33.0401 5464	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
10:19:33.0416 5464	pciide - ok
10:19:33.0463 5464	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
10:19:33.0479 5464	pcmcia - ok
10:19:33.0572 5464	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
10:19:33.0697 5464	PEAUTH - ok
10:19:33.0791 5464	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
10:19:33.0900 5464	PptpMiniport - ok
10:19:33.0931 5464	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
10:19:33.0993 5464	Processor - ok
10:19:34.0040 5464	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
10:19:34.0118 5464	PSched - ok
10:19:34.0196 5464	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
10:19:34.0493 5464	ql2300 - ok
10:19:34.0586 5464	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
10:19:34.0633 5464	ql40xx - ok
10:19:34.0664 5464	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
10:19:34.0742 5464	QWAVEdrv - ok
10:19:34.0773 5464	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
10:19:34.0836 5464	RasAcd - ok
10:19:34.0929 5464	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:19:35.0023 5464	Rasl2tp - ok
10:19:35.0085 5464	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
10:19:35.0148 5464	RasPppoe - ok
10:19:35.0179 5464	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
10:19:35.0226 5464	RasSstp - ok
10:19:35.0288 5464	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
10:19:35.0335 5464	rdbss - ok
10:19:35.0397 5464	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:19:35.0475 5464	RDPCDD - ok
10:19:35.0569 5464	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
10:19:35.0631 5464	rdpdr - ok
10:19:35.0772 5464	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
10:19:35.0834 5464	RDPENCDD - ok
10:19:36.0131 5464	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
10:19:36.0209 5464	RDPWD - ok
10:19:36.0411 5464	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
10:19:36.0505 5464	rspndr - ok
10:19:36.0583 5464	RTL8169         (b7e1c523e2f7787d700766fc78e01f77) C:\Windows\system32\DRIVERS\Rtlh86.sys
10:19:36.0661 5464	RTL8169 - ok
10:19:36.0755 5464	RTSTOR          (0d1c1b0de2819fe1ea25098183130b64) C:\Windows\system32\drivers\RTSTOR.SYS
10:19:36.0801 5464	RTSTOR - ok
10:19:36.0911 5464	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
10:19:36.0942 5464	sbp2port - ok
10:19:37.0004 5464	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:19:37.0098 5464	secdrv - ok
10:19:37.0176 5464	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
10:19:37.0269 5464	Serenum - ok
10:19:37.0332 5464	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
10:19:37.0441 5464	Serial - ok
10:19:37.0472 5464	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
10:19:37.0566 5464	sermouse - ok
10:19:37.0628 5464	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
10:19:37.0691 5464	sffdisk - ok
10:19:37.0722 5464	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
10:19:37.0800 5464	sffp_mmc - ok
10:19:37.0831 5464	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
10:19:37.0909 5464	sffp_sd - ok
10:19:38.0018 5464	sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
10:19:38.0081 5464	sfloppy - ok
10:19:38.0268 5464	Si3531          (4346d5bbdde7756d8614a3f193d60984) C:\Windows\system32\DRIVERS\Si3531.sys
10:19:38.0283 5464	Si3531 - ok
10:19:38.0330 5464	SiFilter        (e853c341bbf4ac0007a8db0858dbb09d) C:\Windows\system32\DRIVERS\SiWinAcc.sys
10:19:38.0346 5464	SiFilter - ok
10:19:38.0361 5464	SiRemFil        (d80e6f142eb4963e82a8537dd745f51b) C:\Windows\system32\DRIVERS\SiRemFil.sys
10:19:38.0377 5464	SiRemFil - ok
10:19:38.0408 5464	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
10:19:38.0439 5464	sisagp - ok
10:19:38.0502 5464	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
10:19:38.0517 5464	SiSRaid2 - ok
10:19:38.0611 5464	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
10:19:38.0642 5464	SiSRaid4 - ok
10:19:39.0032 5464	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
10:19:39.0157 5464	Smb - ok
10:19:39.0297 5464	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
10:19:39.0313 5464	spldr - ok
10:19:39.0563 5464	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
10:19:39.0656 5464	srv - ok
10:19:39.0859 5464	srv2            (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
10:19:39.0921 5464	srv2 - ok
10:19:40.0031 5464	srvnet          (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
10:19:40.0062 5464	srvnet - ok
10:19:40.0155 5464	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
10:19:40.0187 5464	swenum - ok
10:19:40.0249 5464	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
10:19:40.0280 5464	Symc8xx - ok
10:19:40.0343 5464	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
10:19:40.0374 5464	Sym_hi - ok
10:19:40.0421 5464	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
10:19:40.0467 5464	Sym_u3 - ok
10:19:40.0514 5464	SynTP           (4c6de67ebb6c487f7690a373fcfde279) C:\Windows\system32\DRIVERS\SynTP.sys
10:19:40.0545 5464	SynTP - ok
10:19:40.0655 5464	Tcpip           (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
10:19:40.0748 5464	Tcpip - ok
10:19:40.0795 5464	Tcpip6          (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
10:19:40.0857 5464	Tcpip6 - ok
10:19:40.0920 5464	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
10:19:41.0013 5464	tcpipreg - ok
10:19:41.0091 5464	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
10:19:41.0169 5464	TDPIPE - ok
10:19:41.0232 5464	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
10:19:41.0325 5464	TDTCP - ok
10:19:41.0435 5464	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
10:19:41.0513 5464	tdx - ok
10:19:41.0715 5464	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
10:19:41.0731 5464	TermDD - ok
10:19:41.0871 5464	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:19:41.0981 5464	tssecsrv - ok
10:19:42.0277 5464	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
10:19:42.0417 5464	tunmp - ok
10:19:42.0480 5464	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
10:19:42.0542 5464	tunnel - ok
10:19:42.0573 5464	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
10:19:42.0605 5464	uagp35 - ok
10:19:42.0667 5464	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
10:19:42.0745 5464	udfs - ok
10:19:42.0839 5464	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
10:19:42.0870 5464	uliagpkx - ok
10:19:42.0901 5464	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
10:19:42.0948 5464	uliahci - ok
10:19:42.0979 5464	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
10:19:42.0995 5464	UlSata - ok
10:19:43.0026 5464	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
10:19:43.0073 5464	ulsata2 - ok
10:19:43.0104 5464	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
10:19:43.0166 5464	umbus - ok
10:19:43.0322 5464	USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
10:19:43.0416 5464	USBAAPL - ok
10:19:43.0478 5464	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
10:19:43.0572 5464	usbccgp - ok
10:19:43.0665 5464	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
10:19:43.0775 5464	usbcir - ok
10:19:43.0821 5464	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
10:19:43.0915 5464	usbehci - ok
10:19:43.0993 5464	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
10:19:44.0055 5464	usbhub - ok
10:19:44.0118 5464	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
10:19:44.0289 5464	usbohci - ok
10:19:44.0399 5464	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
10:19:44.0461 5464	usbprint - ok
10:19:44.0523 5464	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
10:19:44.0633 5464	usbscan - ok
10:19:44.0726 5464	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:19:44.0898 5464	USBSTOR - ok
10:19:44.0960 5464	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
10:19:45.0023 5464	usbuhci - ok
10:19:45.0085 5464	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
10:19:45.0147 5464	usbvideo - ok
10:19:45.0241 5464	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
10:19:45.0303 5464	vga - ok
10:19:45.0475 5464	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
10:19:45.0553 5464	VgaSave - ok
10:19:45.0834 5464	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
10:19:45.0865 5464	viaagp - ok
10:19:45.0943 5464	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
10:19:46.0037 5464	ViaC7 - ok
10:19:46.0068 5464	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
10:19:46.0099 5464	viaide - ok
10:19:46.0130 5464	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
10:19:46.0146 5464	volmgr - ok
10:19:46.0224 5464	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
10:19:46.0271 5464	volmgrx - ok
10:19:46.0380 5464	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
10:19:46.0489 5464	volsnap - ok
10:19:46.0536 5464	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
10:19:46.0567 5464	vsmraid - ok
10:19:46.0707 5464	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
10:19:46.0801 5464	WacomPen - ok
10:19:46.0926 5464	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:19:47.0004 5464	Wanarp - ok
10:19:47.0019 5464	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
10:19:47.0113 5464	Wanarpv6 - ok
10:19:47.0269 5464	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
10:19:47.0316 5464	Wd - ok
10:19:47.0363 5464	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
10:19:47.0441 5464	Wdf01000 - ok
10:19:47.0581 5464	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:19:47.0675 5464	WmiAcpi - ok
10:19:47.0768 5464	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
10:19:47.0831 5464	WpdUsb - ok
10:19:47.0877 5464	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
10:19:47.0955 5464	ws2ifsl - ok
10:19:48.0002 5464	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:19:48.0143 5464	WUDFRd - ok
10:19:48.0205 5464	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:19:48.0283 5464	\Device\Harddisk0\DR0 - ok
10:19:48.0314 5464	Boot (0x1200)   (1b8297c60970d8ef2eb784fda74ab34c) \Device\Harddisk0\DR0\Partition0
10:19:48.0314 5464	\Device\Harddisk0\DR0\Partition0 - ok
10:19:48.0314 5464	Boot (0x1200)   (0f66965ce083ce3a9d3720cf0ca37bfe) \Device\Harddisk0\DR0\Partition1
10:19:48.0330 5464	\Device\Harddisk0\DR0\Partition1 - ok
10:19:48.0330 5464	============================================================
10:19:48.0330 5464	Scan finished
10:19:48.0330 5464	============================================================
10:19:48.0345 5288	Detected object count: 1
10:19:48.0345 5288	Actual detected object count: 1
10:50:39.0098 5288	C:\Windows\system32\drivers\Hotkey.sys - copied to quarantine
10:50:39.0114 5288	Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
         

Alt 30.09.2011, 10:32   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - Standard

BKA Trojaner



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.09.2011, 15:15   #11
jk_hamburg
 
BKA Trojaner - Standard

BKA Trojaner



So nun hier das ergebniss vom combofix scan:

Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-09-30.02 - Anika 30.09.2011  13:02:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1746 [GMT 2:00]
ausgeführt von:: c:\users\Anika\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Setup.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-28 bis 2011-09-30  ))))))))))))))))))))))))))))))
.
.
2011-09-30 11:15 . 2011-09-30 11:16	--------	d-----w-	c:\users\Anika\AppData\Local\temp
2011-09-30 11:15 . 2011-09-30 11:15	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-30 08:50 . 2011-09-30 08:50	--------	d-----w-	C:\TDSSKiller_Quarantine
2011-09-29 20:18 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2011-09-29 20:18 . 2011-09-29 20:18	--------	d-----w-	C:\_OTL
2011-09-29 15:14 . 2011-09-29 15:14	--------	d-----w-	c:\program files\ESET
2011-09-29 14:12 . 2011-09-29 14:12	--------	d-----w-	C:\$AVG
2011-09-29 13:05 . 2011-09-29 13:05	--------	d-----w-	c:\program files\ MALWAREBYTES ANTI-MALWARE 
2011-09-29 13:03 . 2011-05-02 17:19	766464	----a-w-	c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-09-29 13:03 . 2011-06-17 16:03	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-09-29 13:03 . 2011-04-14 14:59	75264	----a-w-	c:\windows\system32\drivers\dfsc.sys
2011-09-29 13:02 . 2011-08-10 12:14	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-09-29 13:02 . 2011-07-06 15:31	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-09-29 13:02 . 2011-04-29 13:24	79872	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-09-29 13:02 . 2011-04-29 13:24	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-09-29 13:02 . 2011-07-11 13:25	2048	----a-w-	c:\windows\system32\tzres.dll
2011-09-29 13:02 . 2011-09-29 13:02	--------	d-----w-	c:\users\Anika\AppData\Roaming\AVG2012
2011-09-29 12:59 . 2011-09-30 08:17	--------	d-----w-	c:\windows\system32\drivers\AVG
2011-09-29 12:59 . 2011-09-29 13:15	--------	d-----w-	c:\programdata\AVG2012
2011-09-29 12:58 . 2011-09-29 12:58	--------	d-----w-	c:\program files\AVG
2011-09-29 12:53 . 2011-05-02 17:16	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-09-29 12:53 . 2011-06-20 08:54	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-09-29 12:53 . 2011-06-20 08:54	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-09-29 12:53 . 2011-04-20 15:50	49152	----a-w-	c:\windows\system32\csrsrv.dll
2011-09-29 12:53 . 2011-09-29 12:53	--------	d--h--w-	c:\programdata\Common Files
2011-09-29 12:53 . 2010-12-20 16:35	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-09-29 12:53 . 2011-09-29 12:53	--------	d-----w-	c:\users\Anika\AppData\Roaming\Malwarebytes
2011-09-29 12:53 . 2011-09-29 12:53	--------	d-----w-	c:\programdata\Malwarebytes
2011-09-29 12:53 . 2011-09-29 12:53	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-09-29 12:53 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-29 12:51 . 2011-09-30 08:17	--------	d-----w-	c:\programdata\MFAData
2011-09-27 06:34 . 2011-09-27 06:34	--------	d-----w-	C:\found.000
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-08 04:08 . 2011-08-08 04:08	40016	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2011-07-10 23:14 . 2011-07-10 23:14	295248	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2011-07-10 23:14 . 2011-07-10 23:14	24272	----a-w-	c:\windows\system32\drivers\AVGIDSFilter.sys
2011-07-10 23:14 . 2011-07-10 23:14	16720	----a-w-	c:\windows\system32\drivers\AVGIDSShim.sys
2011-07-10 23:14 . 2011-07-10 23:14	23120	----a-w-	c:\windows\system32\drivers\AVGIDSEH.sys
2011-07-10 23:13 . 2011-07-10 23:13	134736	----a-w-	c:\windows\system32\drivers\AVGIDSDriver.sys
2011-07-10 23:13 . 2011-07-10 23:13	229840	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2011-07-10 23:13 . 2011-07-10 23:13	32464	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2008-05-29 20:47 . 2008-05-29 20:47	4376576	----a-w-	c:\program files\openofficeorg24.msi
2002-03-11 09:06 . 2002-03-11 09:06	1822520	----a-w-	c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45	1708856	----a-w-	c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"LanguageShortcut"="c:\program files\HomeCinema\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-13 222504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-22 220160]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-07 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-09-08 2401120]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 136176]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 23120]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-07-10 32464]
S0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\DRIVERS\Si3531.sys [2007-06-01 210736]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-07-10 229840]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-10 295248]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-09-01 5265248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 134736]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-07-10 16720]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2007-09-11 118784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 21:19]
.
2011-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 21:19]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
mLocal Page = 
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Anika\AppData\Roaming\Mozilla\Firefox\Profiles\oxoatvf9.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG2012\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-30 13:15
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-30  16:12:03
ComboFix-quarantined-files.txt  2011-09-30 14:11
.
Vor Suchlauf: 10 Verzeichnis(se), 196.451.442.688 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 199.272.333.312 Bytes frei
.
- - End Of File - - 3A838A8ABECB0E008F30E4E51CCA7E58
         
--- --- ---

Alt 30.09.2011, 17:35   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - Standard

BKA Trojaner



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.10.2011, 15:21   #13
jk_hamburg
 
BKA Trojaner - Standard

BKA Trojaner



so ich hoffe ich hab alles richtig gemacht hier die log datein.

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-10-01 12:00:55
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: p3iiwn4n.exe; Driver: C:\Users\Anika\AppData\Local\Temp\uwlorpoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwOpenProcess [0xA31E7F3C]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateProcess [0xA31E7FE4]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwTerminateThread [0xA31E8080]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )  ZwWriteVirtualMemory [0xA31E811C]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                               822EEB74 4 Bytes  [3C, 7F, 1E, A3]
.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                               822EEDA4 8 Bytes  [E4, 7F, 1E, A3, 80, 80, 1E, ...] {IN AL, 0x7f; PUSH DS; MOV [0xa31e8080], EAX}
.text           ntkrnlpa.exe!KeSetEvent + 681                                                                                               822EEE04 4 Bytes  [1C, 81, 1E, A3]
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                                    section is writeable [0x8E006340, 0x3ECA97, 0xE8000020]
?               C:\Windows\system32\Drivers\PROCEXP113.SYS                                                                                  Das System kann die angegebene Datei nicht finden. !
?               C:\Users\Anika\AppData\Local\Temp\catchme.sys                                                                               Das System kann die angegebene Datei nicht finden. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown]                                       [73B97817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage]                                        [73BEA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI]                                    [73B9BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode]                              [73B8F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup]                                        [73B975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC]                                     [73B8E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM]                         [73BC8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream]                            [73B9DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight]                                    [73B8FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth]                                     [73B8FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage]                                      [73B871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM]                              [73C1CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile]                                 [73BBC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics]                                    [73B8D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree]                                              [73B86853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc]                                             [73B8687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\explorer.exe[5608] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode]                                [73B92AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                     Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                     Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                     avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                                                   avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                    fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                    AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@Google Desktop Search                                                    "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@toolbar_eula_launcher                                                    C:\Program Files\GoogleEULA\EULALauncher.exe
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@AVG_TRAY                                                                 "C:\Program Files\AVG\AVG2012\avgtray.exe"
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime                                  2011-10-01 05:11:00
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastSuccessTime                     2011-09-30 08:29:24
Reg             HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@{!s!\30!r!{!`!t!c!i!\24!t!j!s!y!s!\24!                   19583823

---- EOF - GMER 1.0.15 ----
         
--- --- ---


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:12:15 on 01.10.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.0.19

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~1\AVG\AVG2012\avgrsx.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"Ddbaccpl.cpl" - "DataDesign AG" - C:\Windows\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\Windows\system32\ddBACCTM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVG Anti-Rootkit Driver" (Avgrkx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgrkx86.sys
"AVG AVI Loader Driver" (Avgldx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgldx86.sys
"AVG Mini-Filter Resident Anti-Virus Shield" (Avgmfx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgmfx86.sys
"AVG TDI Driver" (Avgtdix) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\DRIVERS\avgtdix.sys
"AVGIDSDriver" (AVGIDSDriver) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys
"AVGIDSEH" (AVGIDSEH) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSEH.Sys
"AVGIDSFilter" (AVGIDSFilter) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys
"AVGIDSShim" (AVGIDSShim) - "AVG Technologies CZ, s.r.o. " - C:\Windows\System32\DRIVERS\AVGIDSShim.Sys
"catchme" (catchme) - ? - C:\Users\Anika\AppData\Local\Temp\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)
"uwlorpoc" (uwlorpoc) - ? - C:\Users\Anika\AppData\Local\Temp\uwlorpoc.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - ? - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll  (File not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -   (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgse.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll
{D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} "Java Plug-in 1.6.0_04" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype add-on for Internet Explorer" - ? - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgssie.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe"
"LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe"
"LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Java\jre6\bin\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" update "Software\CyberLink\YouCam\1.0"
"Wbutton" - "Wistron" - "C:\Program Files\Launch Manager\Wbutton.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"AVG WatchDog" (avgwd) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
"AVGIDSAgent" (AVGIDSAgent) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Code:
ATTFilter
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-01 12:12:50
-----------------------------
12:12:50.251    OS Version: Windows 6.0.6002 Service Pack 2
12:12:50.251    Number of processors: 2 586 0xF0D
12:12:50.251    ComputerName: ANIKA-PC  UserName: Anika
12:12:52.919    Initialize success
12:14:31.893    AVAST engine defs: 11100100
12:14:48.913    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
12:14:48.913    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
12:14:49.521    Disk 0 MBR read successfully
12:14:49.521    Disk 0 MBR scan
12:14:49.521    Disk 0 Windows VISTA default MBR code
12:14:49.677    Disk 0 scanning sectors +625137345
12:14:50.442    Disk 0 scanning C:\Windows\system32\drivers
12:16:51.248    Service scanning
12:16:52.683    Modules scanning
12:18:48.155    Disk 0 trace - called modules:
12:18:48.248    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
12:18:48.264    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8683eac8]
12:18:48.264    3 CLASSPNP.SYS[8a9a58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85530028]
12:18:50.183    AVAST engine scan C:\Windows
12:22:02.967    AVAST engine scan C:\Windows\system32
12:34:40.020    AVAST engine scan C:\Windows\system32\drivers
12:40:47.540    AVAST engine scan C:\Users\Anika
13:54:48.813    AVAST engine scan C:\ProgramData
14:07:29.189    Scan finished successfully
16:19:46.902    Disk 0 MBR has been saved successfully to "C:\Users\Anika\Desktop\MBR.dat"
16:19:46.918    The log file has been saved successfully to "C:\Users\Anika\Desktop\aswMBR.txt"
         

Geändert von cosinus (01.10.2011 um 21:40 Uhr) Grund: Verschachtelte CODE-Tags entfernt

Alt 01.10.2011, 21:39   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
BKA Trojaner - Standard

BKA Trojaner



Edit: So hab die Verschachtelungen mal entfernt.

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.10.2011, 14:44   #15
jk_hamburg
 
BKA Trojaner - Standard

BKA Trojaner



so hier nun die logs:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7844

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

02.10.2011 16:27:51
mbam-log-2011-10-02 (16-27-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 338039
Laufzeit: 3 Stunde(n), 26 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 10/02/2011 at 05:14 PM

Application Version : 5.0.1128

Core Rules Database Version : 7746
Trace Rules Database Version: 5558

Scan type       : Complete Scan
Total Scan Time : 04:07:12

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 656
Memory threats detected   : 0
Registry items scanned    : 38984
Registry threats detected : 0
File items scanned        : 202664
File threats detected     : 300

Adware.Tracking Cookie
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@ad.yieldmanager[2].txt [ /ad.yieldmanager ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@ad2.adfarm1.adition[1].txt [ /ad2.adfarm1.adition ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@adcentriconline[1].txt [ /adcentriconline ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@adfarm1.adition[2].txt [ /adfarm1.adition ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@ads.pointroll[2].txt [ /ads.pointroll ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@adtech[1].txt [ /adtech ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@advertising[2].txt [ /advertising ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@atdmt[1].txt [ /atdmt ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@bluestreak[1].txt [ /bluestreak ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@bs.serving-sys[2].txt [ /bs.serving-sys ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@doubleclick[2].txt [ /doubleclick ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@fastclick[1].txt [ /fastclick ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@mediaplex[1].txt [ /mediaplex ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@msnaccountservices.112.2o7[1].txt [ /msnaccountservices.112.2o7 ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@revsci[2].txt [ /revsci ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@serving-sys[2].txt [ /serving-sys ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@smartadserver[2].txt [ /smartadserver ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@tracking.quisma[1].txt [ /tracking.quisma ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@tradedoubler[2].txt [ /tradedoubler ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@vdwp.solution.weborama[2].txt [ /vdwp.solution.weborama ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@weborama[1].txt [ /weborama ]
	C:\Users\Anika\AppData\Roaming\Microsoft\Windows\Cookies\anika@zanox[1].txt [ /zanox ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@www.etracker[2].txt [ Cookie:anika@www.etracker.de/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@msnportal.112.2o7[1].txt [ Cookie:anika@msnportal.112.2o7.net/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@serving-sys[1].txt [ Cookie:anika@serving-sys.com/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@msnaccountservices.112.2o7[1].txt [ Cookie:anika@msnaccountservices.112.2o7.net/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@bs.serving-sys[2].txt [ Cookie:anika@bs.serving-sys.com/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@atdmt[2].txt [ Cookie:anika@atdmt.com/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@bluestreak[1].txt [ Cookie:anika@bluestreak.com/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@webmasterplan[1].txt [ Cookie:anika@webmasterplan.com/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@adfarm1.adition[1].txt [ Cookie:anika@adfarm1.adition.com/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@tradedoubler[2].txt [ Cookie:anika@tradedoubler.com/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@ww251.smartadserver[1].txt [ Cookie:anika@ww251.smartadserver.com/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@zanox-affiliate[2].txt [ Cookie:anika@zanox-affiliate.de/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@www.zanox-affiliate[1].txt [ Cookie:anika@www.zanox-affiliate.de/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@admanager.trackset[1].txt [ Cookie:anika@admanager.trackset.com/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@statse.webtrendslive[2].txt [ Cookie:anika@statse.webtrendslive.com/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@adsrv.admediate[1].txt [ Cookie:anika@adsrv.admediate.net/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@de.sitestat[1].txt [ Cookie:anika@de.sitestat.com/idgcom-de/pcwelt/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@2o7[1].txt [ Cookie:anika@2o7.net/ ]
	C:\USERS\ANIKA\AppData\Roaming\Microsoft\Windows\Cookies\Low\anika@atdmt.combing[1].txt [ Cookie:anika@atdmt.combing.com/ ]
	C:\USERS\ANIKA\Cookies\anika@weborama[1].txt [ Cookie:anika@weborama.fr/ ]
	C:\USERS\ANIKA\Cookies\anika@ad.yieldmanager[2].txt [ Cookie:anika@ad.yieldmanager.com/ ]
	C:\USERS\ANIKA\Cookies\anika@adcentriconline[1].txt [ Cookie:anika@adcentriconline.com/ ]
	C:\USERS\ANIKA\Cookies\anika@serving-sys[2].txt [ Cookie:anika@serving-sys.com/ ]
	C:\USERS\ANIKA\Cookies\anika@msnaccountservices.112.2o7[1].txt [ Cookie:anika@msnaccountservices.112.2o7.net/ ]
	C:\USERS\ANIKA\Cookies\anika@atdmt[1].txt [ Cookie:anika@atdmt.com/ ]
	C:\USERS\ANIKA\Cookies\anika@bs.serving-sys[2].txt [ Cookie:anika@bs.serving-sys.com/ ]
	C:\USERS\ANIKA\Cookies\anika@bluestreak[1].txt [ Cookie:anika@bluestreak.com/ ]
	C:\USERS\ANIKA\Cookies\anika@adfarm1.adition[2].txt [ Cookie:anika@adfarm1.adition.com/ ]
	C:\USERS\ANIKA\Cookies\anika@vdwp.solution.weborama[2].txt [ Cookie:anika@vdwp.solution.weborama.fr/ ]
	C:\USERS\ANIKA\Cookies\anika@tradedoubler[2].txt [ Cookie:anika@tradedoubler.com/ ]
	C:\USERS\ANIKA\Cookies\anika@revsci[2].txt [ Cookie:anika@revsci.net/ ]
	C:\USERS\ANIKA\Cookies\anika@tracking.quisma[1].txt [ Cookie:anika@tracking.quisma.com/ ]
	C:\USERS\ANIKA\Cookies\anika@fastclick[1].txt [ Cookie:anika@fastclick.net/ ]
	C:\USERS\ANIKA\Cookies\anika@ads.pointroll[2].txt [ Cookie:anika@ads.pointroll.com/ ]
	.atdmt.com [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.atdmt.com [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.doubleclick.net [ C:\USERS\ANIKA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	apps.interpolls.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	cdn1.eyewonder.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	cloud.video.unrulymedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	hottraffic.nl [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	hs.interpolls.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	hzmedia.heyzap.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	imagesrv.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	m1.emea.2mdn.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	macromedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	media.mtvnservices.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	media.scanscout.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	media1.break.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	msntest.serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	secure-us.imrworldwide.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	spe.atdmt.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	static.plymedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	track.webgains.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LPD3NJAY ]
	C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ROTATOR.ADJUGGLER[2].TXT [ /ROTATOR.ADJUGGLER ]
	C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@APMEBF[1].TXT [ /APMEBF ]
	C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ACCOUNT.LIVE[2].TXT [ /ACCOUNT.LIVE ]
	C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ADVERTISING[1].TXT [ /ADVERTISING ]
	C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ADS.HEIAS[1].TXT [ /ADS.HEIAS ]
	C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@ADTECH[1].TXT [ /ADTECH ]
	C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@DOUBLECLICK[2].TXT [ /DOUBLECLICK ]
	C:\USERS\ANIKA\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ANIKA@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
	.de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.msnportal.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.hamburgerabendblatt.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.youporn.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.webmasterplan.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.allesklarcomag.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.adopt.euroclick.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.arcor.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.advertising.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.rambler.ru [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.partypoker.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.nextag.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.nextag.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.nextag.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.nextag.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	media.adrevolver.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.thomascookag.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.comvelgmbh.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.roitracking.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.divx.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	eas.apm.emediate.eu [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.112.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.aolde.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.tradedoubler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	nl.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	nl.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adserver.71i.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.videoegg.adbureau.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.wissende.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	track.webtrekk.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.bluestreak.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	rotator.adjuggler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	rotator.adjuggler.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adsrv.admediate.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adsrv.admediate.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	ad.adition.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	ad.adition.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	stat.novasol.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.hamburgerabendblattdedev.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.estat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	link.mercent.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.perf.overture.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	eas4.emediate.eu [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	rts.pgmediaserve.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.cgm.adbureau.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.adbureau.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.hasenet.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.hansenet.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.vodafonegroup.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.bwincom.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.smartadserver.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.fastclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.nacamar.adbureau.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	track.effiliation.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	ad.adserver01.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.interclick.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adserver3.openadex.dk [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	tracking.dc-storm.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.insightexpressai.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.doubleclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.agofev.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.kontera.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.movitex.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.dmtracker.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.thelabelfinder.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	ad.yieldmanager.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.adtech.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.randomhouse.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	ad1.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	ad2.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	ad3.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.vinvest.122.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.traffictrack.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.ads.quartermedia.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.ad.adnet.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adserver.qplaygames.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.lfstmedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.eyewonder.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.adbrite.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	tracking.adjug.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	tracking.adjug.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	tracking.adjug.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.specificclick.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.yieldmanager.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.adxpose.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.247realmedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.247realmedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.tracking.3gnet.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.trafficrevenue.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.server.cpmstar.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	dr.adservinginternational.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	soundvenueas.adservinginternational.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.revsci.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	s01.flagcounter.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.zanox.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.adviva.net [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	adx.chip.de [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.atdmt.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	ad4.adfarm1.adition.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.bs.serving-sys.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\ANIKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OXOATVF9.DEFAULT\COOKIES.SQLITE ]

Trojan.Downloader-Gen/A
	C:\PROGRAM FILES\DEGENER\VORTEST 7\MEDIA\A.EXE
         

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d00a502ca5b7d642a6c8d35ef92cbd14
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-29 06:17:19
# local_time=2011-09-29 08:17:19 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 8291 8291 0 0
# compatibility_mode=5892 16776638 100 100 13479850 154842122 0 0
# compatibility_mode=8192 67108863 100 0 131 131 0 0
# scanned=170824
# found=2
# cleaned=0
# scan_time=10845
C:\Users\Anika\Downloads\SoftonicDownloader64308.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\_OTL\MovedFiles\09292011_161836\C_Users\Anika\AppData\Local\Temp\0.6105569158567732.exe	a variant of Win32/Injector.GAW trojan (unable to clean)	00000000000000000000000000000000	I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=d00a502ca5b7d642a6c8d35ef92cbd14
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-02 03:31:07
# local_time=2011-10-02 05:31:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 252462 252462 0 0
# compatibility_mode=5892 16776638 100 100 13724021 155086293 0 0
# compatibility_mode=8192 67108863 100 0 244302 244302 0 0
# scanned=167447
# found=1
# cleaned=0
# scan_time=15902
C:\Users\Anika\Downloads\SoftonicDownloader64308.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
         

Antwort

Themen zu BKA Trojaner
antivir, autorun, avira, bho, bonjour, conduit, converter, desktop, error, excel, firefox, flash player, geld, google, google chrome, home, hotkey.sys, install.exe, launch, logfile, microsoft office word, mp3, nvlddmkm.sys, office 2007, plug-in, realtek, recover, registry, rundll, scan, sched.exe, security, security update, shell32.dll, software, trojane, trojaner, usb, usb 2.0, version=1.0, vista




Zum Thema BKA Trojaner - Hallo, habe wie schon im Titel geschrieben den BKA Trojaner auf einem Laptop. Nun habe ich mich hier schon ein wenig umgesehen im Forum. Habe mir OTLPENet runtergeladen und damit - BKA Trojaner...
Archiv
Du betrachtest: BKA Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.