Facebookvirus verschickt über meinen Account Links

Sarah1109199 · 12.11.2011, 11:15

Hallo Leute,

ich habe seit gestern das Problem, dass Facebook über meinen Account ständig Links an all meine Freunde verschickt. Ich habe wahrscheinlich dummerweise versehentlich auf soeinen Link geklickt und mich mit diesem Phorpiex Schädling infiziert (der heißt doch so oder?).

Die Links die versendet werden sehen so aus: "

ahahahahhapkf!! :O hxxp:// ... " bzw. "Sie in das Bild??vyg_ hxxp://..."

Avira hat nichts gefunden auf meinem PC und habe mir dann Malwarebytes runtergeladen, einen Vollscan durchgeführt und die Einträge entfernt.

Bei Facebook habe ich alle informiert, dass sie den Link bloß nicht öffnen sollen.

Wie bekomme ich den Virus jetzt vollständig von meinem PC?
Ich mache zB auch Onlinebanking über meinen Laptop!

cosinus · 12.11.2011, 13:32

Zitat:

mir dann Malwarebytes runtergeladen, einen Vollscan durchgeführt und die Einträge entfernt.

Die Logs von Malwarebytes sind alle nachzureichen

Sarah1109199 · 12.11.2011, 13:43

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8142

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

11.11.2011 22:56:38
mbam-log-2011-11-11 (22-56-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 324355
Laufzeit: 1 Stunde(n), 1 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 29

Infizierte Speicherprozesse:
c:\Users\msi mobile\AppData\Roaming\regsrv64.exe (Worm.Ngrbot) -> 3012 -> Unloaded process successfully.
c:\Users\msi mobile\AppData\Roaming\A958.exe (Worm.Ngrbot) -> 4644 -> Unloaded process successfully.
c:\Users\msi mobile\AppData\Roaming\F3FF.exe (Spyware.Passwords.XGen) -> 4748 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft DLL Registration (Worm.Ngrbot) -> Value: Microsoft DLL Registration -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Vkmmmh (Trojan.Agent) -> Value: Vkmmmh -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU (Backdoor.HMCPol.Gen) -> Value: HKCU -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\msi mobile\AppData\Roaming\regsrv64.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\A958.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\F3FF.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\Vkmmmh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\2IDXKA2R\b3[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\835O9HFI\b3[1].dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Local\Temp\install-1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\DBFE.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\22FC.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\23EC.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\658.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\760.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\7C31.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\86BF.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\9730.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\B2FE.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\B990.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\BC2C.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\BD7.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\D1B2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\D5F7.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\DC5D.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\EBD4.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\F29C.exe (Worm.Ngrbot) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\FF2C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Local\Temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\msi mobile\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

Sarah1109199 · 13.11.2011, 11:33

Kann mir denn hier niemand helfen?

cosinus · 14.11.2011, 12:31

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Sarah1109199 · 14.11.2011, 17:13

Nein, habe nur die eine Logdatei! Woher weiß ich denn jetzt, ob mein System noch infiziert ist oder nicht?

cosinus · 14.11.2011, 19:59

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Sarah1109199 · 15.11.2011, 23:19

Hallo, ich habe ESET ausgeführt, hat ganz schön lange gedauert!

Hier die Logdaten:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=722c9f04af97134ab210e502484a64b3
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-14 11:30:46
# local_time=2011-11-15 12:30:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 15651540 15651540 0 0
# compatibility_mode=1797 16775165 100 94 1491796 57847177 1506964 0
# compatibility_mode=5892 16776574 100 100 23279031 158843084 0 0
# compatibility_mode=8192 67108863 100 0 3909 3909 0 0
# scanned=24453
# found=0
# cleaned=0
# scan_time=3090
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=722c9f04af97134ab210e502484a64b3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-15 10:16:07
# local_time=2011-11-15 11:16:07 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777214 0 1 15725181 15725181 0 0
# compatibility_mode=1797 16775165 100 94 3910 57920818 0 0
# compatibility_mode=5892 16776574 100 100 23352672 158916725 0 0
# compatibility_mode=8192 67108863 100 0 77550 77550 0 0
# scanned=169535
# found=3
# cleaned=0
# scan_time=11372
C:\Users\MSI Mobile\AppData\Local\Temp\MyBabylonTB.exe a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\MSI Mobile\Downloads\SoftonicDownloader_fuer_avira-antivir.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\MSI Mobile\Downloads\SoftonicDownloader_fuer_nero-lite.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

cosinus · 16.11.2011, 09:31

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Sarah1109199 · 16.11.2011, 12:30

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.11.2011 11:40:40 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\MSI Mobile\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 65,20% Memory free
6,19 Gb Paging File | 5,11 Gb Available in Paging File | 82,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,66 Gb Total Space | 10,37 Gb Free Space | 10,62% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 156,63 Gb Free Space | 78,15% Space Free | Partition Type: NTFS
 
Computer Name: MSIMOBILE-PC | User Name: MSI Mobile | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.16 11:38:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\MSI Mobile\Downloads\OTL.exe
PRC - [2011.08.02 07:37:54 | 003,630,936 | ---- | M] () -- D:\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2011.07.28 13:44:22 | 001,851,224 | ---- | M] (Tobit.Software) -- D:\Tobit Radio.fx\Client\rfx-tray.exe
PRC - [2011.06.29 13:55:51 | 000,269,480 | ---- | M] (Avira GmbH) -- D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.17 12:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.04.14 10:32:28 | 000,421,160 | ---- | M] (Apple Inc.) -- D:\Programme\i tunes\iTunesHelper.exe
PRC - [2011.03.28 15:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.12.14 14:35:38 | 000,330,696 | ---- | M] () -- D:\Programme\Verbindungsassi Aldi\WTGService.exe
PRC - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Programme\Daemon Tools\DAEMON Tools Lite\DTLite.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.10 22:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.25 10:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.09.22 12:36:48 | 000,708,608 | ---- | M] (Mirco-Star International  CO., LTD.) -- C:\Programme\System Control Manager\MGSysCtrl.exe
PRC - [2008.08.26 15:52:14 | 000,159,744 | ---- | M] () -- C:\Programme\System Control Manager\MSIService.exe
PRC - [2008.08.20 11:35:20 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.07.20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.07.20 16:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2004.11.26 10:43:34 | 000,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.21 22:32:51 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll
MOD - [2011.10.19 18:48:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.19 18:47:19 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.19 18:45:08 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.19 18:44:32 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.08.02 10:15:30 | 000,213,504 | ---- | M] () -- D:\Tobit Radio.fx\Client\rfx-client$.ger
MOD - [2011.08.01 12:20:08 | 008,617,472 | ---- | M] () -- D:\Tobit Radio.fx\Client\tobitclt.dll
MOD - [2010.11.17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008.08.25 10:47:16 | 000,192,512 | ---- | M] () -- C:\Programme\System Control Manager\MSIWmiAcpi.dll
MOD - [2008.07.18 12:39:04 | 000,053,248 | ---- | M] () -- C:\Programme\System Control Manager\MGKBHook.dll
MOD - [2004.07.26 16:11:50 | 000,028,672 | ---- | M] () -- C:\Programme\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.02 07:37:54 | 003,630,936 | ---- | M] () [Auto | Running] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.06.29 13:55:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.12.14 14:35:38 | 000,330,696 | ---- | M] () [Auto | Running] -- D:\Programme\Verbindungsassi Aldi\WTGService.exe -- (WTGService)
SRV - [2010.05.04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.08.26 15:52:14 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Programme\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2008.07.20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.29 13:55:52 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 13:55:52 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.12.21 06:55:02 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.12.21 06:55:02 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2010.12.21 06:55:02 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010.12.21 06:55:02 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2010.10.21 19:01:20 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.04 12:50:14 | 000,261,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.02.24 11:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.09.24 05:26:00 | 007,585,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.24 11:03:56 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.04.28 18:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2007.10.11 11:24:00 | 000,079,104 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\sleen16.sys -- (SLEE_16_DRIVER)
DRV - [2006.11.02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Willkommen bei Facebook - anmelden, registrieren oder mehr erfahren
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D FC 23 78 92 56 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 212.23.97.9:8080
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\i tunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Programme\Picasa\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\MSI Mobile\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.04 19:50:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.05.17 19:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.09.30 19:17:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.05.09 18:49:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.02.04 19:50:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: D:\Programme\Mozilla Firefox\components [2011.09.30 19:17:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2011.05.09 18:49:58 | 000,000,000 | ---D | M]
 
[2010.09.18 19:03:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Extensions
[2011.10.04 18:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions
[2010.11.07 15:21:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.29 19:39:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.08 15:52:04 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com
[2011.11.11 14:58:21 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-1.xml
[2011.08.17 21:25:48 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-10.xml
[2011.08.21 14:02:16 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-11.xml
[2011.09.14 19:13:33 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-12.xml
[2011.09.16 17:44:04 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-13.xml
[2011.09.29 21:30:42 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-14.xml
[2011.10.03 17:20:15 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-15.xml
[2010.12.12 14:25:28 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-2.xml
[2011.02.18 19:59:59 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-3.xml
[2011.03.21 18:34:18 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-4.xml
[2011.05.02 17:32:50 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-5.xml
[2011.05.09 18:50:42 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-6.xml
[2011.05.10 19:13:09 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-7.xml
[2011.06.22 21:42:53 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-8.xml
[2011.07.04 19:39:43 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-9.xml
[2010.10.27 17:50:03 | 000,001,056 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira_AntiVir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] D:\Programme\i tunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Programme\System Control Manager\MGSysCtrl.exe (Mirco-Star International  CO., LTD.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Programme\Daemon Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\MSI Mobile\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKCU..\Run: [rfxsrvtray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Vkmmmh] C:\Users\MSI Mobile\AppData\Roaming\Vkmmmh.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42D05106-6CA9-499D-9DBC-0658FD350B0D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE49E988-18DE-464E-B24C-F2111873A485}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\MSI Mobile\AppData\Local\Microsoft\Wallpaper1.jpg
O24 - Desktop BackupWallPaper: C:\Users\MSI Mobile\AppData\Local\Microsoft\Wallpaper1.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3166b86d-c25b-11df-8dea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3166b86d-c25b-11df-8dea-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDSetup.exe
O33 - MountPoints2\{35f09913-ef6a-11df-a37b-002185bb7981}\Shell - "" = AutoRun
O33 - MountPoints2\{35f09913-ef6a-11df-a37b-002185bb7981}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5efbf702-261e-11e0-a13b-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{5efbf702-261e-11e0-a13b-002185e13cb9}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\DVR/AutoRun.exe start.exe
O33 - MountPoints2\{6353bb64-f0c4-11df-925a-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{6353bb64-f0c4-11df-925a-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{755b3009-04ae-11e1-9d39-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{755b3009-04ae-11e1-9d39-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7a536951-c332-11df-b4f7-002185bb7981}\Shell - "" = AutoRun
O33 - MountPoints2\{7a536951-c332-11df-b4f7-002185bb7981}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{965824b7-ef24-11df-9f48-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{965824b7-ef24-11df-9f48-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{965824ca-ef24-11df-9f48-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{965824ca-ef24-11df-9f48-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{dfa4424b-0513-11e0-8c94-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{dfa4424b-0513-11e0-8c94-002185e13cb9}\Shell\AutoRun\command - "" = F:\VTP_Manager.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.14 23:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.13 17:49:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.11.13 17:49:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.11.13 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.11.11 21:51:15 | 000,000,000 | ---D | C] -- C:\Users\MSI Mobile\AppData\Roaming\Malwarebytes
[2011.11.11 21:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.11.11 21:51:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.11 21:50:55 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.11 21:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.10.22 05:03:18 | 000,000,000 | ---D | C] -- C:\Users\MSI Mobile\AppData\Roaming\WinRAR
[2011.10.22 05:03:18 | 000,000,000 | ---D | C] -- C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.10.22 05:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.10.22 05:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.10.19 19:01:03 | 000,000,000 | ---D | C] -- C:\Users\MSI Mobile\Documents\N3DS
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.16 11:39:02 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000UA.job
[2011.11.16 11:35:14 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.16 11:35:14 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.16 11:35:14 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.16 11:35:14 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.16 11:29:45 | 000,116,074 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.11.16 11:29:37 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.16 11:29:37 | 000,004,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.16 11:29:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.16 11:28:58 | 3220,340,736 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.14 23:34:26 | 000,000,900 | ---- | M] () -- C:\Users\MSI Mobile\Desktop\esetsmartinstaller_enu - Verknüpfung.lnk
[2011.11.14 23:19:44 | 000,116,074 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.11.14 17:39:04 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000Core.job
[2011.11.13 17:50:00 | 000,001,055 | ---- | M] () -- C:\Users\MSI Mobile\Desktop\Spybot - Search & Destroy.lnk
[2011.11.11 22:56:49 | 000,002,631 | ---- | M] () -- C:\Users\MSI Mobile\Desktop\Microsoft Office Word 2007.lnk
[2011.11.11 21:51:01 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.09 19:29:05 | 000,000,680 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Local\d3d9caps.dat
[2011.10.27 19:09:36 | 000,057,344 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2011.11.14 23:34:26 | 000,000,900 | ---- | C] () -- C:\Users\MSI Mobile\Desktop\esetsmartinstaller_enu - Verknüpfung.lnk
[2011.11.13 17:50:00 | 000,001,055 | ---- | C] () -- C:\Users\MSI Mobile\Desktop\Spybot - Search & Destroy.lnk
[2011.11.11 21:51:01 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.26 20:29:16 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2011.02.04 19:41:15 | 000,233,481 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011.01.29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.01.29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.01.29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.01.29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.01.08 18:50:49 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.01.08 18:50:49 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.01.08 18:50:49 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.01.08 18:50:49 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.01.08 18:50:49 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.01.08 18:50:49 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.01.08 18:50:49 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.01.08 18:50:49 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.01.08 18:50:49 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.01.08 18:50:49 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.01.08 18:50:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.01.08 18:50:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.01.08 18:50:49 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.01.08 18:50:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.01.08 18:50:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.01.08 18:50:49 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.01.08 18:50:49 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.01.08 18:50:49 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.01.08 18:50:49 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.01.08 18:43:08 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX400DEFGIPSDaFiNoSv.ini
[2010.11.07 15:02:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.28 19:12:47 | 000,341,498 | ---- | C] () -- C:\Users\MSI Mobile\AppData\Roaming\mdbu.bin
[2010.09.22 19:02:19 | 000,000,000 | ---- | C] () -- C:\Users\MSI Mobile\AppData\Roaming\wklnhst.dat
[2010.09.18 12:40:45 | 000,057,344 | ---- | C] () -- C:\Users\MSI Mobile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.17 16:41:39 | 000,000,104 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini
[2010.09.17 16:18:51 | 000,116,074 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.09.17 15:57:27 | 000,116,074 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.09.17 14:18:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.09.17 14:18:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.09.17 14:18:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.09.17 14:06:56 | 000,000,680 | ---- | C] () -- C:\Users\MSI Mobile\AppData\Local\d3d9caps.dat
[2010.04.01 00:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2009.12.03 08:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008.01.21 08:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,451,680 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000061.DLL
 
========== LOP Check ==========
 
[2011.03.20 14:08:00 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Auslogics
[2011.02.18 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\AVG10
[2010.10.21 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\DAEMON Tools Lite
[2011.10.03 19:21:22 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\ICQ
[2010.11.30 16:28:01 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Programme
[2010.10.21 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\ProtectDISC
[2011.07.24 17:31:33 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Samsung
[2011.04.26 20:29:34 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Tobit
[2011.04.29 19:22:34 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Ulead Systems
[2011.11.01 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi
[2010.11.28 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Wildlife Park 2
[2011.11.14 17:39:04 | 000,000,926 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000Core.job
[2011.11.16 11:39:02 | 000,000,948 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3700083461-3758754058-1150892198-1000UA.job
[2011.11.15 23:21:39 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.13 18:21:15 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Adobe
[2011.01.23 19:52:01 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Apple Computer
[2011.03.20 14:08:00 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Auslogics
[2011.02.18 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\AVG10
[2011.05.17 20:38:48 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Avira
[2010.10.21 19:08:29 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\DAEMON Tools Lite
[2011.02.04 20:04:34 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\HP
[2011.04.25 18:49:14 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\HpUpdate
[2011.10.03 19:21:22 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\ICQ
[2010.09.17 14:07:03 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Identities
[2010.09.17 16:24:20 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\InstallShield
[2010.09.19 11:11:19 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Macromedia
[2011.11.11 21:51:15 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Media Center Programs
[2011.05.12 19:07:09 | 000,000,000 | --SD | M] -- C:\Users\MSI Mobile\AppData\Roaming\Microsoft
[2010.09.18 19:03:40 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla
[2010.09.19 17:52:49 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Nero
[2010.11.30 16:28:01 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Programme
[2010.10.21 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\ProtectDISC
[2011.07.24 17:31:33 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Samsung
[2011.11.10 23:30:14 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Skype
[2011.07.04 19:16:23 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\skypePM
[2011.04.26 20:29:34 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Tobit
[2010.10.19 19:25:11 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\U3
[2011.04.29 19:22:34 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Ulead Systems
[2011.11.01 18:41:38 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi
[2011.07.24 19:27:15 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\vlc
[2010.11.28 14:41:25 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\Wildlife Park 2
[2011.10.22 05:03:23 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.02.04 20:07:27 | 000,010,134 | R--- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2010.10.19 19:18:29 | 000,010,134 | R--- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.06.07 23:11:36 | 000,052,616 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\content\issigned.exe
[2011.11.05 00:36:30 | 000,347,088 | ---- | M] (Ask.com) -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\content\NeroApplicationManager.exe
[2011.06.14 14:20:41 | 003,486,088 | ---- | M] (Ask) -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2009.01.14 11:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\Del_CD_ROM.exe
[2010.11.13 21:59:51 | 000,042,448 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\InstallWTGService.exe
[2009.03.03 12:44:55 | 000,251,344 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\OSU.exe
[2010.11.13 21:59:50 | 001,148,368 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\Setup.exe
[2010.11.13 21:59:50 | 001,111,504 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\Uninstaller.exe
[2010.11.13 21:59:50 | 007,247,312 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\Verbindungsassistent.exe
[2010.11.13 21:59:50 | 000,497,104 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\Verbindungsassistent_SMSMMS.exe
[2010.11.13 21:59:51 | 000,329,168 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\WTGService.exe
[2009.03.03 12:45:15 | 000,243,152 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Programme\BackUp\WTGVistaUtil.exe
[2009.01.14 11:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\Del_CD_ROM.exe
[2009.03.03 12:44:48 | 000,030,160 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\InstallWTGService.exe
[2009.03.03 12:44:55 | 000,251,344 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\OSU.exe
[2009.03.03 12:45:08 | 000,693,712 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\Setup.exe
[2009.03.03 12:45:05 | 001,091,024 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\Uninstaller.exe
[2009.03.03 12:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\Verbindungsassistent.exe
[2009.03.04 08:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\Verbindungsassistent_SMSMMS.exe
[2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\WTGService.exe
[2009.03.03 12:45:15 | 000,243,152 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Verbindungsassi Aldi\BackUp\WTGVistaUtil.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.07.20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.07.20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\iaStor.sys
[2008.07.20 16:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys
[2008.07.20 16:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.10.21 19:01:20 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.03.08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<           >

< End of report >

--- --- ---

cosinus · 16.11.2011, 12:37

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - [2011.05.17 12:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Willkommen bei Facebook - anmelden, registrieren oder mehr erfahren
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D FC 23 78 92 56 CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 212.23.97.9:8080
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q="
[2011.06.29 19:39:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.08 15:52:04 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com
[2011.11.11 14:58:21 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-1.xml
[2011.08.17 21:25:48 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-10.xml
[2011.08.21 14:02:16 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-11.xml
[2011.09.14 19:13:33 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-12.xml
[2011.09.16 17:44:04 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-13.xml
[2011.09.29 21:30:42 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-14.xml
[2011.10.03 17:20:15 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-15.xml
[2010.12.12 14:25:28 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-2.xml
[2011.02.18 19:59:59 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-3.xml
[2011.03.21 18:34:18 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-4.xml
[2011.05.02 17:32:50 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-5.xml
[2011.05.09 18:50:42 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-6.xml
[2011.05.10 19:13:09 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-7.xml
[2011.06.22 21:42:53 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-8.xml
[2011.07.04 19:39:43 | 000,000,950 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-9.xml
[2010.10.27 17:50:03 | 000,001,056 | ---- | M] () -- C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin.xml
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Vkmmmh] C:\Users\MSI Mobile\AppData\Roaming\Vkmmmh.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3166b86d-c25b-11df-8dea-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3166b86d-c25b-11df-8dea-806e6f6e6963}\Shell\AutoRun\command - "" = E:\CDSetup.exe
O33 - MountPoints2\{35f09913-ef6a-11df-a37b-002185bb7981}\Shell - "" = AutoRun
O33 - MountPoints2\{35f09913-ef6a-11df-a37b-002185bb7981}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5efbf702-261e-11e0-a13b-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{5efbf702-261e-11e0-a13b-002185e13cb9}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\DVR/AutoRun.exe start.exe
O33 - MountPoints2\{6353bb64-f0c4-11df-925a-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{6353bb64-f0c4-11df-925a-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{755b3009-04ae-11e1-9d39-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{755b3009-04ae-11e1-9d39-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7a536951-c332-11df-b4f7-002185bb7981}\Shell - "" = AutoRun
O33 - MountPoints2\{7a536951-c332-11df-b4f7-002185bb7981}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{965824b7-ef24-11df-9f48-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{965824b7-ef24-11df-9f48-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{965824ca-ef24-11df-9f48-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{965824ca-ef24-11df-9f48-002185e13cb9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{dfa4424b-0513-11e0-8c94-002185e13cb9}\Shell - "" = AutoRun
O33 - MountPoints2\{dfa4424b-0513-11e0-8c94-002185e13cb9}\Shell\AutoRun\command - "" = F:\VTP_Manager.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2011.02.18 19:59:27 | 000,000,000 | ---D | M] -- C:\Users\MSI Mobile\AppData\Roaming\AVG10
:Files
C:\Programme\Ask.com
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Sarah1109199 · 18.11.2011, 14:57

All processes killed
========== OTL ==========
No active process named Updater.exe was found!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: toolbar@ask.com:3.11.3.15590 removed from extensions.enabledItems
Prefs.js: avg@igeared:6.103.018.001 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.3&q=" removed from keyword.URL
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-09-Nov-2011-13-21-59-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-09-Nov-2011-13-21-54-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-01-Jun-2011-11-09-53-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-14-53-55-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-22-Sep-2011-16-28-27-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-10-Nov-2011-16-50-15-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-04-Nov-2010-17-42-03-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-24-Oct-2010-10-01-41-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-20-Mar-2011-21-16-32-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-07-Nov-2010-14-22-04-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-06-Aug-2011-10-45-51-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-07-Nov-2011-17-17-39-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Nov-2011-14-10-31-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Nov-2011-14-06-08-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Nov-2011-14-03-59-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Nov-2011-14-02-03-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Nov-2011-13-56-27-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-11-Nov-2011-13-54-32-GMT folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\mozilla\Firefox\Profiles\vtjotpbd.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\vtjotpbd.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Programme\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Programme\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Vkmmmh deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3166b86d-c25b-11df-8dea-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3166b86d-c25b-11df-8dea-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3166b86d-c25b-11df-8dea-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3166b86d-c25b-11df-8dea-806e6f6e6963}\ not found.
File E:\CDSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35f09913-ef6a-11df-a37b-002185bb7981}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35f09913-ef6a-11df-a37b-002185bb7981}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{35f09913-ef6a-11df-a37b-002185bb7981}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35f09913-ef6a-11df-a37b-002185bb7981}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efbf702-261e-11e0-a13b-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efbf702-261e-11e0-a13b-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5efbf702-261e-11e0-a13b-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5efbf702-261e-11e0-a13b-002185e13cb9}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\DVR/AutoRun.exe start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6353bb64-f0c4-11df-925a-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6353bb64-f0c4-11df-925a-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6353bb64-f0c4-11df-925a-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6353bb64-f0c4-11df-925a-002185e13cb9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{755b3009-04ae-11e1-9d39-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{755b3009-04ae-11e1-9d39-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{755b3009-04ae-11e1-9d39-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{755b3009-04ae-11e1-9d39-002185e13cb9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a536951-c332-11df-b4f7-002185bb7981}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a536951-c332-11df-b4f7-002185bb7981}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a536951-c332-11df-b4f7-002185bb7981}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a536951-c332-11df-b4f7-002185bb7981}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{965824b7-ef24-11df-9f48-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965824b7-ef24-11df-9f48-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{965824b7-ef24-11df-9f48-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965824b7-ef24-11df-9f48-002185e13cb9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{965824ca-ef24-11df-9f48-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965824ca-ef24-11df-9f48-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{965824ca-ef24-11df-9f48-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{965824ca-ef24-11df-9f48-002185e13cb9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a6b957ef-dd3d-11df-a5de-002185e13cb9}\ not found.
File H:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfa4424b-0513-11e0-8c94-002185e13cb9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa4424b-0513-11e0-8c94-002185e13cb9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dfa4424b-0513-11e0-8c94-002185e13cb9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dfa4424b-0513-11e0-8c94-002185e13cb9}\ not found.
File F:\VTP_Manager.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\MSI Mobile\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\MSI Mobile\AppData\Roaming\AVG10 folder moved successfully.
========== FILES ==========
File\Folder C:\Programme\Ask.com not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: MSI Mobile
->Temp folder emptied: 114338741 bytes
->Temporary Internet Files folder emptied: 55206301 bytes
->Java cache emptied: 10591130 bytes
->FireFox cache emptied: 216142322 bytes
->Flash cache emptied: 20532 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 156381070 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 527,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11182011_144718

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 18.11.2011, 16:05

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Sarah1109199 · 18.11.2011, 18:04

18:01:20.0448 3476 TDSS rootkit removing tool 2.6.19.0 Nov 16 2011 12:18:50
18:01:20.0873 3476 ============================================================
18:01:20.0873 3476 Current date / time: 2011/11/18 18:01:20.0873
18:01:20.0873 3476 SystemInfo:
18:01:20.0873 3476
18:01:20.0874 3476 OS Version: 6.0.6002 ServicePack: 2.0
18:01:20.0874 3476 Product type: Workstation
18:01:20.0874 3476 ComputerName: MSIMOBILE-PC
18:01:20.0874 3476 UserName: MSI Mobile
18:01:20.0874 3476 Windows directory: C:\Windows
18:01:20.0874 3476 System windows directory: C:\Windows
18:01:20.0874 3476 Processor architecture: Intel x86
18:01:20.0874 3476 Number of processors: 2
18:01:20.0874 3476 Page size: 0x1000
18:01:20.0874 3476 Boot type: Normal boot
18:01:20.0875 3476 ============================================================
18:01:21.0543 3476 Initialize success
18:01:43.0842 5832 ============================================================
18:01:43.0842 5832 Scan started
18:01:43.0842 5832 Mode: Manual; SigCheck; TDLFS;
18:01:43.0842 5832 ============================================================
18:01:44.0288 5832 acedrv11 (e6f53d6c0dea3d375362265e175ca638) C:\Windows\system32\drivers\acedrv11.sys
18:01:44.0622 5832 acedrv11 - ok
18:01:44.0672 5832 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:01:44.0705 5832 ACPI - ok
18:01:44.0780 5832 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:01:44.0845 5832 adp94xx - ok
18:01:44.0869 5832 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:01:44.0919 5832 adpahci - ok
18:01:44.0955 5832 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:01:44.0990 5832 adpu160m - ok
18:01:45.0037 5832 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:01:45.0086 5832 adpu320 - ok
18:01:45.0204 5832 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:01:45.0309 5832 AFD - ok
18:01:45.0469 5832 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
18:01:45.0885 5832 AgereSoftModem - ok
18:01:45.0941 5832 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:01:45.0975 5832 agp440 - ok
18:01:45.0992 5832 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:01:46.0024 5832 aic78xx - ok
18:01:46.0052 5832 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:01:46.0073 5832 aliide - ok
18:01:46.0088 5832 ALIWEHCD - ok
18:01:46.0123 5832 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:01:46.0154 5832 amdagp - ok
18:01:46.0173 5832 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:01:46.0201 5832 amdide - ok
18:01:46.0228 5832 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:01:46.0342 5832 AmdK7 - ok
18:01:46.0366 5832 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:01:46.0435 5832 AmdK8 - ok
18:01:46.0513 5832 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:01:46.0551 5832 arc - ok
18:01:46.0569 5832 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:01:46.0606 5832 arcsas - ok
18:01:46.0637 5832 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:01:46.0709 5832 AsyncMac - ok
18:01:46.0742 5832 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:01:46.0765 5832 atapi - ok
18:01:46.0808 5832 AVGIDSShim - ok
18:01:46.0847 5832 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
18:01:46.0890 5832 avgntflt - ok
18:01:46.0916 5832 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
18:01:46.0952 5832 avipbb - ok
18:01:46.0994 5832 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:01:47.0154 5832 Beep - ok
18:01:47.0206 5832 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:01:47.0299 5832 blbdrive - ok
18:01:47.0351 5832 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:01:47.0470 5832 bowser - ok
18:01:47.0510 5832 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:01:47.0666 5832 BrFiltLo - ok
18:01:47.0696 5832 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:01:47.0790 5832 BrFiltUp - ok
18:01:47.0825 5832 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:01:48.0006 5832 Brserid - ok
18:01:48.0031 5832 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:01:48.0141 5832 BrSerWdm - ok
18:01:48.0165 5832 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:01:48.0281 5832 BrUsbMdm - ok
18:01:48.0303 5832 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:01:48.0412 5832 BrUsbSer - ok
18:01:48.0446 5832 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:01:48.0560 5832 BTHMODEM - ok
18:01:48.0640 5832 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:01:48.0742 5832 cdfs - ok
18:01:48.0771 5832 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:01:48.0818 5832 cdrom - ok
18:01:48.0856 5832 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
18:01:48.0972 5832 circlass - ok
18:01:49.0032 5832 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:01:49.0098 5832 CLFS - ok
18:01:49.0203 5832 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:01:49.0268 5832 CmBatt - ok
18:01:49.0291 5832 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:01:49.0334 5832 cmdide - ok
18:01:49.0361 5832 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:01:49.0384 5832 Compbatt - ok
18:01:49.0413 5832 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:01:49.0442 5832 crcdisk - ok
18:01:49.0461 5832 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:01:49.0534 5832 Crusoe - ok
18:01:49.0642 5832 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:01:49.0716 5832 DfsC - ok
18:01:49.0754 5832 dgderdrv - ok
18:01:49.0802 5832 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:01:49.0826 5832 disk - ok
18:01:49.0925 5832 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:01:49.0996 5832 drmkaud - ok
18:01:50.0155 5832 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:01:50.0199 5832 DXGKrnl - ok
18:01:50.0218 5832 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:01:50.0275 5832 E1G60 - ok
18:01:50.0315 5832 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:01:50.0359 5832 Ecache - ok
18:01:50.0402 5832 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:01:50.0447 5832 elxstor - ok
18:01:50.0486 5832 enecir (6c74035909b31f873d85b25e00beb984) C:\Windows\system32\DRIVERS\enecir.sys
18:01:50.0524 5832 enecir - ok
18:01:50.0545 5832 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:01:50.0607 5832 ErrDev - ok
18:01:50.0658 5832 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:01:50.0712 5832 exfat - ok
18:01:50.0744 5832 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:01:50.0807 5832 fastfat - ok
18:01:50.0824 5832 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:01:50.0902 5832 fdc - ok
18:01:50.0925 5832 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:01:50.0957 5832 FileInfo - ok
18:01:50.0974 5832 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:01:51.0033 5832 Filetrace - ok
18:01:51.0052 5832 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:01:51.0115 5832 flpydisk - ok
18:01:51.0148 5832 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:01:51.0190 5832 FltMgr - ok
18:01:51.0249 5832 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:01:51.0305 5832 Fs_Rec - ok
18:01:51.0338 5832 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:01:51.0371 5832 gagp30kx - ok
18:01:51.0400 5832 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:01:51.0424 5832 GEARAspiWDM - ok
18:01:51.0501 5832 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
18:01:51.0560 5832 HdAudAddService - ok
18:01:51.0620 5832 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:01:51.0713 5832 HDAudBus - ok
18:01:51.0742 5832 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:01:51.0853 5832 HidBth - ok
18:01:51.0886 5832 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
18:01:51.0941 5832 HidIr - ok
18:01:51.0990 5832 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:01:52.0041 5832 HidUsb - ok
18:01:52.0076 5832 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:01:52.0108 5832 HpCISSs - ok
18:01:52.0177 5832 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:01:52.0305 5832 HTTP - ok
18:01:52.0339 5832 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:01:52.0368 5832 hwdatacard - ok
18:01:52.0388 5832 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:01:52.0438 5832 i2omp - ok
18:01:52.0476 5832 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:01:52.0532 5832 i8042prt - ok
18:01:52.0583 5832 iaStor (707c1692214b1c290271067197f075f6) C:\Windows\system32\DRIVERS\iaStor.sys
18:01:52.0609 5832 iaStor - ok
18:01:52.0632 5832 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:01:52.0681 5832 iaStorV - ok
18:01:52.0722 5832 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:01:52.0751 5832 iirsp - ok
18:01:52.0918 5832 IntcAzAudAddService (f4ec36c333ac09011ab1931ce9582c56) C:\Windows\system32\drivers\RTKVHDA.sys
18:01:53.0030 5832 IntcAzAudAddService - ok
18:01:53.0105 5832 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:01:53.0134 5832 intelide - ok
18:01:53.0159 5832 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:01:53.0225 5832 intelppm - ok
18:01:53.0255 5832 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:01:53.0329 5832 IpFilterDriver - ok
18:01:53.0347 5832 IpInIp - ok
18:01:53.0376 5832 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:01:53.0463 5832 IPMIDRV - ok
18:01:53.0497 5832 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:01:53.0564 5832 IPNAT - ok
18:01:53.0591 5832 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:01:53.0658 5832 IRENUM - ok
18:01:53.0686 5832 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:01:53.0718 5832 isapnp - ok
18:01:53.0756 5832 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:01:53.0785 5832 iScsiPrt - ok
18:01:53.0807 5832 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:01:53.0835 5832 iteatapi - ok
18:01:53.0874 5832 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:01:53.0901 5832 iteraid - ok
18:01:53.0914 5832 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:01:53.0945 5832 kbdclass - ok
18:01:53.0976 5832 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:01:54.0022 5832 kbdhid - ok
18:01:54.0062 5832 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
18:01:54.0123 5832 KSecDD - ok
18:01:54.0163 5832 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:01:54.0237 5832 lltdio - ok
18:01:54.0285 5832 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:01:54.0321 5832 LSI_FC - ok
18:01:54.0343 5832 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:01:54.0385 5832 LSI_SAS - ok
18:01:54.0419 5832 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:01:54.0457 5832 LSI_SCSI - ok
18:01:54.0474 5832 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:01:54.0565 5832 luafv - ok
18:01:54.0586 5832 MBAMSwissArmy - ok
18:01:54.0623 5832 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:01:54.0653 5832 megasas - ok
18:01:54.0699 5832 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:01:54.0775 5832 MegaSR - ok
18:01:54.0837 5832 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:01:54.0895 5832 Modem - ok
18:01:54.0916 5832 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:01:54.0968 5832 monitor - ok
18:01:54.0985 5832 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:01:55.0014 5832 mouclass - ok
18:01:55.0032 5832 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:01:55.0096 5832 mouhid - ok
18:01:55.0112 5832 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:01:55.0148 5832 MountMgr - ok
18:01:55.0173 5832 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:01:55.0207 5832 mpio - ok
18:01:55.0227 5832 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:01:55.0283 5832 mpsdrv - ok
18:01:55.0316 5832 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:01:55.0351 5832 Mraid35x - ok
18:01:55.0377 5832 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:01:55.0438 5832 MRxDAV - ok
18:01:55.0477 5832 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:01:55.0542 5832 mrxsmb - ok
18:01:55.0633 5832 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:01:55.0690 5832 mrxsmb10 - ok
18:01:55.0709 5832 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:01:55.0763 5832 mrxsmb20 - ok
18:01:55.0798 5832 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
18:01:55.0829 5832 msahci - ok
18:01:55.0856 5832 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:01:55.0879 5832 msdsm - ok
18:01:55.0920 5832 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:01:56.0002 5832 Msfs - ok
18:01:56.0028 5832 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:01:56.0056 5832 msisadrv - ok
18:01:56.0089 5832 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:01:56.0152 5832 MSKSSRV - ok
18:01:56.0198 5832 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:01:56.0255 5832 MSPCLOCK - ok
18:01:56.0282 5832 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:01:56.0339 5832 MSPQM - ok
18:01:56.0388 5832 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:01:56.0416 5832 MsRPC - ok
18:01:56.0451 5832 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:01:56.0473 5832 mssmbios - ok
18:01:56.0504 5832 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:01:56.0577 5832 MSTEE - ok
18:01:56.0607 5832 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:01:56.0691 5832 Mup - ok
18:01:56.0733 5832 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:01:56.0782 5832 NativeWifiP - ok
18:01:56.0827 5832 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:01:56.0872 5832 NDIS - ok
18:01:56.0909 5832 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:01:56.0971 5832 NdisTapi - ok
18:01:56.0995 5832 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:01:57.0059 5832 Ndisuio - ok
18:01:57.0079 5832 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:01:57.0143 5832 NdisWan - ok
18:01:57.0170 5832 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:01:57.0213 5832 NDProxy - ok
18:01:57.0256 5832 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:01:57.0313 5832 NetBIOS - ok
18:01:57.0344 5832 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:01:57.0411 5832 netbt - ok
18:01:57.0556 5832 netr28 (3f540b257442cc1a2220dd8f73ac1c77) C:\Windows\system32\DRIVERS\netr28.sys
18:01:57.0631 5832 netr28 - ok
18:01:57.0668 5832 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:01:57.0700 5832 nfrd960 - ok
18:01:57.0716 5832 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:01:57.0781 5832 Npfs - ok
18:01:57.0812 5832 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:01:57.0884 5832 nsiproxy - ok
18:01:57.0938 5832 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:01:58.0064 5832 Ntfs - ok
18:01:58.0094 5832 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:01:58.0191 5832 ntrigdigi - ok
18:01:58.0203 5832 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:01:58.0266 5832 Null - ok
18:01:58.0496 5832 nvlddmkm (e8651dce7db8094d06d2d2622df98982) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:01:59.0006 5832 nvlddmkm - ok
18:01:59.0036 5832 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:01:59.0076 5832 nvraid - ok
18:01:59.0107 5832 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:01:59.0137 5832 nvstor - ok
18:01:59.0160 5832 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:01:59.0197 5832 nv_agp - ok
18:01:59.0208 5832 NwlnkFlt - ok
18:01:59.0222 5832 NwlnkFwd - ok
18:01:59.0265 5832 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:01:59.0374 5832 ohci1394 - ok
18:01:59.0410 5832 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:01:59.0531 5832 Parport - ok
18:01:59.0544 5832 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:01:59.0579 5832 partmgr - ok
18:01:59.0605 5832 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:01:59.0697 5832 Parvdm - ok
18:01:59.0732 5832 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:01:59.0777 5832 pci - ok
18:01:59.0807 5832 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:01:59.0844 5832 pciide - ok
18:01:59.0893 5832 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:01:59.0965 5832 pcmcia - ok
18:02:00.0033 5832 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:02:00.0186 5832 PEAUTH - ok
18:02:00.0294 5832 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:02:00.0367 5832 PptpMiniport - ok
18:02:00.0406 5832 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:02:00.0489 5832 Processor - ok
18:02:00.0526 5832 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:02:00.0577 5832 PSched - ok
18:02:00.0639 5832 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:02:00.0774 5832 ql2300 - ok
18:02:00.0808 5832 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:02:00.0850 5832 ql40xx - ok
18:02:00.0868 5832 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:02:00.0932 5832 QWAVEdrv - ok
18:02:00.0993 5832 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:02:01.0055 5832 RasAcd - ok
18:02:01.0080 5832 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:02:01.0136 5832 Rasl2tp - ok
18:02:01.0175 5832 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:02:01.0238 5832 RasPppoe - ok
18:02:01.0267 5832 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:02:01.0306 5832 RasSstp - ok
18:02:01.0328 5832 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:02:01.0388 5832 rdbss - ok
18:02:01.0402 5832 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:02:01.0462 5832 RDPCDD - ok
18:02:01.0493 5832 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:02:01.0568 5832 rdpdr - ok
18:02:01.0580 5832 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:02:01.0634 5832 RDPENCDD - ok
18:02:01.0661 5832 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:02:01.0731 5832 RDPWD - ok
18:02:01.0765 5832 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:02:01.0823 5832 rspndr - ok
18:02:01.0853 5832 RTL8169 (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:02:01.0884 5832 RTL8169 - ok
18:02:01.0917 5832 RTSTOR (b0538dea03e088b80482ca939f4e8740) C:\Windows\system32\drivers\RTSTOR.SYS
18:02:01.0959 5832 RTSTOR - ok
18:02:01.0994 5832 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:02:02.0027 5832 sbp2port - ok
18:02:02.0079 5832 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:02:02.0181 5832 secdrv - ok
18:02:02.0224 5832 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:02:02.0315 5832 Serenum - ok
18:02:02.0340 5832 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:02:02.0437 5832 Serial - ok
18:02:02.0463 5832 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:02:02.0534 5832 sermouse - ok
18:02:02.0576 5832 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:02:02.0620 5832 sffdisk - ok
18:02:02.0650 5832 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:02:02.0706 5832 sffp_mmc - ok
18:02:02.0723 5832 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:02:02.0777 5832 sffp_sd - ok
18:02:02.0800 5832 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:02:02.0905 5832 sfloppy - ok
18:02:02.0945 5832 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:02:02.0976 5832 sisagp - ok
18:02:02.0997 5832 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:02:03.0032 5832 SiSRaid2 - ok
18:02:03.0057 5832 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:02:03.0089 5832 SiSRaid4 - ok
18:02:03.0151 5832 SLEE_16_DRIVER (4723512c035a3a880db4657705466240) C:\Windows\system32\drivers\Sleen16.sys
18:02:03.0182 5832 SLEE_16_DRIVER - ok
18:02:03.0223 5832 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:02:03.0273 5832 Smb - ok
18:02:03.0298 5832 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:02:03.0326 5832 spldr - ok
18:02:03.0377 5832 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
18:02:03.0377 5832 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
18:02:03.0380 5832 sptd ( LockedFile.Multi.Generic ) - warning
18:02:03.0381 5832 sptd - detected LockedFile.Multi.Generic (1)
18:02:03.0412 5832 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:02:03.0493 5832 srv - ok
18:02:03.0526 5832 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:02:03.0576 5832 srv2 - ok
18:02:03.0607 5832 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:02:03.0655 5832 srvnet - ok
18:02:03.0687 5832 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:02:03.0712 5832 ssmdrv - ok
18:02:03.0748 5832 ss_bbus (3f0164fbc0bd1adbd02df9759181451a) C:\Windows\system32\DRIVERS\ss_bbus.sys
18:02:03.0781 5832 ss_bbus - ok
18:02:03.0805 5832 ss_bmdfl (b89d62206034e5fe573c80a24dd55675) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
18:02:03.0827 5832 ss_bmdfl - ok
18:02:03.0867 5832 ss_bmdm (1ed0fcea586fe2a416ee15196e5631dd) C:\Windows\system32\DRIVERS\ss_bmdm.sys
18:02:03.0898 5832 ss_bmdm - ok
18:02:03.0921 5832 ss_bserd (994d2e5378cc337ec7dd73c1e04fcaa4) C:\Windows\system32\DRIVERS\ss_bserd.sys
18:02:03.0952 5832 ss_bserd - ok
18:02:03.0996 5832 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
18:02:04.0037 5832 StillCam - ok
18:02:04.0065 5832 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:02:04.0094 5832 swenum - ok
18:02:04.0129 5832 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:02:04.0157 5832 Symc8xx - ok
18:02:04.0176 5832 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:02:04.0205 5832 Sym_hi - ok
18:02:04.0226 5832 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:02:04.0254 5832 Sym_u3 - ok
18:02:04.0334 5832 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:02:04.0467 5832 Tcpip - ok
18:02:04.0495 5832 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:02:04.0564 5832 Tcpip6 - ok
18:02:04.0604 5832 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:02:04.0649 5832 tcpipreg - ok
18:02:04.0689 5832 TcUsb (55fe712f574da1a726ad74b20886a529) C:\Windows\system32\Drivers\tcusb.sys
18:02:04.0718 5832 TcUsb - ok
18:02:04.0743 5832 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:02:04.0807 5832 TDPIPE - ok
18:02:04.0834 5832 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:02:04.0895 5832 TDTCP - ok
18:02:04.0941 5832 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:02:04.0997 5832 tdx - ok
18:02:05.0034 5832 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:02:05.0071 5832 TermDD - ok
18:02:05.0124 5832 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:02:05.0191 5832 tssecsrv - ok
18:02:05.0225 5832 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:02:05.0279 5832 tunmp - ok
18:02:05.0308 5832 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
18:02:05.0368 5832 tunnel - ok
18:02:05.0387 5832 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:02:05.0418 5832 uagp35 - ok
18:02:05.0446 5832 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:02:05.0517 5832 udfs - ok
18:02:05.0559 5832 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:02:05.0590 5832 uliagpkx - ok
18:02:05.0620 5832 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:02:05.0670 5832 uliahci - ok
18:02:05.0699 5832 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:02:05.0734 5832 UlSata - ok
18:02:05.0768 5832 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:02:05.0792 5832 ulsata2 - ok
18:02:05.0813 5832 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:02:05.0870 5832 umbus - ok
18:02:05.0918 5832 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
18:02:05.0977 5832 USBAAPL - ok
18:02:06.0013 5832 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:02:06.0078 5832 usbccgp - ok
18:02:06.0131 5832 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:02:06.0253 5832 usbcir - ok
18:02:06.0303 5832 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:02:06.0362 5832 usbehci - ok
18:02:06.0397 5832 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:02:06.0462 5832 usbhub - ok
18:02:06.0486 5832 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:02:06.0603 5832 usbohci - ok
18:02:06.0638 5832 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:02:06.0695 5832 usbprint - ok
18:02:06.0725 5832 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:02:06.0788 5832 usbscan - ok
18:02:06.0806 5832 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:02:06.0858 5832 USBSTOR - ok
18:02:06.0899 5832 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:02:06.0946 5832 usbuhci - ok
18:02:06.0987 5832 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:02:07.0062 5832 usbvideo - ok
18:02:07.0104 5832 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:02:07.0162 5832 vga - ok
18:02:07.0191 5832 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:02:07.0259 5832 VgaSave - ok
18:02:07.0286 5832 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:02:07.0318 5832 viaagp - ok
18:02:07.0339 5832 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:02:07.0413 5832 ViaC7 - ok
18:02:07.0442 5832 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:02:07.0470 5832 viaide - ok
18:02:07.0492 5832 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:02:07.0531 5832 volmgr - ok
18:02:07.0595 5832 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:02:07.0647 5832 volmgrx - ok
18:02:07.0668 5832 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:02:07.0722 5832 volsnap - ok
18:02:07.0771 5832 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:02:07.0807 5832 vsmraid - ok
18:02:07.0871 5832 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:02:07.0983 5832 WacomPen - ok
18:02:08.0012 5832 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:08.0061 5832 Wanarp - ok
18:02:08.0086 5832 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:02:08.0128 5832 Wanarpv6 - ok
18:02:08.0173 5832 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:02:08.0209 5832 Wd - ok
18:02:08.0247 5832 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:02:08.0321 5832 Wdf01000 - ok
18:02:08.0468 5832 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:02:08.0521 5832 WmiAcpi - ok
18:02:08.0595 5832 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:02:08.0656 5832 WpdUsb - ok
18:02:08.0696 5832 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:02:08.0762 5832 ws2ifsl - ok
18:02:08.0827 5832 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:02:08.0907 5832 WUDFRd - ok
18:02:08.0937 5832 WUSBVBus - ok
18:02:08.0986 5832 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:02:09.0080 5832 \Device\Harddisk0\DR0 - ok
18:02:09.0087 5832 Boot (0x1200) (c589ca9f7dbccaf858765734b012aa64) \Device\Harddisk0\DR0\Partition0
18:02:09.0089 5832 \Device\Harddisk0\DR0\Partition0 - ok
18:02:09.0118 5832 Boot (0x1200) (80aa40493704716c9c3c694be4db57b5) \Device\Harddisk0\DR0\Partition1
18:02:09.0120 5832 \Device\Harddisk0\DR0\Partition1 - ok
18:02:09.0121 5832 ============================================================
18:02:09.0121 5832 Scan finished
18:02:09.0121 5832 ============================================================
18:02:09.0142 3800 Detected object count: 1
18:02:09.0142 3800 Actual detected object count: 1
18:02:49.0413 3800 sptd ( LockedFile.Multi.Generic ) - skipped by user
18:02:49.0414 3800 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

cosinus · 18.11.2011, 18:46

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

14.11.2011, 12:31	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Facebookvirus verschickt über meinen Account Links Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. __________________ Logfiles bitte immer in CODE-Tags posten

Facebookvirus verschickt über meinen Account Links

Log-Analyse und Auswertung: Facebookvirus verschickt über meinen Account Links