OTL by Oldtymer installiert, Fix durchgeführt, Registry zerschossen

cosinus · 05.01.2012, 23:03

Nee du hast dich da irgendwo irgendwie irgendwann (ich warte nicht mehr lang

) verzettelt
Lies bitte die Anleitung zu OTL nochmal richtig und v.a. IN RUHE!!

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

dapia · 06.01.2012, 10:33

Ja - komplett verpeilt, OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 06.01.2012 10:35:16 - Run 11
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Daniela\Documents
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 55,42% Memory free
7,92 Gb Paging File | 5,98 Gb Available in Paging File | 75,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 284,89 Gb Free Space | 61,17% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 297,95 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
 
Computer Name: AMILO | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.31 16:41:24 | 000,869,216 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011.12.31 16:41:21 | 000,892,768 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.22 14:38:31 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Daniela\Documents\OTL.exe
PRC - [2011.12.12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Daniela\AppData\Local\Akamai\netsession_win.exe
PRC - [2011.11.21 17:14:14 | 000,044,032 | ---- | M] (mozilla.org) -- C:\Users\Daniela\AppData\Local\SeaMonkey\seamonkey.exe
PRC - [2011.11.21 17:14:12 | 000,009,728 | ---- | M] (Mozilla Corporation) -- C:\Users\Daniela\AppData\Local\SeaMonkey\plugin-container.exe
PRC - [2011.08.13 16:22:14 | 000,313,624 | ---- | M] (Speedbit Ltd.) -- C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe
PRC - [2011.08.13 16:22:14 | 000,153,888 | ---- | M] (Speedbit Ltd.) -- C:\PROGRA~2\SPEEDB~1\VideoAcceleratorEngine.exe
PRC - [2011.08.13 16:12:19 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011.04.24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2008.03.06 01:28:50 | 000,270,336 | ---- | M] () -- C:\Programme\Mouse\Amoumain.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.31 16:41:21 | 000,892,768 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2011.12.15 16:21:59 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.21 17:14:31 | 000,155,648 | ---- | M] () -- C:\Users\Daniela\AppData\Local\SeaMonkey\NSLDAP32V60.dll
MOD - [2011.11.21 17:14:31 | 000,015,360 | ---- | M] () -- C:\Users\Daniela\AppData\Local\SeaMonkey\NSLDAPPR32V60.dll
MOD - [2011.11.21 17:14:10 | 001,982,464 | ---- | M] () -- C:\Users\Daniela\AppData\Local\SeaMonkey\mozjs.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.04.24 22:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.24 22:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.24 22:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.24 22:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.24 22:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.24 22:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 18:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2008.03.06 01:28:50 | 000,270,336 | ---- | M] () -- C:\Programme\Mouse\Amoumain.exe
MOD - [2007.04.19 15:56:48 | 000,094,208 | ---- | M] () -- C:\Programme\Mouse\Amoures.dll
MOD - [2007.04.06 14:05:06 | 000,032,768 | ---- | M] () -- C:\Windows\SysWOW64\Amhooker.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.12.31 16:41:24 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.15 01:01:25 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011.04.24 22:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 20:40:57 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.05.13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.04.20 13:50:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.01.27 03:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.11.02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.20 13:22:54 | 000,289,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.09 12:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.04.09 12:38:26 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2007.10.15 11:39:18 | 000,021,504 | ---- | M] ((Standard mouse types)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Amps2x64.sys -- (Amps2prt)
DRV:64bit: - [2007.04.17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={387B55E1-0F3B-4EE5-9D78-7FC7436BA79D}&mid=1909aadb667c47d1b192d1592635f9b8-f691637c94e5478356aa29ade01f812f0bb5197a&lang=de&ds=tt014&pr=sa&d=2011-12-27 09:36:11&v=8.0.0.34&sap=hp
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 2F 5E EA E9 A9 CB 01  [binary data]
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 2F 5E EA E9 A9 CB 01  [binary data]
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100008
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.5.0.12
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.3.47088
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.449
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:12.0.0.449
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.449
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14770&locale=de_DE&apn_uid=F6D5E1A0-7683-4485-872F-E4EFD50D5C7D&apn_ptnrs=V9&apn_sauid=0772CF21-3377-440F-8E48-BE3E882BBFB3&apn_dtid=YYYYYYYYDE&&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.13 12:39:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.21 02:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2011.12.02 01:36:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2011.12.02 01:36:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2011.12.02 01:36:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.27 03:35:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.03 00:02:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Components: C:\Users\Daniela\AppData\Local\SeaMonkey\components [2012.01.01 08:54:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.5\extensions\\Plugins: C:\Users\Daniela\AppData\Local\SeaMonkey\plugins
 
[2011.12.30 09:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.12.30 09:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.27 13:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions
[2011.08.04 19:25:50 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.12.27 09:36:27 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar
[2011.12.27 09:37:12 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de
[2011.12.31 13:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\SeaMonkey\Profiles\ni3s14xx.default\extensions
[2011.12.27 03:35:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.26 09:40:11 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2011.10.26 09:40:07 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2011.12.27 03:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2011.12.27 03:35:27 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2011.12.21 02:12:45 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1733ZPFB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.12.17 06:09:20 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.08 17:56:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.17 02:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.31 16:41:19 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.10.25 14:32:38 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.17 02:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.25 14:32:38 | 000,001,920 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\esnips.xml
[2011.12.17 02:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.17 02:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.17 02:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WheelMouse] C:\Programme\Mouse\Amoumain.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ClientGW]  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-67281636-3605894949-1888726079-1003..\Run: [Akamai NetSession Interface] C:\Users\Daniela\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-67281636-3605894949-1888726079-1003..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-67281636-3605894949-1888726079-1003..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15C3AB0C-E336-442A-8095-3F511E7A9EDB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4715C7C9-A2A4-4BF8-B418-00DF8623220D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47B3BDBB-F2AE-4B55-95C8-921C25DB3B76} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.03 19:35:53 | 155,897,360 | ---- | C] (Kaspersky Lab) -- C:\Users\Admin\Desktop\kis12.0.0.374de_de.exe
[2011.12.31 16:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011.12.31 14:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.31 14:17:01 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2011.12.31 08:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.31 08:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.30 12:08:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\HpUpdate
[2011.12.30 12:07:51 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011.12.30 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2011.12.30 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Thunderbird
[2011.12.30 09:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011.12.27 13:31:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011.12.27 13:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.27 13:31:13 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.27 10:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Solutions
[2011.12.27 09:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011.12.27 09:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011.12.27 09:35:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.12.27 09:35:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2011.12.27 09:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.12.27 09:34:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.12.25 19:09:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
[2011.12.25 19:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
[2011.12.25 19:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Decrypter
[2011.12.21 23:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.20 16:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2011.12.20 16:08:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.12.20 16:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.12.20 16:08:57 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TestApp
[2011.12.16 21:35:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Speedbit
[2011.12.15 17:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011.12.15 17:47:03 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2011.12.15 17:46:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011.12.10 17:10:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Program Files\OTL.com
[2011.01.17 02:28:17 | 003,056,008 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.06 09:20:32 | 000,011,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.06 09:20:32 | 000,011,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.06 09:13:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.06 09:13:03 | 3190,407,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.05 20:22:53 | 002,781,698 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.05 20:22:53 | 000,676,192 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012.01.05 20:22:53 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.05 20:22:53 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.05 20:22:53 | 000,378,104 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012.01.05 20:22:53 | 000,132,750 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012.01.05 20:22:53 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.05 20:22:53 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.05 20:22:53 | 000,099,568 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012.01.03 19:18:21 | 155,897,360 | ---- | M] (Kaspersky Lab) -- C:\Users\Admin\Desktop\kis12.0.0.374de_de.exe
[2012.01.01 16:50:18 | 000,435,607 | R--- | M] () -- C:\Windows\hosts
[2011.12.31 14:17:08 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Admin\Desktop\esetsmartinstaller_enu.exe
[2011.12.30 12:26:25 | 000,000,177 | ---- | M] () -- C:\Windows\wininit.ini
[2011.12.30 12:17:08 | 000,245,310 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011.12.30 09:31:13 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011.12.27 04:24:56 | 000,433,273 | R--- | M] () -- C:\Windows\hosts.20111227-061929.backup
[2011.12.25 19:09:25 | 000,001,972 | ---- | M] () -- C:\Users\Admin\Desktop\DVD Decrypter.lnk
[2011.12.22 14:58:56 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011.12.20 06:19:42 | 000,007,676 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.12.19 21:21:49 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Program Files\OTL.com
[2011.12.15 03:47:08 | 000,429,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.10 21:22:47 | 000,000,271 | ---- | M] () -- C:\Users\Admin\Documents\ax_files.xml
[2011.12.10 20:40:57 | 000,530,488 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.01.01 16:50:18 | 000,435,607 | R--- | C] () -- C:\Windows\hosts
[2011.12.30 12:26:24 | 000,000,177 | ---- | C] () -- C:\Windows\wininit.ini
[2011.12.30 12:16:40 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011.12.30 09:31:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.12.27 04:24:56 | 000,433,273 | R--- | C] () -- C:\Windows\hosts.20111227-061929.backup
[2011.12.25 19:09:25 | 000,001,972 | ---- | C] () -- C:\Users\Admin\Desktop\DVD Decrypter.lnk
[2011.12.20 06:19:42 | 000,007,676 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.12.15 14:36:46 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.12.10 21:07:22 | 000,000,271 | ---- | C] () -- C:\Users\Admin\Documents\ax_files.xml
[2011.12.10 20:40:57 | 000,530,488 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2011.03.10 20:48:53 | 000,136,281 | ---- | C] () -- C:\Windows\hphins54.dat.temp
[2011.03.10 20:48:53 | 000,000,408 | ---- | C] () -- C:\Windows\hphmdl54.dat.temp
[2011.03.10 20:17:11 | 000,226,749 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011.03.10 20:17:11 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.03.10 20:13:45 | 000,136,281 | ---- | C] () -- C:\Windows\hphins54.dat
[2011.03.10 20:13:45 | 000,000,408 | ---- | C] () -- C:\Windows\hphmdl54.dat
[2011.01.17 02:28:17 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2010.12.31 21:19:27 | 000,000,168 | RHS- | C] () -- C:\ProgramData\ADA48B393B.sys
[2010.12.31 21:19:26 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.11.27 20:19:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.13 12:33:43 | 000,245,310 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010.10.13 12:33:43 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.09.29 21:09:10 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.08.25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010.08.25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010.08.25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010.01.27 03:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.04.06 14:05:06 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\Amhooker.dll
 
========== LOP Check ==========
 
[2010.12.08 16:04:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AllDup
[2011.10.25 14:32:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DesktopIconForAmazon
[2011.12.02 00:42:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.09.08 22:00:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.25 16:31:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Logia
[2011.09.08 21:18:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OCS
[2011.01.01 20:11:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.09.08 21:18:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2011.12.20 16:08:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TestApp
[2011.12.30 09:31:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2011.12.27 09:35:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2011.01.18 00:30:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VDownloader
[2011.07.10 21:30:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Vodafone
[2010.12.08 16:48:46 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\AllDup
[2011.01.20 04:40:20 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Amazon
[2011.09.08 21:49:26 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\DVDVideoSoft
[2011.10.10 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\GetRightToGo
[2011.01.21 14:11:17 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Logia
[2010.12.04 20:22:20 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\OpenOffice.org
[2010.12.12 19:50:47 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\TeamViewer
[2011.12.30 09:31:59 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Thunderbird
[2011.12.27 09:51:04 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\TuneUp Software
[2011.12.15 02:33:30 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\VDownloader
[2011.12.13 02:40:32 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\XnView
[2011.08.21 20:48:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(51).TXT
[2011.12.21 06:52:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.11.20 02:31:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2010.12.08 16:04:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AllDup
[2011.08.06 13:15:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2011.08.09 15:50:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Corel
[2011.10.25 12:10:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CorelHomeOffice
[2011.10.25 14:32:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DesktopIconForAmazon
[2011.12.02 00:42:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.09.08 22:00:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.13 13:44:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HP
[2011.12.30 12:12:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HpUpdate
[2011.08.04 19:56:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2011.01.25 16:31:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Logia
[2010.11.20 02:23:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2011.12.27 13:31:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011.02.18 10:52:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\McAfee
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2011.08.21 12:13:30 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2011.12.31 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2011.09.08 21:18:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OCS
[2011.01.01 20:11:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.09.08 21:18:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2011.08.13 16:22:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Real
[2011.09.07 18:28:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2011.08.04 18:28:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\skypePM
[2011.12.20 16:08:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TestApp
[2011.12.30 09:31:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2011.12.27 09:35:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2011.01.18 00:30:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\VDownloader
[2011.07.10 21:30:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Vodafone
[2011.03.10 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.09.08 21:18:01 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Admin\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2011.08.21 12:13:30 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}\ARPPRODUCTICON.exe
[2011.08.21 12:13:30 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}\easyFit.exe1_FB6AD838DF3A4509972E809922B4BACD.exe
[2011.08.21 12:13:30 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}\easyFit.exe_FB6AD838DF3A4509972E809922B4BACD_1.exe
[2011.09.07 17:58:11 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.09.08 21:18:02 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.09.08 21:18:02 | 000,040,960 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2011.06.19 02:05:38 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe
[2011.08.04 17:02:36 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
[2010.10.13 12:04:19 | 380,301,136 | ---- | M] () -- C:\AIO_CDB_NonNet_Full_Win_WW_130_141.exe
[2007.11.07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >

--- --- ---

cosinus · 06.01.2012, 14:42

Was soll ich mit diesen Screenshots eigentlich anfangen?

Bitte lade nicht irgendwelche Bilder hier ab, mach das bitte nur wenn ich wirklich Screenshots brauche. Aber dein Strang ist keine Fotosammlung von Screenshots die die Welt nicht braucht

dapia · 10.01.2012, 18:40

...ich dachte, Du brauchst Sie, um zu sehen, ob die Einstellungen bei OTL von mir richtig vorgenommen wurden. Tut mir leid, laß das ab jetzt - außer natürlich, Du solltest mal einen sreenshot wirklich brauchen.

Die logfile von OTL habe ich aber nun hoffentlich so erstellt, daß daraus vielleicht ersichtlich wird, was und ob ich noch etwas am Computer verbessern muß. Ich habe den Costum Scan mit Deinen Einstellungen gemacht.

Ich brauch den Compi wirklich gut funktionierend, weil ich ab dem 17.01. damit beruflich sehr viel machen muß.

Er scheint nach Deinen Deinstallationstips jetzt sowieso schon wieder besser zu laufen

. Also, Vielen Dank für die Hilfe! Wenn ich nichts mehr von Dir hören sollte, gehe ich davon aus, daß nun alles wieder i.O. ist.

Herzliche Grüße von Daniela

cosinus · 10.01.2012, 20:40

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={387B55E1-0F3B-4EE5-9D78-7FC7436BA79D}&mid=1909aadb667c47d1b192d1592635f9b8-f691637c94e5478356aa29ade01f812f0bb5197a&lang=de&ds=tt014&pr=sa&d=2011-12-27 09:36:11&v=8.0.0.34&sap=hp
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 2F 5E EA E9 A9 CB 01  [binary data]
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-67281636-3605894949-1888726079-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 2F 5E EA E9 A9 CB 01  [binary data]
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.web.de/"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100008
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14770&locale=de_DE&apn_uid=F6D5E1A0-7683-4485-872F-E4EFD50D5C7D&apn_ptnrs=V9&apn_sauid=0772CF21-3377-440F-8E48-BE3E882BBFB3&apn_dtid=YYYYYYYYDE&&q="
[2011.08.04 19:25:50 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.12.27 09:36:27 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar
[2011.12.27 09:37:12 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de
[2011.12.27 03:35:27 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2011.12.31 16:41:19 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.10.25 14:32:38 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011.12.17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.25 14:32:38 | 000,001,920 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\esnips.xml
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ClientGW]  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

dapia · 14.01.2012, 23:54

Hallo, Arne, habe Deine Anleitung befolgt, Ergebnis unten.

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-67281636-3605894949-1888726079-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-67281636-3605894949-1888726079-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-67281636-3605894949-1888726079-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-67281636-3605894949-1888726079-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-67281636-3605894949-1888726079-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry value HKEY_USERS\S-1-5-21-67281636-3605894949-1888726079-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
HKU\S-1-5-21-67281636-3605894949-1888726079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-67281636-3605894949-1888726079-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-67281636-3605894949-1888726079-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-67281636-3605894949-1888726079-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-67281636-3605894949-1888726079-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-67281636-3605894949-1888726079-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.web.de/" removed from browser.startup.homepage
Prefs.js: smartwebprinting@hp.com:4.51 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.13.1.100008 removed from extensions.enabledItems
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14770&locale=de_DE&apn_uid=F6D5E1A0-7683-4485-872F-E4EFD50D5C7D&apn_ptnrs=V9&apn_sauid=0772CF21-3377-440F-8E48-BE3E882BBFB3&apn_dtid=YYYYYYYYDE&&q=" removed from keyword.URL
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\skin folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\zh-tw folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\zh-cn folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\tr folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\sr folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\sk folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\ru folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\pt-br folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\pt folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\pl folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\nl folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\ms folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\ko folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\ja folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\it folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\id folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\hu folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\fr folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\es-es folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\es folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\en folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\de folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\da folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale\cs folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules\locale folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\modules folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\locale\en-US folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\locale folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\components\FF4 folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\components folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar\chrome folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\avg@toolbar folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\weather folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\ticker folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\shopping folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\search\engine folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\search folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\pref folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\phish folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\newtab\initial-thumbs folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\newtab folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\neterror folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\maps folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\horoscope folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\homebutton folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\highlight folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\help folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\email folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\ebay folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin\brand folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\skin folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\weather folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\ticker folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\shopping folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\search folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\pref folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\phish folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\newtab folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\neterror folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\maps folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\main folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\horoscope folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\highlight folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\help folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\email folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US\ebay folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\en-US folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\weather folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\ticker folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\shopping folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\search folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\pref folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\phish folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\newtab folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\neterror folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\maps folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\main folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\horoscope folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\highlight folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\help\page folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\help folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\email folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE\ebay folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale\de-DE folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\locale folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\defaults\preferences folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\defaults folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\weather folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\util folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\tracking folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\ticker folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\shopping folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\search\mcollect folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\search folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\pref folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\phish folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\newtab folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\neterror folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\maps folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\main folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\hotnews folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\horoscope folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\highlight folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\help folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\email folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content\ebay folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\content folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de\components folder moved successfully.
C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\toolbar@web.de folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\search\engine folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\newtab\initial-thumbs folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\maps folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\homebutton folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\ebay folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin\brand folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\skin folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\maps folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\main folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US\ebay folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\en-US folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\maps folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\main folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help\page folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE\ebay folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale\de-DE folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\locale folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\defaults\preferences folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\defaults folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\weather folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\util folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\tracking folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\ticker folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\shopping folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\search\mcollect folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\search folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\pref folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\phish folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\newtab folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\neterror folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\maps folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\main folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\hotnews folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\horoscope folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\highlight folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\help folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\email folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content\ebay folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\content folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de\components folder moved successfully.
C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de folder moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\esnips.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ClientGW deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000010\ deleted successfully.
C:\Programme\Bonjour\mdnsNSP.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000010\ deleted successfully.
C:\Program Files (x86)\Bonjour\mdnsNSP.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000023\ deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 331083621 bytes
->Temporary Internet Files folder emptied: 136295 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 10849800 bytes
->Flash cache emptied: 456 bytes
 
User: All Users
 
User: Daniela
->Temp folder emptied: 644184009 bytes
->Temporary Internet Files folder emptied: 4597256 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46110805 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3231 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3087936 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 66885 bytes
RecycleBin emptied: 17537873 bytes
 
Total Files Cleaned = 1.009,00 mb
 
HOSTS file reset successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
 
OTL by OldTimer - Version 3.2.31.0 log created on 01132012_153713

Files\Folders moved on Reboot...
C:\Users\Daniela\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Danach konnte ich mich nicht mehr als "Daniela" einloggen: "Es konnte keine Verbindung mit dem Dienst-Benachrichtigungsdienst für Systemereignisse hergestellt werden. "Wenden Sie sich an Ihren Systemadministrator." Als Administrator eingeloggt, konnte ich nicht viel ausrichten (Black Screen). Im abgesicherten Modus ließ sich die Systemwiederherstellung ebenfalls nicht vollständig durchführen. Jedoch konnte ich mich dann wieder als Administrator wenigstens einloggen. Ich habe Kaspersky deinstalliert. Dann konnte ich das System auf den 3.12. zurücksetzen. Ich habe dann Eset ausgeführt, was nichts fand. Ich habe dann Malwarebites ausgeführt, was in der hostdatei einen "Trojan Agent" fand und in die Quarantäne verschob. Malwarebites, Eset mußte ich zuvor natürlich wieder ordnungsgemäß auf dem Computer installieren. Unnötige und defekte Programme (iTunes...) wurden von mir sicherheitshalber alle deinstalliert - vor Eset und Malwarebites. Kasperski habe ich deinstalliert. Dann als letztes heute wieder installiert. Den lasse ich die Nacht über mal durchlaufen, da ich ja nur die Windows Firewall zeitweise zur Verfügung hatte, die ich aktiviert habe, bevor ich ins Internet gegangen bin. Kaspersky deaktiviert sie, weil er selbst eine hat. Ich habe die Problemberichtserstattung von Microsoft gefunden und unten angehängt. Ich habe alle erforderlichen Windows updates nachgeholt, die sich erst nicht vollständig, nach Deinstallation von Kaspersky - glaub ich - aber dann doch installieren ließen. Ich bin so ziemlich geschafft, also, BITTE: falls ich doch irgendwo, irgendwie, irgendwann, irgendwelche Fehler gemacht haben sollte oder hier nicht mehr alles so gut rekonstruieren habe können aus dem traumatisierten Gedächtnis, sei BITTE etwas milder. Ich bin nur eine sensible und momentan zwar genervte - jedoch heilfrohe Frau, deren Computer nun wieder nutzbar ist, wenn ich ihm auch noch nicht ganz traue - siehe unten. Herzliche Grüße von Daniela

cosinus · 15.01.2012, 17:37

Wenn du immer noch so viele Baustellen an diesem offensichtlich zerstörten/korrupten System hast, sollte man sich die Frage stellen, ob man nach drei Wochen Bastelei nicht lieber mal den Schritt der Neuinstallation wagen sollte. Daten kann man ja vorher alle noch sichern.

dapia · 16.01.2012, 08:36

Lieber Arne, Du hast Recht. Aber ich habe das schon 2 x hinter mir. Es dauert ca 2 Tage, da ich ja nur Daten sichern sollte und nicht einfach ein Systemabbild auf externem Datenträger durchführen kann. Dann vermute ich, im Abbild sind die gleichen Fehler ja immer noch drin. Ich hab so viele Programme gekauft, Einstellungen drin, ich brauch dafür ca 2 Tage. Ich weiß, mit allen möglichen Suchtools kann man ein kompromittiertes System nicht wirklich reparieren, da wäre unendlich viel noch an Möglichkeiten, die übersehen werden könnten. Bitte gib mir aber dennoch eine Chance, weil ich schon vieles wirklich wieder beheben konnte: das hier , z.B. sah jetzt gut aus:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Daniela :: AMILO [limited]

Protection: Enabled

16.01.2012 03:20:58
mbam-log-2012-01-16 (03-20-58).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 349609
Time elapsed: 1 hour(s), 8 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Kasperski hat auch nichts mehr gefunden.

Norton Power Eraser hat das behoben: Auszug aus dem Protokoll, das 32 Seiten lang ist:

Code:

ATTFilter

Count="1"><RegistryValue>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.com\shell\open\command\""</RegistryValue></SideEffects></System_Setting>-<System_Setting 
Count="1"><RegistryValue>HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\shell\open\command\""</RegistryValue></SideEffects></System_Setting></SYSTEM_SETTINGS></Infections_Selected_For_Remediation></Remediate></Session0></Norton_Power_Eraser_Information>

abgeschrieben habe ich zur Sicherheit von Norton-Power Eraser die kurze Info, was er behoben hat, falls obiges von mir nicht korrekt kopiert sein sollte:

Code:

ATTFilter

Risiko: Registrierungsschlüssel: \REGISTRY\MACHINE\SOFTWARE\classes\.com\open\command\""
und Risiko: Registrierungsschlüssel: \REGISTRY\MACHINE\SOFTWARE\classes\.exe\shell\open\command\""

Als nächstes könnte ich noch ESET und danach OTL machen und posten, falls Deine Nerven noch nicht blank liegen. Aber, wenn es so vielleicht auch gehen sollte, dann sollte ich das doch machen, oder? Ich SPENDE, ICH BETE 3 AVE MARIA und VATER UNSER für DICH, ich schick DIR ein Packerl mit Deiner Lieblingsmusik und alles, was sonst auf Deiner Wunschliste stehen sollte und ich erfüllen kann - aber BITTE - wenn es nicht völlig abwegig ist, was ich vorgeschlagen habe, hilf mir bitte....

Mir ist noch was eingefallen: könnte denn mein wlan auch eine Ursache für einige Probleme sein, die ich hatte? (Wohl anderer thread...) Liebe Grüße von Daniela

cosinus · 16.01.2012, 14:23

Zitat:

Aber ich habe das schon 2 x hinter mir. Es dauert ca 2 Tage, da ich ja nur Daten sichern sollte und nicht einfach ein Systemabbild auf externem Datenträger durchführen kann.

Wenn du das schon 2x hinter dir hast, muss du dir die Kritik gefallen lassen, dass du immer wieder was falsch machst, denn wenn du alles richtig machst und das System auch vor dem ersten Gang ins Internet zum wilden Rumsurfen absicherst, dann passiert nicht ständig wieder eine Infektion.

Ich würde so vorgehen:

1.) Daten sicher über Live-Linux auf frische formatierte ext. Platte, sichern nur reine Datendateien
2.) Nach der Sicherung unter Linux die internet Platte komplett löschen (auch alle Partition und den MBR)
2a.) SP1 für Windows7 falls nicht ur Hand unter Linux herunterladen auf die ext. Platte
3.) Windows7 sauber neu aufspielen
4.) SP1 offline installieren
5.) Windows-Neustart und alle weiteren Updates installieren
6.) System-Image auf ext. Platte mit Tool deiner Wahl erstellen
7.) nur die Programme die man wirklich benötigt und nicht wahllos jeden Dreck den man bekommt installieren
8.) Ist der Rechner nach den Wünschen eingerichtet neues System-Image erstellen

Zitat:

Database version: v2011.12.24.05

Scans mit so alten Signaturen bringen nichts. Ich schreib hier nicht zur Dekoration, dass Malwarebytes VOR jedem manuellen Scan aktualisiert werden muss.

Zitat:

Daniela :: AMILO [limited]

Scans ohne Adminrechte sind noch sinnfreier

dapia · 17.01.2012, 23:45

Lieber Arne, Danke für Deine Hilfe.
Nun zu Deinen Anmerkungen: Malwarebites wird von mir vor JEDEM scan aktualisiert.
Klar mach ich ne Menge falsch und Dir und mir viel Arbeit. Guck doch einfach mal die Uhrzeiten meiner scans und logins an. Habe die letzte Woche durchschnittlich 4 Stunden Schlaf, dafür aber schon eine Menge gelernt.

Linux und Ubuntu kenn ich. Könnte klappen, hab damit schon mal gearbeitet.

"Dreck" am Stecken scheint mir VDownloader (deinstalliere ich), youtube Videos unverschlüsselt gucken (war von Chip online, deinstalliere ich), RealPlayer Plus, für den ich bezahlt habe (möchte ich behalten) Keepit (deinstalliere ich), KeepVid (hab ich bezahlt, deinstalliere ich), Scype (ist deinstalliert) und itunes (ist bereits deinstalliert mit allem, was dazugehört), Google Chrome (ist deinstalliert), Facebook, iGoogle, alte flash-player-Versionen (sind auf .11 aktualisiert), Firefox in der web.de edition (ist nicht gut, könnte ich auf eine älter Version downgraden oder thunderbird benützen, mit Kaspersky läßt sich aber ein "sicherer Browser" erzeugen), was hat denn Deiner Meinung nach keinen Dreck am Stecken? Ich spiele nicht im Internet, gehe nicht auf porno-Seiten, nicht zu torrent oder .togo. Ich brauch den Compi hauptsächlich für meinen Job und zur Communication.

Mir bei OTL als verdächtige Dinge erscheinend hier im excerpt (da kenn ich mich nicht so gut aus...):

Code:

ATTFilter

MOD - [2008.03.06 01:28:50 | 000,270,336 | ---- | M] () -- C:\Programme\Mouse\Amoumain.exe
MOD - [2007.04.19 15:56:48 | 000,094,208 | ---- | M] () -- C:\Programme\Mouse\Amoures.dll
MOD - [2007.04.06 14:05:06 | 000,032,768 | ---- | M] () -- C:\Windows\SysWOW64\Amhooker.dll
PRC - [2008.03.06 01:28:50 | 000,270,336 | ---- | M] () -- C:\Programme\Mouse\Amoumain.exe
PRC - [2011.12.31 16:41:24 | 000,869,216 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG 
PRC - [2011.12.31 16:41:24 | 000,869,216 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG 


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

O4:64bit: - HKLM..\Run: [WheelMouse] C:\Programme\Mouse\Amoumain.exe ()

O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-84QEM.exe ()

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*


[2012.01.16 03:24:21 | 000,011,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.16 03:24:21 | 000,011,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.16 00:46:58 | 000,000,000 | -H-- | M] () -- C:\Users\Admin\Documents\Default.rdp
[2012.01.16 00:46:58 | 000,000,000 | -H-- | C] () -- C:\Users\Admin\Documents\Default.rdp
[2010.11.27 20:19:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

< @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 >

Nun habe ich nochmals MWB, Kaspersky, Eset, Norton Power Eraser (nicht in der genannten Reihenfolge, Regeln beachtend) durchgeführt. Alle, behaupten, mein Computer sei jetzt clean.

OTL kann ich nicht gut einschätzen, den hab ich auch vor allen anderen Programmen durchgeführt.

Ich werde zuerst nach Deiner Anleitung die Daten auf meine externe Festplatte sichern. Ich hab sie schon frisch formatiert, sie hat 400 Gb (nich viel, ist halt schon älter). Laufwerk D mit 300 Gb auf dem Laptop hab ich auch schon formatiert. C ist 500 Gb

Ich werde die genannten Programme deinstallieren, nochmals einen OTL-Scan und Fix machen. Dann, wenn das nicht reichen sollte, was ich wirklich nicht verstehen kann, mach ich den Rest Deiner Anleitung. Das wird mich ca 4 Tage oder länger beanspruchen, deshalb...

Herzliche Grüße von Daniela

dapia · 18.01.2012, 05:20

Lieber Arne, Danke für Deine Hilfe.
Nun zu Deinen Anmerkungen: Malwarebites wird von mir jetzt vor JEDEM scan aktualisiert. Die anderen tools auch.

"Scans ohne Adminrechte sind noch sinnfreier"

Ich bin Admin und Daniela. Als Admin habe ich mir Administratorrechte eingeräumt, d.h. falls irgendwas am Computer irgendwie, irgendwann installiert oder geändert werden soll, werde ich als Daniela nach dem Admin-PW gefragt und ob ich das zulassen möchte oder nicht. Das ist mir lieber, als ohne Firewall als Admin im web rumzuwurschteln, z.B. wenn ich Kasperski wegen Eset deaktivieren muß. Als Admin hab ich noch nicht herausgefunden, ob ich in der Regel mitkriege, wer oder was sich sonst noch auf dem Compi herumtreibt...reicht das denn nicht aus?

Klar mach ich ne Menge Fehler und Dir und mir vielleicht viel Arbeit. Da solltest Du drüber stehen, denn ich bin doch eigentlich ganz gut lernfähig, fleißig sowieso und das alles trotz geringerem Hirnvolumens als es üblicherweise die Herren der Schöpfung mit sich herumschleppen.

Und dann: Guck doch einfach mal die Uhrzeiten meiner scans und logins an. Guck vor allem richtig hin, bevor Du wieder aus der Hüfte schießt. Habe die letzte Woche durchschnittlich 4 Stunden Schlaf, da macht man halt Fehler...

Linux und Ubuntu kenn ich. Könnte klappen, hab damit schon mal gearbeitet.

"Dreck" am Stecken scheinen mir VDownloader (deinstalliere ich), youtube Videos unverschlüsselt gucken (war von Chip online, deinstalliere ich vielleicht), RealPlayer Plus, für den ich bezahlt habe (möchte ich behalten, setze ihn restriktiv ein, NO ZUGANG zu irgendwelchen Foren, wo ich vielleicht drin bin und die er gerne hätte) Keepit (deinstalliere ich), KeepVid (hab ich bezahlt, deinstalliere ich), Scype (ist deinstalliert) und itunes (ist bereits deinstalliert mit allem, was dazugehört), Google Chrome (ist deinstalliert), Facebook (behandle ich restriktiv, was immer wieder versucht wird zu unterwandern, dann muß ich eben neu checken), iGoogle (ist Mist, wenn ich den account jedoch lösche, dann kann ich ja nicht mehr nachprüfen, was die von mir bereits alles haben - ich war früher halt naiver und hab teuer dafür bezahlt), alte flash-player-Versionen sind potentielle Sicherheitslücken, meint Kaspersky (habe ich auf .11 aktualisiert), Firefox in der web.de-Edition (ist nicht gut, behandle ich restriktiv, z.B. wie krieg ich verdammt noch mal die Yahoo-Toolbar weg? meine Anonymität ist mit web.de-Firefox-Kombi schnell mal dahin, wenn ich nicht aufpasse, ich könnte Firefox auch auf eine ältere Version downgraden oder thunderbird benützen, die nehmen sich jedoch nicht viel - mit Kaspersky läßt sich aber immerhin ein "sicherer Browser" erzeugen).

Was hat denn Deiner Meinung nach keinen Dreck am Stecken? Ich spiele nicht im Internet, gehe nicht auf porno-Seiten, nicht zu torrent oder .togo. Ich brauch den Compi hauptsächlich für meinen Job und zur Communication. Da kenn ich aber wirklich ganz andere Experten...

Mir bei OTL als verdächtige Dinge als kleine Auswahl erscheinend findest Du hier im excerpt (mit OTL kenn ich mich noch nicht genügend gut aus, aber "Hidden" oder fehlende Quelle eines Programms/Datei oder "Modified" verunsichern mich schon...):

Code:

ATTFilter

MOD - [2008.03.06 01:28:50 | 000,270,336 | ---- | M] () -- C:\Programme\Mouse\Amoumain.exe
MOD - [2007.04.19 15:56:48 | 000,094,208 | ---- | M] () -- C:\Programme\Mouse\Amoures.dll
MOD - [2007.04.06 14:05:06 | 000,032,768 | ---- | M] () -- C:\Windows\SysWOW64\Amhooker.dll
PRC - [2008.03.06 01:28:50 | 000,270,336 | ---- | M] () -- C:\Programme\Mouse\Amoumain.exe
PRC - [2011.12.31 16:41:24 | 000,869,216 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG 
PRC - [2011.12.31 16:41:24 | 000,869,216 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

O4:64bit: - HKLM..\Run: [WheelMouse] C:\Programme\Mouse\Amoumain.exe ()

O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-84QEM.exe ()

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

[2012.01.16 03:24:21 | 000,011,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.16 03:24:21 | 000,011,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.16 00:46:58 | 000,000,000 | -H-- | M] () -- C:\Users\Admin\Documents\Default.rdp
[2012.01.16 00:46:58 | 000,000,000 | -H-- | C] () -- C:\Users\Admin\Documents\Default.rdp
[2010.11.27 20:19:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

< @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 >

Nun habe ich nochmals MWB, Kaspersky, Eset, Norton Power Eraser (nicht in der genannten Reihenfolge, Regeln beachtend) durchgeführt. Alle behaupten, mein Computer sei jetzt clean.

OTL kann ich nicht gut einschätzen, wie schon gesagt, den hab ich auch vor allen anderen Programmen durchgeführt. Ich mach es gern auch nochmal inclusive Anleitung zum Costum-Scan und Fix.

Ich werde jetzt die Daten auf meiner externen Festplatte sichern. Ich hab sie frisch formatiert, sie hat 400 Gb (nich viel, ist halt schon älter). Laufwerk D mit 300 Gb auf dem Laptop hab ich auch schon formatiert. C ist 500 Gb groß und blöd ausgewählt, weil Daten UND Programme drauf sind, Programme hätte ich lieber auf D, damit ich Systemabbilder auf der größeren Festplatte erstellen lassen kann. War nicht auf meinem Mist gewachsen und wäre für mich VIELLEICHT ein weiterer Grund, den Computer neu aufzusetzen. Wie gesagt, ich hab auch noch viele andere Dinge am Hals, die laufen müssen...Du wahrscheinlich auch.

Wenn das, was ich alles unternommen habe, wirklich nicht reichen sollte (OTL wird´s wohl dann ans Licht bringen), befolge ich Deine Anleitung zum Neuaufsetzen. Das wird mich ca 4 Tage oder länger beanspruchen, deshalb freue ich mich nicht gerade, wenn der Fall wirklich eintreten sollte...

Herzliche Grüße von Daniela

cosinus · 18.01.2012, 12:09

Zitat:

Nun zu Deinen Anmerkungen: Malwarebites wird von mir vor JEDEM scan aktualisiert.

Sieht man im Log, dass das nicht der Fall war.

Zitat:

Klar mach ich ne Menge falsch und Dir und mir viel Arbeit. Guck doch einfach mal die Uhrzeiten meiner scans und logins an. Habe die letzte Woche durchschnittlich 4 Stunden Schlaf, dafür aber schon eine Menge gelernt.

Ja tut mir ja Leid, dass du so wenig Schlaf bekommst

aber das seh ich in den Logs nicht wieviele Schlaf du bekommst

Ich hab aber gesehen, dass ein Scan mit Malwarebytes am 16.01.12 erfolgte die Signaturen da aber vom 24.12.11 waren, also drei Wochen alt und das ist einfach sinnfrei und fast schon verschwendete Zeit mit solch alten Signaturen zu scannen

Zitat:

"Scans ohne Adminrechte sind noch sinnfreier"

Ich bin Admin und Daniela.

Das Log zeigt aber: Daniela :: AMILO [limited]
Wärst du Admin bzw. hättest es mit Adminrechten ausgeführt, würde da [Administrator] und nicht [limited] stehen

Zitat:

Und dann: Guck doch einfach mal die Uhrzeiten meiner scans und logins an. Guck vor allem richtig hin, bevor Du wieder aus der Hüfte schießt. Habe die letzte Woche durchschnittlich 4 Stunden Schlaf, da macht man halt Fehler...

Wer im Glashaus sitzt sollte nicht aus der Hüfte mit Steinen werfen

Ich hab mir die Logs genau angesehen.

Mit deinem unvollständigen OTL-Log kann ich nichts anfangen.

dapia · 23.01.2012, 23:52

erwischt....Lieber Arne, hoffentlich ist das, was ich jetzt gemacht habe ein wenig hilfreicher:

Code:

ATTFilter

OTL logfile created on: 23.01.2012 19:31:45 - Run 12
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Program Files (x86)
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 60,90% Memory free
7,92 Gb Paging File | 6,36 Gb Available in Paging File | 80,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 281,49 Gb Free Space | 60,44% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 297,95 Gb Free Space | 99,95% Space Free | Partition Type: NTFS
 
Computer Name: AMILO | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.15 17:32:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Program Files (x86)\OTL.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.31 16:41:24 | 000,869,216 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.13 16:22:14 | 000,313,624 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2011.08.13 16:22:14 | 000,153,888 | ---- | M] (Speedbit Ltd.) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2011.08.13 16:12:19 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2008.03.06 01:28:50 | 000,270,336 | ---- | M] () -- C:\Programme\Mouse\Amoumain.exe
PRC - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.04.24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtgui4.dll
MOD - [2011.04.24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtsql4.dll
MOD - [2011.04.24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtscript4.dll
MOD - [2011.04.24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtnetwork4.dll
MOD - [2011.04.24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtcore4.dll
MOD - [2011.04.24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\qtdeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
MOD - [2008.03.06 01:28:50 | 000,270,336 | ---- | M] () -- C:\Programme\Mouse\Amoumain.exe
MOD - [2007.04.19 15:56:48 | 000,094,208 | ---- | M] () -- C:\Programme\Mouse\Amoures.dll
MOD - [2007.04.06 14:05:06 | 000,032,768 | ---- | M] () -- C:\Windows\SysWOW64\Amhooker.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.12.31 16:41:24 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.15 01:01:25 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011.08.13 16:22:14 | 000,313,624 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2011.04.24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.07.24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.01.23 02:16:01 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.12.10 20:40:57 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.05.13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.10.20 13:22:54 | 000,289,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.09 12:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.04.09 12:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.04.09 12:38:26 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2007.10.15 11:39:18 | 000,021,504 | ---- | M] ((Standard mouse types)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Amps2x64.sys -- (Amps2prt)
DRV:64bit: - [2007.04.17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 2F 5E EA E9 A9 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/club"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.13.1.100008
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.5.0.12
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.3.47088
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: virtualKeyboard@kaspersky.ru:12.0.0.449
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:12.0.0.449
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:12.0.0.449
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VD&o=14770&locale=de_DE&apn_uid=F6D5E1A0-7683-4485-872F-E4EFD50D5C7D&apn_ptnrs=V9&apn_sauid=0772CF21-3377-440F-8E48-BE3E882BBFB3&apn_dtid=YYYYYYYYDE&&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.10.13 12:39:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.01.18 16:16:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.01.23 02:21:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.01.23 02:21:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.01.23 02:21:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.15 20:47:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.20 20:25:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{8C17574E-F5C5-41b8-8B36-333FC7E67980}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\THBExt_2_x [2012.01.23 02:16:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{FD9B3EC6-8265-41fb-8A2F-4C5A22A95A7B}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\THBExt_3_1_x [2012.01.23 02:16:42 | 000,000,000 | ---D | M]
 
[2011.12.30 09:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.12.30 09:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.20 20:03:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions
[2012.01.20 20:03:04 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\1733zpfb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011.12.31 13:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\SeaMonkey\Profiles\ni3s14xx.default\extensions
[2012.01.14 23:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.01.18 14:11:23 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
[2012.01.14 23:18:57 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011.10.26 09:40:11 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.01.14 23:18:48 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011.10.26 09:40:07 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.01.13 23:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012.01.13 23:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de
[2012.01.18 16:16:24 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1733ZPFB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1733ZPFB.DEFAULT\EXTENSIONS\{E0204BD5-9D31-402B-A99D-A6AA8FFEBDCA}.XPI
[2012.01.15 20:47:37 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.08 17:56:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.17 02:32:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.17 02:32:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.17 02:32:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.29 00:57:34 | 000,001,847 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
[2011.12.17 02:32:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.17 02:32:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WheelMouse] C:\Programme\Mouse\Amoumain.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ClientGW]  File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\SpeedBit Video Accelerator\sblsp.dll (Speedbit Ltd.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15C3AB0C-E336-442A-8095-3F511E7A9EDB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4715C7C9-A2A4-4BF8-B418-00DF8623220D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\SysNative\Microsoft
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\SysNative\Microsoft
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {47B3BDBB-F2AE-4B55-95C8-921C25DB3B76} - .NET Framework
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.23 02:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2012
[2012.01.23 02:16:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012.01.23 02:16:01 | 000,615,728 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.01.21 19:55:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.01.21 19:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.21 19:55:06 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.21 19:52:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012.01.21 19:51:58 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\neue Daten
[2012.01.20 20:03:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012.01.20 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Winamp
[2012.01.20 20:01:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\OpenCandy
[2012.01.19 15:55:13 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\CrashDumps
[2012.01.18 20:52:41 | 002,322,184 | ---- | C] (ESET) -- C:\Program Files (x86)\esetsmartinstaller_enu.exe
[2012.01.18 16:10:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
[2012.01.18 16:10:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Windows Live Writer
[2012.01.18 12:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\hssff
[2012.01.18 06:53:13 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2012.01.18 06:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield
[2012.01.18 06:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hotspot Shield
[2012.01.18 06:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vidalia Bundle
[2012.01.18 06:44:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Vidalia
[2012.01.18 06:44:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Tor
[2012.01.18 06:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2012.01.18 06:31:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.01.18 06:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
[2012.01.18 06:30:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb
[2012.01.18 06:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012.01.18 06:29:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012.01.18 06:16:03 | 000,000,000 | ---D | C] -- C:\ProcAlyzer Dumps
[2012.01.18 06:07:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.01.16 03:15:36 | 000,000,000 | ---D | C] -- C:\Malwarebytes
[2012.01.16 01:42:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Program Files (x86)\OTL.exe
[2012.01.16 01:06:03 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\NPE
[2012.01.16 01:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.01.16 00:57:47 | 002,563,800 | ---- | C] (Symantec Corporation) -- C:\Program Files (x86)\NPE21.exe
[2012.01.14 23:37:26 | 000,150,016 | ---- | C] (NoName) -- C:\Program Files\screenshot.exe
[2012.01.14 23:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.01.14 08:18:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.01.14 08:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.01.14 08:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.01.14 08:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.01.14 08:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.01.14 01:21:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.31 16:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011.12.31 08:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.30 12:08:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\HpUpdate
[2011.12.30 12:07:51 | 000,000,000 | ---D | C] -- C:\Windows\Hewlett-Packard
[2011.12.30 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2011.12.30 09:31:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Thunderbird
[2011.12.30 09:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011.12.27 13:31:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011.12.27 13:31:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.27 10:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Solutions
[2011.12.27 09:36:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011.12.27 09:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011.12.27 09:35:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.12.27 09:35:38 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2011.12.27 09:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.12.27 09:34:28 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.12.25 19:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
[2011.12.25 19:09:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Decrypter
[2011.01.17 02:28:17 | 003,056,008 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.23 02:53:24 | 000,011,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.23 02:53:24 | 000,011,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.23 02:46:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.23 02:46:02 | 3190,407,168 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.23 02:21:36 | 000,152,233 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.01.23 02:21:36 | 000,107,177 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.01.23 02:16:01 | 000,615,728 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012.01.21 14:08:17 | 000,125,440 | ---- | M] () -- C:\Users\Admin\Documents\Norton Bootable Recovery Tool.aww
[2012.01.21 14:05:04 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2012.01.19 15:43:57 | 002,781,698 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.19 15:43:57 | 000,676,192 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
[2012.01.19 15:43:57 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.19 15:43:57 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.19 15:43:57 | 000,378,104 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012.01.19 15:43:57 | 000,132,750 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
[2012.01.19 15:43:57 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.19 15:43:57 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.19 15:43:57 | 000,099,568 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012.01.16 00:09:08 | 002,563,800 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\NPE21.exe
[2012.01.15 17:32:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Program Files (x86)\OTL.exe
[2011.12.31 14:23:18 | 002,322,184 | ---- | M] (ESET) -- C:\Program Files (x86)\esetsmartinstaller_enu.exe
[2011.12.30 12:26:25 | 000,000,177 | ---- | M] () -- C:\Windows\wininit.ini
[2011.12.30 12:17:08 | 000,245,310 | ---- | M] () -- C:\Windows\hpoins19.dat
[2011.12.30 09:31:13 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011.12.27 04:24:56 | 000,433,273 | R--- | M] () -- C:\Windows\hosts.20111227-061929.backup
 
========== Files Created - No Company Name ==========
 
[2012.01.23 02:17:49 | 000,152,233 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2012.01.23 02:17:49 | 000,107,177 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2012.01.21 14:08:16 | 000,125,440 | ---- | C] () -- C:\Users\Admin\Documents\Norton Bootable Recovery Tool.aww
[2012.01.14 08:15:49 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.12.30 12:26:24 | 000,000,177 | ---- | C] () -- C:\Windows\wininit.ini
[2011.12.30 12:16:40 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011.12.30 09:31:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.12.27 04:24:56 | 000,433,273 | R--- | C] () -- C:\Windows\hosts.20111227-061929.backup
[2011.12.20 06:19:42 | 000,007,676 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
[2011.03.10 20:48:53 | 000,136,281 | ---- | C] () -- C:\Windows\hphins54.dat.temp
[2011.03.10 20:48:53 | 000,000,408 | ---- | C] () -- C:\Windows\hphmdl54.dat.temp
[2011.03.10 20:17:11 | 000,226,749 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011.03.10 20:17:11 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.03.10 20:13:45 | 000,136,281 | ---- | C] () -- C:\Windows\hphins54.dat
[2011.03.10 20:13:45 | 000,000,408 | ---- | C] () -- C:\Windows\hphmdl54.dat
[2011.01.17 02:28:17 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2010.12.31 21:19:27 | 000,000,168 | RHS- | C] () -- C:\ProgramData\ADA48B393B.sys
[2010.12.31 21:19:26 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.11.27 20:19:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.13 12:33:43 | 000,245,310 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010.10.13 12:33:43 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010.09.29 21:09:10 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2010.08.25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010.08.25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010.08.25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.11.07 07:50:40 | 001,927,956 | ---- | C] () -- C:\Program Files\VC_RED.cab
[2007.04.06 14:05:06 | 000,032,768 | ---- | C] () -- C:\Windows\SysWow64\Amhooker.dll
 
========== LOP Check ==========
 
[2010.12.08 16:04:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AllDup
[2011.10.25 14:32:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DesktopIconForAmazon
[2011.12.02 00:42:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.09.08 22:00:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.25 16:31:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Logia
[2011.09.08 21:18:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OCS
[2012.01.20 20:01:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenCandy
[2011.01.01 20:11:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.09.08 21:18:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2011.12.20 16:08:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TestApp
[2011.12.30 09:31:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2011.12.27 09:35:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2011.07.10 21:30:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Vodafone
[2012.01.18 16:10:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
[2011.08.21 20:48:50 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU(51).TXT
[2011.12.21 06:52:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.19 17:34:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2010.12.08 16:04:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AllDup
[2011.08.06 13:15:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2011.08.09 15:50:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Corel
[2012.01.21 14:08:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CorelHomeOffice
[2011.10.25 14:32:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DesktopIconForAmazon
[2011.12.02 00:42:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.09.08 22:00:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.13 13:44:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HP
[2012.01.13 23:34:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HpUpdate
[2011.08.04 19:56:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2011.01.25 16:31:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Logia
[2010.11.20 02:23:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2011.12.27 13:31:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2011.02.18 10:52:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\McAfee
[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012.01.19 17:34:00 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2011.12.31 13:51:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2011.09.08 21:18:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OCS
[2012.01.20 20:01:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenCandy
[2011.01.01 20:11:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.09.08 21:18:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2011.08.13 16:22:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Real
[2011.09.07 18:28:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Skype
[2011.08.04 18:28:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\skypePM
[2011.12.20 16:08:57 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TestApp
[2011.12.30 09:31:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2012.01.18 12:24:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Tor
[2011.12.27 09:35:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2012.01.18 12:21:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Vidalia
[2011.07.10 21:30:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Vodafone
[2012.01.20 20:05:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Winamp
[2012.01.18 16:10:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Windows Live Writer
[2011.03.10 20:19:23 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.09.08 21:18:01 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Admin\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2011.08.21 12:13:30 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}\ARPPRODUCTICON.exe
[2011.08.21 12:13:30 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}\easyFit.exe1_FB6AD838DF3A4509972E809922B4BACD.exe
[2011.08.21 12:13:30 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{25819AEA-328B-4F18-A53C-EAAAFFF0DBEF}\easyFit.exe_FB6AD838DF3A4509972E809922B4BACD_1.exe
[2011.09.07 17:58:11 | 000,010,134 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
[2011.09.08 21:18:02 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2011.09.08 21:18:02 | 000,040,960 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2011.11.18 05:30:06 | 002,081,208 | ---- | M] (Speedchecker Limited                                        ) -- C:\Users\Admin\AppData\Roaming\OpenCandy\F0578CC4B1D64058847CC6FD4C293532\pcspeedup_oc.exe
[2011.06.19 02:05:38 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe
[2011.08.04 17:02:36 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\stub_exe\RealPlayer_de.exe
 
< %SYSTEMDRIVE%\*.exe >
[2010.10.13 12:04:19 | 380,301,136 | ---- | M] () -- C:\AIO_CDB_NonNet_Full_Win_WW_130_141.exe
[2007.11.07 07:44:20 | 000,855,040 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

und:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=132a71646234954093afc9de497f961d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-16 10:50:06
# local_time=2012-01-16 11:50:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 169380 169380 0 0
# compatibility_mode=5121 16777214 0 3 13613786 13613786 0 0
# compatibility_mode=5893 16776573 100 94 68467 78375074 0 0
# compatibility_mode=8192 67108863 100 0 248324 248324 0 0
# scanned=229894
# found=0
# cleaned=0
# scan_time=9003
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=132a71646234954093afc9de497f961d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-17 01:17:14
# local_time=2012-01-17 02:17:14 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 221449 221449 0 0
# compatibility_mode=5121 16777214 0 3 13665855 13665855 0 0
# compatibility_mode=5893 16776573 100 94 120536 78427143 0 0
# compatibility_mode=8192 67108863 100 0 300393 300393 0 0
# scanned=230151
# found=0
# cleaned=0
# scan_time=8962
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=132a71646234954093afc9de497f961d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-18 06:50:30
# local_time=2012-01-18 07:50:30 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 7115 7115 0 0
# compatibility_mode=5121 16777214 0 3 13771852 13771852 0 0
# compatibility_mode=5893 16776573 100 94 5844 78533140 0 0
# compatibility_mode=8192 67108863 100 0 406390 406390 0 0
# scanned=236402
# found=0
# cleaned=0
# scan_time=9339
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=132a71646234954093afc9de497f961d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-19 02:52:04
# local_time=2012-01-19 03:52:04 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1280 16777215 100 0 35577 35577 0 0
# compatibility_mode=5121 16777214 0 3 13800314 13800314 0 0
# compatibility_mode=5893 16776573 100 94 34306 78561602 0 0
# compatibility_mode=8192 67108863 100 0 434852 434852 0 0
# scanned=236362
# found=0
# cleaned=0
# scan_time=9792
ESETSmartInstaller@High as downloader log:
Can not extract cabC:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner.cabErr:Eine Datei kann nicht erstellt werden, wenn sie bereits vorhanden ist.
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=132a71646234954093afc9de497f961d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-20 09:52:21
# local_time=2012-01-20 10:52:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5121 16777214 0 3 13956867 13956867 0 0
# compatibility_mode=5893 16776573 100 94 5314 78718155 0 0
# compatibility_mode=8192 67108863 100 0 591405 591405 0 0
# scanned=238002
# found=1
# cleaned=0
# scan_time=8057
C:\Users\Daniela\Tools\winamp5623_full_emusic-7plus_all.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I

Kaspersky, stündlich upgedatet, hat heute nichts bis auf: "Programme mit bekannten Schwachstellen" gefunden. Diese sind:

Code:

ATTFilter

C:\Program Files (x86)\XnView\xnview.exe

und:

Code:

ATTFilter

C:\Program Files (x86)\HP\Digital Imaging\help\player\FlashPla.exe

Wahrscheinlich sind die letzten Zeilen wohl auch bei der OTL log Datei ersichtlich? Ich hab es hier sicherheitshalber mit erwähnt.

MWB:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (PRO) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: AMILO [Administrator]

Schutz: Aktiviert

23.01.2012 00:06:14
mbam-log-2012-01-23 (00-06-14).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 415718
Laufzeit: 1 Stunde(n), 7 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Vielen Dank für die Geduld bis hier!

Herzliche Grüße von Daniela

cosinus · 24.01.2012, 09:50

Jetzt ist schon wieder ne gute Woche vergangen seit meinem letzten Post hier...
Was ist denn jetzt noch aktuell an Problemen offen?

dapia · 29.01.2012, 21:37

Lieber Arne, stimmt, ist viel Zeit vergangen. Tut mit leid, war/bin vergrippt.
M.E. gibt es keine Probleme mehr, es sei denn Dir ist in der OTL logfile vom 23.01.2012 etwas aufgefallen. War nicht mehr so oft im Internet seitdem. Habe heute wieder mit dem aktualisierten MWB und ESET gecheckt: die haben keine Probleme mehr gefunden. Kaspersky findet nur das potentiell unsichere Programm XN View, da habe ich aber keine neuere Version finden können.
Wenn wir nun alles geschafft haben sollten, dann geht ein herzliches Dankeschön an Dich! (Spende sowieso)
Ganz liebe Grüße von Daniela

Bilddatei "Männer auf dem Nil" entfernt //cosinus

06.01.2012, 14:42	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	OTL by Oldtymer installiert, Fix durchgeführt, Registry zerschossen Was soll ich mit diesen Screenshots eigentlich anfangen? Bitte lade nicht irgendwelche Bilder hier ab, mach das bitte nur wenn ich wirklich Screenshots brauche. Aber dein Strang ist keine Fotosammlung von Screenshots die die Welt nicht braucht __________________ __________________

24.01.2012, 09:50	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	OTL by Oldtymer installiert, Fix durchgeführt, Registry zerschossen Jetzt ist schon wieder ne gute Woche vergangen seit meinem letzten Post hier... Was ist denn jetzt noch aktuell an Problemen offen? __________________ Logfiles bitte immer in CODE-Tags posten

OTL by Oldtymer installiert, Fix durchgeführt, Registry zerschossen

Log-Analyse und Auswertung: OTL by Oldtymer installiert, Fix durchgeführt, Registry zerschossen