Browser öffnet automatisch Tab

CMPunk · 23.12.2011, 22:35

Hi,
an meinem Laptop öffnet sich derzeit im Firefox dauernd ein Tab. Es wird eine Seite von "mediashifting.com" aufgerufen, die auf eine weitere Seite verleitet, die z.B. Videos anzeigen.
Zudem meldet sich immer wieder AntiVir mit folgender Meldung:
Fund: TR/ATRAPS.Gen2
C:/Users/Cichon/AppData/Local/05248925/U/800000cb.@

Daraufhin hab ich Malwarebytes' Anti-Malware benutzt und einen Quickscan durchgeführt: Log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122306

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.12.2011 14:46:12
mbam-log-2011-12-23 (14-46-12).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 174166
Laufzeit: 5 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Später einen Vollständigen Scan:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122306

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.12.2011 16:50:12
mbam-log-2011-12-23 (16-50-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 374360
Laufzeit: 1 Stunde(n), 30 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Cichon\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\FMS21RMV\3[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.

Und noch einen:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 911122308

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.12.2011 20:43:10
mbam-log-2011-12-23 (20-43-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 303763
Laufzeit: 44 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Ebenfalls OTL durhclaufen lassen:

Code:

ATTFilter

OTL logfile created on: 12/23/2011 8:52:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Cichon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.25 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 62.26% Memory free
6.50 Gb Paging File | 5.16 Gb Available in Paging File | 79.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 37.00 Gb Free Space | 49.66% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 208.50 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
 
Computer Name: CICHON-PC | User Name: Cichon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Cichon\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - c:\program files (x86)\avira\antivir desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV:64bit: - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (hwmassfilter) -- C:\Windows\SysNative\drivers\ewmassfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 80 E0 5D B6 CD CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Cichon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/27 14:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/23 14:34:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/18 07:47:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/27 14:59:04 | 000,000,000 | ---D | M]
 
[2010/03/05 20:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cichon\AppData\Roaming\mozilla\Extensions
[2011/12/15 16:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cichon\AppData\Roaming\mozilla\Firefox\Profiles\esyf0s4s.default\extensions
[2010/06/08 10:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Cichon\AppData\Roaming\Mozilla\Firefox\Profiles\esyf0s4s.default\searchplugins\conduit.xml
[2011/11/13 11:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/12/23 14:34:57 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 07:49:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/03 07:49:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/03 07:49:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/03 07:49:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/03 07:49:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/03 07:49:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49628D4A-1871-4F40-B1A4-41F4AEF87301}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC7767AB-2530-480A-95B5-B77F4E3C2502}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Cichon\AppData\Local\05248925\X) -C:\Users\Cichon\AppData\Local\05248925\X ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3d517330-d07d-11e0-b0f4-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{3d517330-d07d-11e0-b0f4-e0cb4e90eb5d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
O33 - MountPoints2\{44afbb45-3605-11df-b3d8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{44afbb45-3605-11df-b3d8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6dffc0b9-2acd-11df-96ae-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{6dffc0b9-2acd-11df-96ae-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{79f95dc8-25b8-11df-bdb6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{79f95dc8-25b8-11df-bdb6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\InstAll.exe
O33 - MountPoints2\{b75b3d54-f7eb-11e0-a573-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{b75b3d54-f7eb-11e0-a573-e0cb4e90eb5d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b75b3daf-f7eb-11e0-a573-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{b75b3daf-f7eb-11e0-a573-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb297fc2-2c35-11df-8498-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{bb297fc2-2c35-11df-8498-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb297fcc-2c35-11df-8498-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{bb297fcc-2c35-11df-8498-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb297fd4-2c35-11df-8498-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{bb297fd4-2c35-11df-8498-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c78977bf-2b96-11df-aec8-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{c78977bf-2b96-11df-aec8-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c856d810-2ace-11df-af27-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{c856d810-2ace-11df-af27-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c8dadf66-2c3b-11df-916b-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{c8dadf66-2c3b-11df-916b-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/23 16:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/23 16:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/23 14:40:17 | 000,000,000 | ---D | C] -- C:\Users\Cichon\AppData\Roaming\Malwarebytes
[2011/12/23 14:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/23 14:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/23 14:40:08 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/23 14:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/22 18:58:28 | 000,000,000 | -HSD | C] -- C:\Users\Cichon\AppData\Local\05248925
[2011/12/18 10:15:35 | 000,000,000 | ---D | C] -- C:\Users\Cichon\AppData\Roaming\Avira
[2011/12/18 10:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/12/18 10:09:53 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/18 10:09:53 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/18 10:09:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/18 10:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/18 10:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011/12/15 22:25:23 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/15 22:25:23 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/15 22:25:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/15 22:25:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/15 22:25:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/15 22:25:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/15 22:25:19 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011/12/15 22:25:18 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011/12/15 22:25:18 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011/12/15 22:25:18 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/12/15 22:25:17 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/12/15 16:35:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/15 16:34:49 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/15 16:34:49 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/23 20:53:12 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 20:53:11 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/23 20:50:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/23 20:45:10 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/23 20:44:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/23 20:44:47 | 2616,573,952 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 16:53:59 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/23 16:38:35 | 000,037,129 | ---- | M] () -- C:\Users\Cichon\Documents\845.jpg
[2011/12/23 16:34:35 | 000,232,482 | ---- | M] () -- C:\Users\Cichon\Documents\Merry-Christmas.jpg
[2011/12/23 14:48:18 | 000,001,369 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/12/23 14:48:06 | 000,001,682 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/12/23 14:40:13 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/22 22:26:36 | 000,276,500 | ---- | M] () -- C:\Users\Cichon\Documents\_412310_6325_2334_6110_2358_5892_...__0_3W_neu.pdf
[2011/12/22 18:58:45 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/12/18 10:10:10 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/17 16:51:32 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/16 16:22:16 | 000,314,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/15 16:28:29 | 001,526,094 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/15 16:28:29 | 000,664,076 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/12/15 16:28:29 | 000,624,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/15 16:28:29 | 000,135,312 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/12/15 16:28:29 | 000,110,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/11 15:19:36 | 003,485,733 | ---- | M] () -- C:\Users\Cichon\Documents\P1050484.JPG
[2011/12/11 15:19:32 | 003,484,255 | ---- | M] () -- C:\Users\Cichon\Documents\P1050483.JPG
[2011/12/11 15:19:26 | 003,506,551 | ---- | M] () -- C:\Users\Cichon\Documents\P1050482.JPG
[2011/12/11 15:19:18 | 003,508,396 | ---- | M] () -- C:\Users\Cichon\Documents\P1050481.JPG
[2011/12/09 12:40:20 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/06 20:10:50 | 000,017,566 | ---- | M] () -- C:\Users\Cichon\Documents\krippe.b.jpg
[2011/12/06 20:10:36 | 000,112,882 | ---- | M] () -- C:\Users\Cichon\Documents\krippe.a.jpg
[2011/12/06 20:10:19 | 000,135,950 | ---- | M] () -- C:\Users\Cichon\Documents\krippe.jpg
[2011/12/04 13:21:52 | 003,602,328 | ---- | M] () -- C:\Users\Cichon\Documents\P1050474.JPG
[2011/12/04 13:20:52 | 003,543,466 | ---- | M] () -- C:\Users\Cichon\Documents\P1050473.JPG
[2011/12/04 13:20:44 | 003,435,913 | ---- | M] () -- C:\Users\Cichon\Documents\P1050472.JPG
[2011/12/04 13:20:38 | 003,524,460 | ---- | M] () -- C:\Users\Cichon\Documents\P1050471.JPG
 
========== Files Created - No Company Name ==========
 
[2011/12/23 16:53:59 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/23 16:38:35 | 000,037,129 | ---- | C] () -- C:\Users\Cichon\Documents\845.jpg
[2011/12/23 16:34:35 | 000,232,482 | ---- | C] () -- C:\Users\Cichon\Documents\Merry-Christmas.jpg
[2011/12/23 14:40:13 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/22 22:26:36 | 000,276,500 | ---- | C] () -- C:\Users\Cichon\Documents\_412310_6325_2334_6110_2358_5892_...__0_3W_neu.pdf
[2011/12/18 10:10:10 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/11 14:21:35 | 003,508,396 | ---- | C] () -- C:\Users\Cichon\Documents\P1050481.JPG
[2011/12/11 14:21:35 | 003,506,551 | ---- | C] () -- C:\Users\Cichon\Documents\P1050482.JPG
[2011/12/11 14:21:35 | 003,485,733 | ---- | C] () -- C:\Users\Cichon\Documents\P1050484.JPG
[2011/12/11 14:21:35 | 003,484,255 | ---- | C] () -- C:\Users\Cichon\Documents\P1050483.JPG
[2011/12/06 20:10:49 | 000,017,566 | ---- | C] () -- C:\Users\Cichon\Documents\krippe.b.jpg
[2011/12/06 20:10:35 | 000,112,882 | ---- | C] () -- C:\Users\Cichon\Documents\krippe.a.jpg
[2011/12/06 20:10:17 | 000,135,950 | ---- | C] () -- C:\Users\Cichon\Documents\krippe.jpg
[2011/12/04 12:24:02 | 003,602,328 | ---- | C] () -- C:\Users\Cichon\Documents\P1050474.JPG
[2011/12/04 12:24:02 | 003,543,466 | ---- | C] () -- C:\Users\Cichon\Documents\P1050473.JPG
[2011/12/04 12:24:02 | 003,524,460 | ---- | C] () -- C:\Users\Cichon\Documents\P1050471.JPG
[2011/12/04 12:24:02 | 003,435,913 | ---- | C] () -- C:\Users\Cichon\Documents\P1050472.JPG
[2011/04/26 15:04:54 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/26 15:04:54 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/03/27 14:56:43 | 000,023,730 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/27 14:30:40 | 000,181,764 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010/03/27 14:30:40 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010/03/19 18:57:42 | 000,001,671 | ---- | C] () -- C:\Windows\unins000.dat
[2010/03/07 18:03:10 | 000,000,000 | ---- | C] () -- C:\Windows\Net4Switch.INI
[2010/03/07 17:37:52 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/03/06 10:39:20 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/03/06 10:39:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/06 09:07:57 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2010/03/05 20:02:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2000/08/02 20:47:20 | 000,026,112 | ---- | C] () -- C:\Windows\RunUnDrv.exe
 
========== LOP Check ==========
 
[2011/11/27 23:33:46 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\BOM
[2010/07/17 12:50:59 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\ImgBurn
[2010/03/06 09:20:09 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\PreisHai4
[2011/09/13 17:45:27 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\Telefónica
[2011/12/02 11:34:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Extras.txt:

Code:

ATTFilter

OTL Extras logfile created on: 12/23/2011 8:52:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Cichon\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.25 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 62.26% Memory free
6.50 Gb Paging File | 5.16 Gb Available in Paging File | 79.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 37.00 Gb Free Space | 49.66% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 208.50 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
 
Computer Name: CICHON-PC | User Name: Cichon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{405CCE33-483B-D5D7-B90C-75D1E74F5E18}" = ATI Catalyst Install Manager
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{73D236C3-4B0F-140C-C3C6-89D017783198}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A00C9114-40E6-4C70-A619-7DF264B23485}" = HP Deskjet F4200 All-In-One Driver Software 13.0 Rel. 3
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"WinRAR archiver" = WinRAR
"ZTE USB Driver" = ZTE USB Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000 SR-1
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02D4B5D7-483C-AB11-CEC4-A9EA52DB9DD8}" = CCC Help Japanese
"{02FA20D9-9E00-AF75-DCC7-6507A01F3FA5}" = Catalyst Control Center Localization All
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0A4076FE-EBDC-BC8F-1130-F0B7B0D4933F}" = CCC Help Finnish
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F358684-06F7-6AB4-2FCE-71E8E216942F}" = CCC Help Portuguese
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1E912493-5247-E3D6-9975-A5825A5FF074}" = CCC Help Polish
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2B0D953A-99D4-E82C-3F9D-4B2624F883B8}" = CCC Help Russian
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BAE7ABF-509A-980A-1C58-969A6B7CBD19}" = CCC Help Chinese Standard
"{2E7BCA31-DBEC-289F-7650-BF3F145557A5}" = Catalyst Control Center Core Implementation
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{363CEA5C-C9D0-45DD-9511-A461DBDEE94B}" = DJ_AIO_03_F4200_Software_Min
"{3654165A-1564-DFA9-14FD-6D350D743E4C}" = CCC Help Greek
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D715682-E248-0F7A-E18B-2D63257B37D7}" = Catalyst Control Center Graphics Full Existing
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = web 'n' walk Manager
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4514C19B-EDD9-F24B-81C4-60F37CA3A778}" = Catalyst Control Center Graphics Previews Vista
"{466D8396-546C-3C22-33C8-6AC73393D588}" = Catalyst Control Center Graphics Light
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FF1C12B-0F5B-C3FC-A094-086DA900FF10}" = CCC Help Turkish
"{61410763-974F-6916-D4D1-5FF656B026A9}" = CCC Help Chinese Traditional
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{670EE9A7-3F8B-8969-AA86-7D958D7572D1}" = ccc-core-static
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F93ED7E-6EAF-A393-634C-D117AB6BE7AA}" = CCC Help Dutch
"{757D709F-B2A5-144B-A476-D0FD404E7369}" = CCC Help French
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{816460CE-D765-C1B8-486A-63833EDFD013}" = CCC Help English
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{939FF9A6-0DC5-C6F8-6BC2-3EC7E17B9C34}" = Catalyst Control Center InstallProxy
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{991B765E-25E4-B573-355A-C2FD3CE7B475}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3666A6-757D-4D14-D474-2CE4A8949127}" = CCC Help Czech
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A362DE84-CD21-CF34-8963-A6068B8BBE2F}" = CCC Help Danish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AE7ACD07-35DF-8DC5-927C-6A58E85829ED}" = CCC Help Korean
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B5BD4251-C0E3-0F8F-0A88-7EDAB0A83125}" = CCC Help Norwegian
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2524280-A5CF-4458-B809-167F13FAB56D}" = F4200
"{C3C84B0F-1333-C391-1078-D9213EC8E351}" = CCC Help German
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C600D0FA-EFF0-F6CE-0F9F-D02EEEE3E32D}" = CCC Help Hungarian
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CED95728-691A-E326-0DCB-D37F51945798}" = Catalyst Control Center Graphics Full New
"{D0189738-1F40-C879-0DD2-2CDEEA39DC78}" = CCC Help Swedish
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D7BF62E1-58F1-15FE-291A-E3F0BBAEB425}" = CCC Help Thai
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F5CC181D-67B0-981C-D0EF-D80271013FB0}" = CCC Help Italian
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Animated Waterfalls_is1" = Animated Waterfalls
"Avira AntiVir Desktop" = Avira Free Antivirus
"Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7
"ClearProg" = ClearProg 1.6.0 Final
"Google Chrome" = Google Chrome
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 4.05.00.00
"ImgBurn" = ImgBurn
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"o2DE" = Mobile Connection Manager
"PreisHai_is1" = PreisHai 4.1
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 5/8/2011 4:10:14 AM | Computer Name = Cichon-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 5/8/2011 1:45:38 PM | Computer Name = Cichon-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpqgpc01.exe, Version: 130.0.14.16,
 Zeitstempel: 0x49dd90d9  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624,
 Zeitstempel: 0x4c297c56  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f36a  ID des fehlerhaften
 Prozesses: 0xfa0  Startzeit der fehlerhaften Anwendung: 0x01cc0d84f98d5f47  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: fbe82b13-799a-11e0-b1f6-e0cb4e90eb5d
 
Error - 5/12/2011 1:39:36 PM | Computer Name = Cichon-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 5/14/2011 10:02:56 AM | Computer Name = Cichon-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 5/15/2011 7:33:14 AM | Computer Name = Cichon-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 5/16/2011 4:20:16 AM | Computer Name = Cichon-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 5/17/2011 9:55:57 AM | Computer Name = Cichon-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 5/18/2011 11:19:09 AM | Computer Name = Cichon-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 5/19/2011 6:22:40 AM | Computer Name = Cichon-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 5/21/2011 1:12:13 PM | Computer Name = Cichon-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 12/23/2011 11:52:24 AM | Computer Name = Cichon-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 12/23/2011 11:52:24 AM | Computer Name = Cichon-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 12/23/2011 11:52:44 AM | Computer Name = Cichon-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 12/23/2011 11:56:55 AM | Computer Name = Cichon-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
Error - 12/23/2011 11:58:18 AM | Computer Name = Cichon-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 12/23/2011 3:44:58 PM | Computer Name = Cichon-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:   %%1060
 
Error - 12/23/2011 3:44:59 PM | Computer Name = Cichon-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist 
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 12/23/2011 3:44:59 PM | Computer Name = Cichon-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 12/23/2011 3:45:16 PM | Computer Name = Cichon-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Lbd
 
Error - 12/23/2011 3:46:27 PM | Computer Name = Cichon-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-2147023143.
 
 
< End of report >

Und einen Scan mit ESET Online Scanner:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9873d9c3ac3994419980da96ab347f49
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-23 09:23:10
# local_time=2011-12-23 10:23:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 474750 474750 0 0
# compatibility_mode=5893 16776574 66 94 97424 76300391 0 0
# compatibility_mode=8192 67108863 100 0 3682 3682 0 0
# scanned=143031
# found=0
# cleaned=0
# scan_time=4849

MfG

cosinus · 24.12.2011, 15:19

Wozu ein neuer Strang?

Ist das ein anderer Rechner?

CMPunk · 24.12.2011, 15:27

Zitat:

Zitat von cosinus

Wozu ein neuer Strang?

Ist das ein anderer Rechner?

Jo, ist hier ein Laptop, der andere Thread ist mein Rechner.
Da die beiden an sich nix miteinander zu tun haben, dachte ich ein neuer Thread wäre für die Übersicht wohl sinnvoller.

cosinus · 24.12.2011, 15:30

Ja, dann ist ein neue Strang richtig

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

CMPunk · 24.12.2011, 19:12

OTL.txt:

Code:

ATTFilter

OTL logfile created on: 12/24/2011 6:44:24 PM - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Cichon\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.25 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 66.68% Memory free
6.50 Gb Paging File | 5.26 Gb Available in Paging File | 80.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 36.92 Gb Free Space | 49.54% Space Free | Partition Type: NTFS
Drive D: | 208.92 Gb Total Space | 208.50 Gb Free Space | 99.80% Space Free | Partition Type: NTFS
 
Computer Name: CICHON-PC | User Name: Cichon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Cichon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV:64bit: - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (TGCM_ImportWiFiSvc) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe (Telefónica I+D)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys (ZTE Incorporated)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (hwmassfilter) -- C:\Windows\SysNative\drivers\ewmassfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (massfilter_hs) -- C:\Windows\SysNative\drivers\massfilter_hs.sys (ZTE Incorporated)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 80 E0 5D B6 CD CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://www.t-online.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Cichon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/27 14:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/23 14:34:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/18 07:47:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/27 14:59:04 | 000,000,000 | ---D | M]
 
[2010/03/05 20:38:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cichon\AppData\Roaming\mozilla\Extensions
[2011/12/15 16:25:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cichon\AppData\Roaming\mozilla\Firefox\Profiles\esyf0s4s.default\extensions
[2010/06/08 10:29:10 | 000,000,927 | ---- | M] () -- C:\Users\Cichon\AppData\Roaming\Mozilla\Firefox\Profiles\esyf0s4s.default\searchplugins\conduit.xml
[2011/11/13 11:58:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/12/23 14:34:57 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/03 07:49:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/03 07:49:13 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/03 07:49:13 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/03 07:49:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/03 07:49:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/03 07:49:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49628D4A-1871-4F40-B1A4-41F4AEF87301}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC7767AB-2530-480A-95B5-B77F4E3C2502}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Cichon\AppData\Local\05248925\X) -C:\Users\Cichon\AppData\Local\05248925\X ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3d517330-d07d-11e0-b0f4-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{3d517330-d07d-11e0-b0f4-e0cb4e90eb5d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
O33 - MountPoints2\{44afbb45-3605-11df-b3d8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{44afbb45-3605-11df-b3d8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6dffc0b9-2acd-11df-96ae-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{6dffc0b9-2acd-11df-96ae-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{79f95dc8-25b8-11df-bdb6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{79f95dc8-25b8-11df-bdb6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\InstAll.exe
O33 - MountPoints2\{b75b3d54-f7eb-11e0-a573-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{b75b3d54-f7eb-11e0-a573-e0cb4e90eb5d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b75b3daf-f7eb-11e0-a573-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{b75b3daf-f7eb-11e0-a573-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb297fc2-2c35-11df-8498-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{bb297fc2-2c35-11df-8498-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb297fcc-2c35-11df-8498-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{bb297fcc-2c35-11df-8498-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb297fd4-2c35-11df-8498-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{bb297fd4-2c35-11df-8498-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c78977bf-2b96-11df-aec8-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{c78977bf-2b96-11df-aec8-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c856d810-2ace-11df-af27-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{c856d810-2ace-11df-af27-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c8dadf66-2c3b-11df-916b-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{c8dadf66-2c3b-11df-916b-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe - ()
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ulead Kalendar Checker 4.0 SE.lnk - C:\PROGRA~2\ULEADS~1\ULEADP~1.0SE\CalCheck.exe - (Ulead Systems, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: HotKey - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig:64bit - StartUpReg: Setwallpaper - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: BFE - Service
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MPSSvc - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/12/24 18:43:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Cichon\Desktop\OTL.exe
[2011/12/23 21:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/12/23 16:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/12/23 16:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/12/23 14:40:17 | 000,000,000 | ---D | C] -- C:\Users\Cichon\AppData\Roaming\Malwarebytes
[2011/12/23 14:40:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/23 14:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/23 14:40:08 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/23 14:40:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/22 18:58:28 | 000,000,000 | -HSD | C] -- C:\Users\Cichon\AppData\Local\05248925
[2011/12/18 10:15:35 | 000,000,000 | ---D | C] -- C:\Users\Cichon\AppData\Roaming\Avira
[2011/12/18 10:10:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/12/18 10:09:53 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/18 10:09:53 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/18 10:09:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/18 10:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/12/18 10:09:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2011/12/24 17:50:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/24 15:05:00 | 002,559,835 | ---- | M] () -- C:\Users\Cichon\Documents\P1050494.JPG
[2011/12/24 15:04:42 | 002,734,852 | ---- | M] () -- C:\Users\Cichon\Documents\P1050493.JPG
[2011/12/24 15:04:34 | 002,680,938 | ---- | M] () -- C:\Users\Cichon\Documents\P1050492.JPG
[2011/12/24 14:07:40 | 001,526,094 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/24 14:07:40 | 000,664,076 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/12/24 14:07:40 | 000,624,526 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/24 14:07:40 | 000,135,312 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/12/24 14:07:40 | 000,110,510 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/24 08:30:04 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/24 08:30:04 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/24 08:28:14 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/12/24 08:22:46 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/24 08:22:27 | 000,305,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/24 08:22:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/24 08:22:12 | 2616,573,952 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/23 20:51:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cichon\Desktop\OTL.exe
[2011/12/23 16:53:59 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/23 16:38:35 | 000,037,129 | ---- | M] () -- C:\Users\Cichon\Documents\845.jpg
[2011/12/23 16:34:35 | 000,232,482 | ---- | M] () -- C:\Users\Cichon\Documents\Merry-Christmas.jpg
[2011/12/23 14:48:18 | 000,001,369 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2011/12/23 14:48:06 | 000,001,682 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011/12/23 14:40:13 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/22 22:26:36 | 000,276,500 | ---- | M] () -- C:\Users\Cichon\Documents\_412310_6325_2334_6110_2358_5892_...__0_3W_neu.pdf
[2011/12/18 10:10:10 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/17 16:51:32 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/12/11 15:19:36 | 003,485,733 | ---- | M] () -- C:\Users\Cichon\Documents\P1050484.JPG
[2011/12/11 15:19:32 | 003,484,255 | ---- | M] () -- C:\Users\Cichon\Documents\P1050483.JPG
[2011/12/11 15:19:26 | 003,506,551 | ---- | M] () -- C:\Users\Cichon\Documents\P1050482.JPG
[2011/12/11 15:19:18 | 003,508,396 | ---- | M] () -- C:\Users\Cichon\Documents\P1050481.JPG
[2011/12/09 12:40:20 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/12/09 12:40:20 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011/12/09 12:40:19 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/12/06 20:10:50 | 000,017,566 | ---- | M] () -- C:\Users\Cichon\Documents\krippe.b.jpg
[2011/12/06 20:10:36 | 000,112,882 | ---- | M] () -- C:\Users\Cichon\Documents\krippe.a.jpg
[2011/12/06 20:10:19 | 000,135,950 | ---- | M] () -- C:\Users\Cichon\Documents\krippe.jpg
[2011/12/04 13:21:52 | 003,602,328 | ---- | M] () -- C:\Users\Cichon\Documents\P1050474.JPG
[2011/12/04 13:20:52 | 003,543,466 | ---- | M] () -- C:\Users\Cichon\Documents\P1050473.JPG
[2011/12/04 13:20:44 | 003,435,913 | ---- | M] () -- C:\Users\Cichon\Documents\P1050472.JPG
[2011/12/04 13:20:38 | 003,524,460 | ---- | M] () -- C:\Users\Cichon\Documents\P1050471.JPG
 
========== Files Created - No Company Name ==========
 
[2011/12/24 14:07:08 | 002,734,852 | ---- | C] () -- C:\Users\Cichon\Documents\P1050493.JPG
[2011/12/24 14:07:08 | 002,680,938 | ---- | C] () -- C:\Users\Cichon\Documents\P1050492.JPG
[2011/12/24 14:07:08 | 002,559,835 | ---- | C] () -- C:\Users\Cichon\Documents\P1050494.JPG
[2011/12/23 16:53:59 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/12/23 16:38:35 | 000,037,129 | ---- | C] () -- C:\Users\Cichon\Documents\845.jpg
[2011/12/23 16:34:35 | 000,232,482 | ---- | C] () -- C:\Users\Cichon\Documents\Merry-Christmas.jpg
[2011/12/23 14:40:13 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/22 22:26:36 | 000,276,500 | ---- | C] () -- C:\Users\Cichon\Documents\_412310_6325_2334_6110_2358_5892_...__0_3W_neu.pdf
[2011/12/18 10:10:10 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/11 14:21:35 | 003,508,396 | ---- | C] () -- C:\Users\Cichon\Documents\P1050481.JPG
[2011/12/11 14:21:35 | 003,506,551 | ---- | C] () -- C:\Users\Cichon\Documents\P1050482.JPG
[2011/12/11 14:21:35 | 003,485,733 | ---- | C] () -- C:\Users\Cichon\Documents\P1050484.JPG
[2011/12/11 14:21:35 | 003,484,255 | ---- | C] () -- C:\Users\Cichon\Documents\P1050483.JPG
[2011/12/06 20:10:49 | 000,017,566 | ---- | C] () -- C:\Users\Cichon\Documents\krippe.b.jpg
[2011/12/06 20:10:35 | 000,112,882 | ---- | C] () -- C:\Users\Cichon\Documents\krippe.a.jpg
[2011/12/06 20:10:17 | 000,135,950 | ---- | C] () -- C:\Users\Cichon\Documents\krippe.jpg
[2011/12/04 12:24:02 | 003,602,328 | ---- | C] () -- C:\Users\Cichon\Documents\P1050474.JPG
[2011/12/04 12:24:02 | 003,543,466 | ---- | C] () -- C:\Users\Cichon\Documents\P1050473.JPG
[2011/12/04 12:24:02 | 003,524,460 | ---- | C] () -- C:\Users\Cichon\Documents\P1050471.JPG
[2011/12/04 12:24:02 | 003,435,913 | ---- | C] () -- C:\Users\Cichon\Documents\P1050472.JPG
[2011/04/26 15:04:54 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/26 15:04:54 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/03/27 14:56:43 | 000,023,730 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/03/27 14:30:40 | 000,181,764 | ---- | C] () -- C:\Windows\hpoins28.dat
[2010/03/27 14:30:40 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010/03/19 18:57:42 | 000,001,671 | ---- | C] () -- C:\Windows\unins000.dat
[2010/03/07 18:03:10 | 000,000,000 | ---- | C] () -- C:\Windows\Net4Switch.INI
[2010/03/07 17:37:52 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2010/03/06 10:39:20 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/03/06 10:39:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/03/06 09:07:57 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2010/03/05 20:02:38 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/29 06:20:40 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2000/08/02 20:47:20 | 000,026,112 | ---- | C] () -- C:\Windows\RunUnDrv.exe
 
========== LOP Check ==========
 
[2011/11/27 23:33:46 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\BOM
[2010/07/17 12:50:59 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\ImgBurn
[2010/03/06 09:20:09 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\PreisHai4
[2011/09/13 17:45:27 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\Telefónica
[2011/12/02 11:34:03 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/03/07 09:35:13 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\Adobe
[2010/03/05 20:07:35 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\ATI
[2011/12/18 10:15:35 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\Avira
[2011/11/27 23:33:46 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\BOM
[2011/08/16 18:50:07 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\dvdcss
[2010/03/27 14:47:15 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\HP
[2010/07/18 19:44:46 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\HpUpdate
[2010/03/05 18:53:51 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\Identities
[2010/07/17 12:50:59 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\ImgBurn
[2010/03/05 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\Macromedia
[2011/12/23 14:40:17 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\Media Center Programs
[2010/11/02 17:18:38 | 000,000,000 | --SD | M] -- C:\Users\Cichon\AppData\Roaming\Microsoft
[2010/03/06 10:37:15 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\Microsoft Web Folders
[2010/03/05 20:38:11 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\Mozilla
[2010/03/06 09:20:09 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\PreisHai4
[2011/09/13 17:45:27 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\Telefónica
[2011/08/16 18:54:59 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\vlc
[2010/03/10 12:04:47 | 000,000,000 | ---D | M] -- C:\Users\Cichon\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010/03/05 20:00:25 | 000,010,134 | R--- | M] () -- C:\Users\Cichon\AppData\Roaming\Microsoft\Installer\{939FF9A6-0DC5-C6F8-6BC2-3EC7E17B9C34}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 25.12.2011, 23:33

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 17 80 E0 5D B6 CD CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3d517330-d07d-11e0-b0f4-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{3d517330-d07d-11e0-b0f4-e0cb4e90eb5d}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta
O33 - MountPoints2\{44afbb45-3605-11df-b3d8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{44afbb45-3605-11df-b3d8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{6dffc0b9-2acd-11df-96ae-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{6dffc0b9-2acd-11df-96ae-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{79f95dc8-25b8-11df-bdb6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{79f95dc8-25b8-11df-bdb6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\InstAll.exe
O33 - MountPoints2\{b75b3d54-f7eb-11e0-a573-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{b75b3d54-f7eb-11e0-a573-e0cb4e90eb5d}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b75b3daf-f7eb-11e0-a573-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{b75b3daf-f7eb-11e0-a573-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb297fc2-2c35-11df-8498-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{bb297fc2-2c35-11df-8498-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb297fcc-2c35-11df-8498-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{bb297fcc-2c35-11df-8498-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bb297fd4-2c35-11df-8498-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{bb297fd4-2c35-11df-8498-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c78977bf-2b96-11df-aec8-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{c78977bf-2b96-11df-aec8-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c856d810-2ace-11df-af27-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{c856d810-2ace-11df-af27-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c8dadf66-2c3b-11df-916b-e0cb4e90eb5d}\Shell - "" = AutoRun
O33 - MountPoints2\{c8dadf66-2c3b-11df-916b-e0cb4e90eb5d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

CMPunk · 26.12.2011, 10:40

OTL.txt:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Program Files (x86)\softonic-de3\prxtbsof0.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\prxtbsof0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\prxtbsof0.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files (x86)\softonic-de3\prxtbsof0.dll not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files (x86)\softonic-de3\prxtbsof0.dll not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d517330-d07d-11e0-b0f4-e0cb4e90eb5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d517330-d07d-11e0-b0f4-e0cb4e90eb5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d517330-d07d-11e0-b0f4-e0cb4e90eb5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d517330-d07d-11e0-b0f4-e0cb4e90eb5d}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44afbb45-3605-11df-b3d8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44afbb45-3605-11df-b3d8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44afbb45-3605-11df-b3d8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44afbb45-3605-11df-b3d8-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dffc0b9-2acd-11df-96ae-e0cb4e90eb5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dffc0b9-2acd-11df-96ae-e0cb4e90eb5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6dffc0b9-2acd-11df-96ae-e0cb4e90eb5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6dffc0b9-2acd-11df-96ae-e0cb4e90eb5d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79f95dc8-25b8-11df-bdb6-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79f95dc8-25b8-11df-bdb6-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79f95dc8-25b8-11df-bdb6-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79f95dc8-25b8-11df-bdb6-806e6f6e6963}\ not found.
File E:\InstAll.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b75b3d54-f7eb-11e0-a573-e0cb4e90eb5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b75b3d54-f7eb-11e0-a573-e0cb4e90eb5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b75b3d54-f7eb-11e0-a573-e0cb4e90eb5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b75b3d54-f7eb-11e0-a573-e0cb4e90eb5d}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b75b3daf-f7eb-11e0-a573-e0cb4e90eb5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b75b3daf-f7eb-11e0-a573-e0cb4e90eb5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b75b3daf-f7eb-11e0-a573-e0cb4e90eb5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b75b3daf-f7eb-11e0-a573-e0cb4e90eb5d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb297fc2-2c35-11df-8498-e0cb4e90eb5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb297fc2-2c35-11df-8498-e0cb4e90eb5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb297fc2-2c35-11df-8498-e0cb4e90eb5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb297fc2-2c35-11df-8498-e0cb4e90eb5d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb297fcc-2c35-11df-8498-e0cb4e90eb5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb297fcc-2c35-11df-8498-e0cb4e90eb5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb297fcc-2c35-11df-8498-e0cb4e90eb5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb297fcc-2c35-11df-8498-e0cb4e90eb5d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb297fd4-2c35-11df-8498-e0cb4e90eb5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb297fd4-2c35-11df-8498-e0cb4e90eb5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb297fd4-2c35-11df-8498-e0cb4e90eb5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb297fd4-2c35-11df-8498-e0cb4e90eb5d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c78977bf-2b96-11df-aec8-e0cb4e90eb5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c78977bf-2b96-11df-aec8-e0cb4e90eb5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c78977bf-2b96-11df-aec8-e0cb4e90eb5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c78977bf-2b96-11df-aec8-e0cb4e90eb5d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c856d810-2ace-11df-af27-e0cb4e90eb5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c856d810-2ace-11df-af27-e0cb4e90eb5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c856d810-2ace-11df-af27-e0cb4e90eb5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c856d810-2ace-11df-af27-e0cb4e90eb5d}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8dadf66-2c3b-11df-916b-e0cb4e90eb5d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8dadf66-2c3b-11df-916b-e0cb4e90eb5d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8dadf66-2c3b-11df-916b-e0cb4e90eb5d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8dadf66-2c3b-11df-916b-e0cb4e90eb5d}\ not found.
File F:\AutoRun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Cichon
->Temp folder emptied: 4248952 bytes
->Temporary Internet Files folder emptied: 6612390 bytes
->Java cache emptied: 3261578 bytes
->FireFox cache emptied: 527521139 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2429 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1267927 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 426733112 bytes
 
Total Files Cleaned = 925.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12262011_103325

Files\Folders moved on Reboot...
C:\Users\Cichon\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 26.12.2011, 18:06

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

CMPunk · 26.12.2011, 18:16

Log:

Code:

ATTFilter

18:14:57.0115 4080	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
18:14:57.0175 4080	============================================================
18:14:57.0175 4080	Current date / time: 2011/12/26 18:14:57.0175
18:14:57.0175 4080	SystemInfo:
18:14:57.0175 4080	
18:14:57.0175 4080	OS Version: 6.1.7601 ServicePack: 1.0
18:14:57.0175 4080	Product type: Workstation
18:14:57.0175 4080	ComputerName: CICHON-PC
18:14:57.0175 4080	UserName: Cichon
18:14:57.0175 4080	Windows directory: C:\Windows
18:14:57.0176 4080	System windows directory: C:\Windows
18:14:57.0176 4080	Running under WOW64
18:14:57.0176 4080	Processor architecture: Intel x64
18:14:57.0176 4080	Number of processors: 2
18:14:57.0176 4080	Page size: 0x1000
18:14:57.0176 4080	Boot type: Normal boot
18:14:57.0176 4080	============================================================
18:14:58.0637 4080	Initialize success
18:15:21.0339 2436	============================================================
18:15:21.0339 2436	Scan started
18:15:21.0339 2436	Mode: Manual; SigCheck; TDLFS; 
18:15:21.0339 2436	============================================================
18:15:22.0416 2436	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:15:22.0525 2436	1394ohci - ok
18:15:22.0556 2436	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:15:22.0572 2436	ACPI - ok
18:15:22.0665 2436	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:15:22.0775 2436	AcpiPmi - ok
18:15:22.0884 2436	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:15:22.0931 2436	adp94xx - ok
18:15:23.0040 2436	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:15:23.0087 2436	adpahci - ok
18:15:23.0102 2436	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:15:23.0133 2436	adpu320 - ok
18:15:23.0258 2436	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
18:15:23.0367 2436	AFD - ok
18:15:23.0461 2436	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:15:23.0492 2436	agp440 - ok
18:15:23.0539 2436	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:15:23.0555 2436	aliide - ok
18:15:23.0679 2436	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:15:23.0711 2436	amdide - ok
18:15:23.0757 2436	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:15:23.0851 2436	AmdK8 - ok
18:15:23.0945 2436	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:15:24.0007 2436	AmdPPM - ok
18:15:24.0038 2436	amdsata         (8818a2ab90189b7ff60a24c0847f9a6b) C:\Windows\system32\DRIVERS\amdsata.sys
18:15:24.0116 2436	amdsata - ok
18:15:24.0210 2436	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:15:24.0257 2436	amdsbs - ok
18:15:24.0288 2436	amdxata         (3c430969f097dee18d13010d678069cd) C:\Windows\system32\DRIVERS\amdxata.sys
18:15:24.0288 2436	amdxata - ok
18:15:24.0397 2436	AmUStor         (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
18:15:24.0491 2436	AmUStor - ok
18:15:24.0647 2436	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:15:24.0740 2436	AppID - ok
18:15:24.0803 2436	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:15:24.0834 2436	arc - ok
18:15:24.0896 2436	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:15:24.0927 2436	arcsas - ok
18:15:25.0005 2436	ASMMAP64        (2db34edd17d3a8da7105a19c95a3dd68) C:\Program Files\ATKGFNEX\ASMMAP64.sys
18:15:25.0021 2436	ASMMAP64 - ok
18:15:25.0130 2436	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:15:25.0286 2436	AsyncMac - ok
18:15:25.0395 2436	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:15:25.0427 2436	atapi - ok
18:15:25.0489 2436	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
18:15:25.0614 2436	athr - ok
18:15:25.0707 2436	AtiHdmiService  (3b9014fb7ce9e20fd726321c7db7d8b0) C:\Windows\system32\drivers\AtiHdmi.sys
18:15:25.0739 2436	AtiHdmiService - ok
18:15:25.0941 2436	atikmdag        (544256005d11723e89af323ee4f01809) C:\Windows\system32\DRIVERS\atikmdag.sys
18:15:26.0269 2436	atikmdag - ok
18:15:26.0378 2436	AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:15:26.0394 2436	AtiPcie - ok
18:15:26.0519 2436	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
18:15:26.0550 2436	avgntflt - ok
18:15:26.0612 2436	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
18:15:26.0659 2436	avipbb - ok
18:15:26.0784 2436	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:15:26.0815 2436	avkmgr - ok
18:15:26.0877 2436	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:15:26.0971 2436	b06bdrv - ok
18:15:27.0065 2436	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:15:27.0127 2436	b57nd60a - ok
18:15:27.0236 2436	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:15:27.0330 2436	Beep - ok
18:15:27.0377 2436	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:15:27.0439 2436	blbdrive - ok
18:15:27.0517 2436	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:15:27.0595 2436	bowser - ok
18:15:27.0673 2436	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:15:27.0782 2436	BrFiltLo - ok
18:15:27.0860 2436	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:15:27.0907 2436	BrFiltUp - ok
18:15:27.0923 2436	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:15:28.0016 2436	Brserid - ok
18:15:28.0110 2436	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:15:28.0188 2436	BrSerWdm - ok
18:15:28.0281 2436	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:15:28.0328 2436	BrUsbMdm - ok
18:15:28.0344 2436	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:15:28.0375 2436	BrUsbSer - ok
18:15:28.0484 2436	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:15:28.0562 2436	BTHMODEM - ok
18:15:28.0781 2436	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:15:28.0921 2436	cdfs - ok
18:15:29.0030 2436	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:15:29.0093 2436	cdrom - ok
18:15:29.0202 2436	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:15:29.0249 2436	circlass - ok
18:15:29.0311 2436	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:15:29.0327 2436	CLFS - ok
18:15:29.0483 2436	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:15:29.0529 2436	CmBatt - ok
18:15:29.0561 2436	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:15:29.0592 2436	cmdide - ok
18:15:29.0685 2436	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
18:15:29.0748 2436	CNG - ok
18:15:29.0841 2436	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:15:29.0873 2436	Compbatt - ok
18:15:29.0919 2436	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:15:29.0982 2436	CompositeBus - ok
18:15:30.0075 2436	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:15:30.0107 2436	crcdisk - ok
18:15:30.0169 2436	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:15:30.0263 2436	DfsC - ok
18:15:30.0356 2436	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:15:30.0419 2436	discache - ok
18:15:30.0481 2436	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:15:30.0497 2436	Disk - ok
18:15:30.0637 2436	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
18:15:30.0684 2436	Dot4 - ok
18:15:30.0809 2436	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
18:15:30.0871 2436	Dot4Print - ok
18:15:30.0918 2436	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
18:15:30.0949 2436	dot4usb - ok
18:15:31.0058 2436	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:15:31.0121 2436	drmkaud - ok
18:15:31.0167 2436	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:15:31.0214 2436	DXGKrnl - ok
18:15:31.0401 2436	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:15:31.0557 2436	ebdrv - ok
18:15:31.0698 2436	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:15:31.0729 2436	elxstor - ok
18:15:31.0901 2436	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:15:31.0963 2436	ErrDev - ok
18:15:32.0072 2436	ETD             (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
18:15:32.0181 2436	ETD - ok
18:15:32.0291 2436	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:15:32.0400 2436	exfat - ok
18:15:32.0415 2436	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:15:32.0478 2436	fastfat - ok
18:15:32.0587 2436	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:15:32.0634 2436	fdc - ok
18:15:32.0743 2436	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:15:32.0759 2436	FileInfo - ok
18:15:32.0790 2436	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:15:32.0852 2436	Filetrace - ok
18:15:32.0930 2436	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:15:32.0993 2436	flpydisk - ok
18:15:33.0039 2436	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:15:33.0055 2436	FltMgr - ok
18:15:33.0149 2436	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:15:33.0195 2436	FsDepends - ok
18:15:33.0211 2436	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
18:15:33.0227 2436	Fs_Rec - ok
18:15:33.0273 2436	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:15:33.0305 2436	fvevol - ok
18:15:33.0383 2436	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:15:33.0429 2436	gagp30kx - ok
18:15:33.0492 2436	ghaio           (7d66ebde8b7f9b4e00beefeee82670d4) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
18:15:33.0523 2436	ghaio - ok
18:15:33.0663 2436	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:15:33.0726 2436	hcw85cir - ok
18:15:33.0835 2436	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:15:33.0913 2436	HdAudAddService - ok
18:15:33.0944 2436	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:15:33.0991 2436	HDAudBus - ok
18:15:34.0069 2436	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:15:34.0131 2436	HidBatt - ok
18:15:34.0147 2436	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:15:34.0178 2436	HidBth - ok
18:15:34.0287 2436	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:15:34.0350 2436	HidIr - ok
18:15:34.0459 2436	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:15:34.0506 2436	HidUsb - ok
18:15:34.0631 2436	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:15:34.0662 2436	HpSAMD - ok
18:15:34.0724 2436	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:15:34.0818 2436	HTTP - ok
18:15:34.0911 2436	huawei_enumerator (08b1a06a55f068a17a51ba26618cf50f) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
18:15:34.0989 2436	huawei_enumerator - ok
18:15:35.0083 2436	hwdatacard      (6e5cd3984742a922d0c183c7e82c3c94) C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:15:35.0177 2436	hwdatacard - ok
18:15:35.0270 2436	hwmassfilter    (019aa7829c7f1d253593d72818499e51) C:\Windows\system32\DRIVERS\ewmassfilter.sys
18:15:35.0301 2436	hwmassfilter - ok
18:15:35.0333 2436	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:15:35.0348 2436	hwpolicy - ok
18:15:35.0473 2436	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:15:35.0520 2436	i8042prt - ok
18:15:35.0551 2436	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
18:15:35.0567 2436	iaStorV - ok
18:15:35.0660 2436	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:15:35.0691 2436	iirsp - ok
18:15:35.0723 2436	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:15:35.0738 2436	intelide - ok
18:15:35.0847 2436	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:15:35.0910 2436	intelppm - ok
18:15:35.0957 2436	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:15:36.0019 2436	IpFilterDriver - ok
18:15:36.0113 2436	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:15:36.0175 2436	IPMIDRV - ok
18:15:36.0284 2436	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:15:36.0378 2436	IPNAT - ok
18:15:36.0409 2436	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:15:36.0440 2436	IRENUM - ok
18:15:36.0534 2436	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:15:36.0565 2436	isapnp - ok
18:15:36.0612 2436	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:15:36.0643 2436	iScsiPrt - ok
18:15:36.0737 2436	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:15:36.0783 2436	kbdclass - ok
18:15:36.0815 2436	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:15:36.0861 2436	kbdhid - ok
18:15:37.0002 2436	kbfiltr         (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
18:15:37.0033 2436	kbfiltr - ok
18:15:37.0080 2436	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
18:15:37.0095 2436	KSecDD - ok
18:15:37.0189 2436	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
18:15:37.0205 2436	KSecPkg - ok
18:15:37.0236 2436	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:15:37.0298 2436	ksthunk - ok
18:15:37.0407 2436	L1E             (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys
18:15:37.0470 2436	L1E - ok
18:15:37.0563 2436	Lbd - ok
18:15:37.0610 2436	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:15:37.0704 2436	lltdio - ok
18:15:37.0813 2436	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:15:37.0860 2436	LSI_FC - ok
18:15:37.0875 2436	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:15:37.0891 2436	LSI_SAS - ok
18:15:37.0907 2436	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:15:37.0922 2436	LSI_SAS2 - ok
18:15:38.0031 2436	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:15:38.0063 2436	LSI_SCSI - ok
18:15:38.0109 2436	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:15:38.0156 2436	luafv - ok
18:15:38.0281 2436	massfilter      (1b4dbcaa0321bbb76255983148051f09) C:\Windows\system32\drivers\massfilter.sys
18:15:38.0343 2436	massfilter - ok
18:15:38.0437 2436	massfilter_hs   (7ad627cdb12f5f451f24c8a97ca6e175) C:\Windows\system32\drivers\massfilter_hs.sys
18:15:38.0499 2436	massfilter_hs - ok
18:15:38.0593 2436	MBAMProtector   (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
18:15:38.0624 2436	MBAMProtector - ok
18:15:38.0687 2436	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:15:38.0718 2436	megasas - ok
18:15:38.0827 2436	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:15:38.0858 2436	MegaSR - ok
18:15:38.0890 2436	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:15:38.0968 2436	Modem - ok
18:15:39.0061 2436	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:15:39.0092 2436	monitor - ok
18:15:39.0124 2436	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:15:39.0139 2436	mouclass - ok
18:15:39.0248 2436	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:15:39.0295 2436	mouhid - ok
18:15:39.0342 2436	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:15:39.0358 2436	mountmgr - ok
18:15:39.0436 2436	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:15:39.0482 2436	mpio - ok
18:15:39.0498 2436	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:15:39.0560 2436	mpsdrv - ok
18:15:39.0654 2436	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:15:39.0763 2436	MRxDAV - ok
18:15:39.0857 2436	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:15:39.0919 2436	mrxsmb - ok
18:15:39.0966 2436	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:15:39.0997 2436	mrxsmb10 - ok
18:15:40.0075 2436	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:15:40.0122 2436	mrxsmb20 - ok
18:15:40.0169 2436	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:15:40.0184 2436	msahci - ok
18:15:40.0294 2436	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:15:40.0325 2436	msdsm - ok
18:15:40.0387 2436	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:15:40.0465 2436	Msfs - ok
18:15:40.0574 2436	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:15:40.0652 2436	mshidkmdf - ok
18:15:40.0808 2436	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:15:40.0840 2436	msisadrv - ok
18:15:41.0120 2436	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:15:41.0198 2436	MSKSSRV - ok
18:15:41.0292 2436	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:15:41.0370 2436	MSPCLOCK - ok
18:15:41.0401 2436	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:15:41.0448 2436	MSPQM - ok
18:15:41.0557 2436	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:15:41.0588 2436	MsRPC - ok
18:15:41.0620 2436	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:15:41.0635 2436	mssmbios - ok
18:15:41.0713 2436	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:15:41.0822 2436	MSTEE - ok
18:15:41.0838 2436	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:15:41.0869 2436	MTConfig - ok
18:15:41.0978 2436	MTsensor        (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
18:15:42.0010 2436	MTsensor - ok
18:15:42.0041 2436	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:15:42.0056 2436	Mup - ok
18:15:42.0181 2436	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:15:42.0290 2436	NativeWifiP - ok
18:15:42.0353 2436	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:15:42.0384 2436	NDIS - ok
18:15:42.0478 2436	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:15:42.0556 2436	NdisCap - ok
18:15:42.0587 2436	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:15:42.0649 2436	NdisTapi - ok
18:15:42.0758 2436	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:15:42.0836 2436	Ndisuio - ok
18:15:42.0868 2436	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:15:42.0930 2436	NdisWan - ok
18:15:43.0008 2436	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:15:43.0117 2436	NDProxy - ok
18:15:43.0164 2436	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:15:43.0258 2436	NetBIOS - ok
18:15:43.0351 2436	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:15:43.0476 2436	NetBT - ok
18:15:43.0601 2436	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:15:43.0632 2436	nfrd960 - ok
18:15:43.0648 2436	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:15:43.0726 2436	Npfs - ok
18:15:43.0819 2436	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:15:43.0913 2436	nsiproxy - ok
18:15:43.0991 2436	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
18:15:44.0038 2436	Ntfs - ok
18:15:44.0131 2436	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:15:44.0209 2436	Null - ok
18:15:44.0240 2436	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
18:15:44.0256 2436	nvraid - ok
18:15:44.0365 2436	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
18:15:44.0396 2436	nvstor - ok
18:15:44.0428 2436	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:15:44.0443 2436	nv_agp - ok
18:15:44.0459 2436	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:15:44.0506 2436	ohci1394 - ok
18:15:44.0630 2436	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:15:44.0693 2436	Parport - ok
18:15:44.0740 2436	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
18:15:44.0755 2436	partmgr - ok
18:15:44.0864 2436	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:15:44.0896 2436	pci - ok
18:15:44.0911 2436	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:15:44.0911 2436	pciide - ok
18:15:44.0942 2436	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:15:44.0974 2436	pcmcia - ok
18:15:45.0052 2436	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:15:45.0083 2436	pcw - ok
18:15:45.0114 2436	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:15:45.0192 2436	PEAUTH - ok
18:15:45.0364 2436	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:15:45.0442 2436	PptpMiniport - ok
18:15:45.0488 2436	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:15:45.0520 2436	Processor - ok
18:15:45.0629 2436	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:15:45.0722 2436	Psched - ok
18:15:45.0785 2436	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:15:45.0832 2436	ql2300 - ok
18:15:45.0925 2436	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:15:45.0956 2436	ql40xx - ok
18:15:45.0988 2436	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:15:46.0050 2436	QWAVEdrv - ok
18:15:46.0222 2436	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:15:46.0315 2436	RasAcd - ok
18:15:46.0409 2436	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:15:46.0471 2436	RasAgileVpn - ok
18:15:46.0518 2436	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:15:46.0580 2436	Rasl2tp - ok
18:15:46.0674 2436	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:15:46.0783 2436	RasPppoe - ok
18:15:46.0799 2436	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:15:46.0861 2436	RasSstp - ok
18:15:46.0970 2436	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:15:47.0033 2436	rdbss - ok
18:15:47.0064 2436	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:15:47.0095 2436	rdpbus - ok
18:15:47.0189 2436	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:15:47.0282 2436	RDPCDD - ok
18:15:47.0329 2436	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:15:47.0423 2436	RDPENCDD - ok
18:15:47.0501 2436	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:15:47.0594 2436	RDPREFMP - ok
18:15:47.0641 2436	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
18:15:47.0688 2436	RDPWD - ok
18:15:47.0782 2436	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:15:47.0813 2436	rdyboost - ok
18:15:47.0875 2436	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:15:47.0922 2436	rspndr - ok
18:15:48.0016 2436	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:15:48.0047 2436	sbp2port - ok
18:15:48.0078 2436	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:15:48.0140 2436	scfilter - ok
18:15:48.0265 2436	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:15:48.0359 2436	secdrv - ok
18:15:48.0390 2436	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:15:48.0406 2436	Serenum - ok
18:15:48.0515 2436	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:15:48.0562 2436	Serial - ok
18:15:48.0577 2436	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:15:48.0608 2436	sermouse - ok
18:15:48.0718 2436	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:15:48.0764 2436	sffdisk - ok
18:15:48.0780 2436	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:15:48.0811 2436	sffp_mmc - ok
18:15:48.0811 2436	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:15:48.0842 2436	sffp_sd - ok
18:15:48.0936 2436	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:15:48.0983 2436	sfloppy - ok
18:15:49.0092 2436	SiSGbeLH        (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
18:15:49.0154 2436	SiSGbeLH - ok
18:15:49.0201 2436	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:15:49.0232 2436	SiSRaid2 - ok
18:15:49.0326 2436	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:15:49.0357 2436	SiSRaid4 - ok
18:15:49.0388 2436	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:15:49.0451 2436	Smb - ok
18:15:49.0607 2436	SNP2UVC         (1d8474722cdffbb8fca5fa12c50a05a2) C:\Windows\system32\DRIVERS\snp2uvc.sys
18:15:49.0669 2436	SNP2UVC - ok
18:15:49.0763 2436	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:15:49.0778 2436	spldr - ok
18:15:49.0856 2436	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:15:49.0919 2436	srv - ok
18:15:50.0012 2436	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:15:50.0090 2436	srv2 - ok
18:15:50.0200 2436	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:15:50.0246 2436	srvnet - ok
18:15:50.0356 2436	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:15:50.0387 2436	stexstor - ok
18:15:50.0434 2436	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:15:50.0449 2436	swenum - ok
18:15:50.0605 2436	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
18:15:50.0652 2436	Tcpip - ok
18:15:50.0792 2436	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
18:15:50.0839 2436	TCPIP6 - ok
18:15:50.0933 2436	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:15:51.0026 2436	tcpipreg - ok
18:15:51.0073 2436	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:15:51.0151 2436	TDPIPE - ok
18:15:51.0245 2436	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
18:15:51.0323 2436	TDTCP - ok
18:15:51.0354 2436	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:15:51.0401 2436	tdx - ok
18:15:51.0494 2436	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:15:51.0526 2436	TermDD - ok
18:15:51.0604 2436	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:15:51.0682 2436	tssecsrv - ok
18:15:51.0791 2436	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:15:51.0869 2436	TsUsbFlt - ok
18:15:51.0978 2436	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:15:52.0072 2436	tunnel - ok
18:15:52.0118 2436	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:15:52.0150 2436	uagp35 - ok
18:15:52.0243 2436	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:15:52.0368 2436	udfs - ok
18:15:52.0415 2436	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:15:52.0430 2436	uliagpkx - ok
18:15:52.0586 2436	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:15:52.0664 2436	umbus - ok
18:15:52.0696 2436	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:15:52.0727 2436	UmPass - ok
18:15:52.0820 2436	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
18:15:52.0898 2436	usbccgp - ok
18:15:52.0992 2436	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:15:53.0054 2436	usbcir - ok
18:15:53.0070 2436	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
18:15:53.0117 2436	usbehci - ok
18:15:53.0210 2436	usbfilter       (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
18:15:53.0257 2436	usbfilter - ok
18:15:53.0304 2436	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
18:15:53.0335 2436	usbhub - ok
18:15:53.0429 2436	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
18:15:53.0460 2436	usbohci - ok
18:15:53.0538 2436	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:15:53.0569 2436	usbprint - ok
18:15:53.0647 2436	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:15:53.0694 2436	usbscan - ok
18:15:53.0772 2436	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:15:53.0834 2436	USBSTOR - ok
18:15:53.0912 2436	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
18:15:53.0959 2436	usbuhci - ok
18:15:54.0022 2436	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:15:54.0068 2436	usbvideo - ok
18:15:54.0193 2436	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:15:54.0209 2436	vdrvroot - ok
18:15:54.0271 2436	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:15:54.0287 2436	vga - ok
18:15:54.0365 2436	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:15:54.0458 2436	VgaSave - ok
18:15:54.0490 2436	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:15:54.0521 2436	vhdmp - ok
18:15:54.0599 2436	VIAHdAudAddService - ok
18:15:54.0646 2436	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:15:54.0677 2436	viaide - ok
18:15:54.0692 2436	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:15:54.0708 2436	volmgr - ok
18:15:54.0755 2436	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:15:54.0786 2436	volmgrx - ok
18:15:54.0880 2436	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:15:54.0926 2436	volsnap - ok
18:15:54.0958 2436	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:15:54.0989 2436	vsmraid - ok
18:15:55.0067 2436	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:15:55.0129 2436	vwifibus - ok
18:15:55.0160 2436	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:15:55.0192 2436	vwififlt - ok
18:15:55.0285 2436	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:15:55.0348 2436	WacomPen - ok
18:15:55.0394 2436	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:15:55.0457 2436	WANARP - ok
18:15:55.0457 2436	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:15:55.0504 2436	Wanarpv6 - ok
18:15:55.0613 2436	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:15:55.0628 2436	Wd - ok
18:15:55.0660 2436	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:15:55.0691 2436	Wdf01000 - ok
18:15:55.0816 2436	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:15:55.0894 2436	WfpLwf - ok
18:15:55.0940 2436	WimFltr         (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
18:15:55.0956 2436	WimFltr - ok
18:15:55.0972 2436	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:15:55.0987 2436	WIMMount - ok
18:15:56.0128 2436	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:15:56.0174 2436	WmiAcpi - ok
18:15:56.0252 2436	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:15:56.0315 2436	ws2ifsl - ok
18:15:56.0424 2436	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:15:56.0502 2436	WudfPf - ok
18:15:56.0533 2436	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:15:56.0580 2436	WUDFRd - ok
18:15:56.0689 2436	ZTEusbmdm6k     (ad6558fbc66691959ba4ac55a57c3921) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
18:15:56.0767 2436	ZTEusbmdm6k - ok
18:15:56.0798 2436	ZTEusbnmea      (ad6558fbc66691959ba4ac55a57c3921) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
18:15:56.0830 2436	ZTEusbnmea - ok
18:15:56.0954 2436	ZTEusbser6k     (ad6558fbc66691959ba4ac55a57c3921) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
18:15:56.0986 2436	ZTEusbser6k - ok
18:15:57.0032 2436	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:15:57.0220 2436	\Device\Harddisk0\DR0 - ok
18:15:57.0235 2436	Boot (0x1200)   (796c8060bf868b89ba4163377c111d2f) \Device\Harddisk0\DR0\Partition0
18:15:57.0235 2436	\Device\Harddisk0\DR0\Partition0 - ok
18:15:57.0251 2436	Boot (0x1200)   (5b9d9f940704e2b36f5150cc047e8f8b) \Device\Harddisk0\DR0\Partition1
18:15:57.0251 2436	\Device\Harddisk0\DR0\Partition1 - ok
18:15:57.0251 2436	============================================================
18:15:57.0251 2436	Scan finished
18:15:57.0251 2436	============================================================
18:15:57.0266 1912	Detected object count: 0
18:15:57.0266 1912	Actual detected object count: 0
18:16:01.0681 3020	Deinitialize success

cosinus · 26.12.2011, 19:22

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

CMPunk · 26.12.2011, 21:12

Log:

Code:

ATTFilter

ComboFix 11-12-26.02 - Cichon 26.12.2011  20:48:54.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3327.2327 [GMT 1:00]
ausgeführt von:: c:\users\Cichon\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cichon\AppData\Local\05248925\U
c:\users\Cichon\AppData\Local\05248925\U\80000000.@
c:\users\Cichon\AppData\Local\05248925\U\800000cb.@
c:\users\Cichon\AppData\Local\05248925\U\800000cf.@
c:\users\Cichon\AppData\Local\05248925\X
c:\windows\assembly\tmp\U
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-26 bis 2011-12-26  ))))))))))))))))))))))))))))))
.
.
2011-12-26 19:54 . 2011-12-26 19:54	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-26 09:33 . 2011-12-26 09:33	--------	d-----w-	C:\_OTL
2011-12-23 20:00 . 2011-12-23 20:00	--------	d-----w-	c:\program files (x86)\ESET
2011-12-23 15:53 . 2011-12-23 15:53	--------	d-----w-	c:\program files\CCleaner
2011-12-23 13:40 . 2011-12-23 13:40	--------	d-----w-	c:\users\Cichon\AppData\Roaming\Malwarebytes
2011-12-23 13:40 . 2011-12-23 13:40	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-23 13:40 . 2011-12-23 13:40	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-23 13:40 . 2011-08-31 16:00	25416	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-23 13:34 . 2011-12-23 13:34	626688	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2011-12-23 13:34 . 2011-12-23 13:34	548864	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2011-12-23 13:34 . 2011-12-23 13:34	479232	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2011-12-23 13:34 . 2011-12-23 13:34	43992	----a-w-	c:\program files (x86)\Mozilla Firefox\mozutils.dll
2011-12-22 17:58 . 2011-12-26 19:53	--------	d-sh--w-	c:\users\Cichon\AppData\Local\05248925
2011-12-20 16:01 . 2011-11-21 11:40	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A2307CC-7504-4FDF-99F3-F22AC65846CD}\mpengine.dll
2011-12-18 09:15 . 2011-12-18 09:15	--------	d-----w-	c:\users\Cichon\AppData\Roaming\Avira
2011-12-18 09:09 . 2011-12-09 11:40	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-12-18 09:09 . 2011-12-09 11:40	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-12-18 09:09 . 2011-12-09 11:40	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-12-18 09:09 . 2011-12-18 09:09	--------	d-----w-	c:\programdata\Avira
2011-12-18 09:09 . 2011-12-18 09:09	--------	d-----w-	c:\program files (x86)\Avira
2011-12-15 15:35 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-15 15:34 . 2011-11-24 04:52	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-12-15 15:34 . 2011-10-15 06:31	723456	----a-w-	c:\windows\system32\EncDec.dll
2011-12-15 15:34 . 2011-10-15 05:38	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-12-15 15:34 . 2011-11-05 05:32	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-15 15:34 . 2011-11-05 04:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-22 17:58 . 2011-05-17 17:34	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-29 16:29 . 2011-11-09 16:45	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-09 258512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
R3 hwmassfilter;HUAWEI Mass Storage Filter Driver;c:\windows\system32\DRIVERS\ewmassfilter.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-09 86224]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 TGCM_ImportWiFiSvc;TGCM_ImportWiFiSvc;c:\program files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [2010-11-11 199600]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-06 08:00]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-06 08:00]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: add to &BOM - c:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Cichon\AppData\Roaming\Mozilla\Firefox\Profiles\esyf0s4s.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://www.t-online.de/
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-26  21:09:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-26 20:09
.
Vor Suchlauf: 10 Verzeichnis(se), 41.703.014.400 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 41.400.881.152 Bytes frei
.
- - End Of File - - C631F3FCECBE6423A37739B0FFB2B052

cosinus · 26.12.2011, 21:28

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

CMPunk · 27.12.2011, 11:34

Log:

Code:

ATTFilter

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-27 10:56:47
-----------------------------
10:56:47.965    OS Version: Windows x64 6.1.7601 Service Pack 1
10:56:47.965    Number of processors: 2 586 0x602
10:56:47.965    ComputerName: CICHON-PC  UserName: Cichon
10:56:49.057    Initialize success
10:58:16.425    AVAST engine defs: 11122700
10:58:28.218    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
10:58:28.234    Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 11
10:58:30.262    Disk 0 MBR read successfully
10:58:30.262    Disk 0 MBR scan
10:58:30.293    Disk 0 Windows VISTA default MBR code
10:58:30.324    Disk 0 Partition 1 00     1C Hidd FAT32 LBA MSDOS5.0    14997 MB offset 2048
10:58:30.340    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        76308 MB offset 30716280
10:58:30.356    Disk 0 Partition - 00     0F Extended LBA            213935 MB offset 186996600
10:58:30.387    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       213935 MB offset 186996663
10:58:30.402    Service scanning
10:58:41.853    Modules scanning
10:58:41.853    Disk 0 trace - called modules:
10:58:41.900    ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys storport.sys hal.dll amdsata.sys 
10:58:41.915    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80037ea060]
10:58:41.931    3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80027e0040]
10:58:41.931    5 amdxata.sys[fffff880010ed917] -> nt!IofCallDriver -> [0xfffffa80027df960]
10:58:41.946    7 ACPI.sys[fffff88000f687a1] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa8003663470]
10:58:43.210    AVAST engine scan C:\Windows
10:58:49.122    AVAST engine scan C:\Windows\system32
11:01:57.992    AVAST engine scan C:\Windows\system32\drivers
11:02:18.459    AVAST engine scan C:\Users\Cichon
11:06:22.225    AVAST engine scan C:\ProgramData
11:07:20.008    Scan finished successfully
11:33:22.148    Disk 0 MBR has been saved successfully to "C:\Users\Cichon\Desktop\MBR.dat"
11:33:22.163    The log file has been saved successfully to "C:\Users\Cichon\Desktop\aswMBR.txt"

cosinus · 27.12.2011, 16:55

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

CMPunk · 29.12.2011, 14:15

MBAM Log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cichon :: CICHON-PC [Administrator]

Schutz: Deaktiviert

29.12.2011 11:46:57
mbam-log-2011-12-29 (11-46-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 312490
Laufzeit: 53 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

SuperAntiSpyware:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/29/2011 at 11:11 AM

Application Version : 5.0.1142

Core Rules Database Version : 8089
Trace Rules Database Version: 5901

Scan type       : Complete Scan
Total Scan Time : 00:50:42

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 513
Memory threats detected   : 0
Registry items scanned    : 70685
Registry threats detected : 0
File items scanned        : 48779
File threats detected     : 91

Adware.Tracking Cookie
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\73NDU03J.txt [ /revsci.net ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\TF1DO43T.txt [ /adbrite.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\ZDENGP2O.txt [ /ads.gamersmedia.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\PMCQFXS0.txt [ /mediatraffic.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\X9KG9K1A.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\6R1FGZ1R.txt [ /realmedia.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\EF8VSY1R.txt [ /vidasco.rotator.hadj7.adjuggler.net ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\BP53CQDR.txt [ /ads.adk2.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\SJP7S1PF.txt [ /imrworldwide.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\2JAI16E3.txt [ /tracking.quisma.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\E41OXW0X.txt [ /ad.zanox.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\YK1N68Z9.txt [ /zanox.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\IHXX8411.txt [ /media6degrees.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\OL7DWJ2G.txt [ /invitemedia.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\N5HO02N7.txt [ /trafficno.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\QMEP6PPF.txt [ /ad.yieldmanager.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\6X5QLQFF.txt [ /atdmt.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\VBF74EUU.txt [ /serving-sys.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\YLNGZPY2.txt [ /tradedoubler.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\YBE3VZW9.txt [ /doubleclick.net ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\96FNPKTQ.txt [ /ads.pubmatic.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\1ONUV2LC.txt [ /adtech.de ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\OPCJL6SZ.txt [ /ad2.adfarm1.adition.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\RJLB98S2.txt [ /unitymedia.de ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\AAXUSF3Z.txt [ /pro-market.net ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\OR0ELFBP.txt [ /network.realmedia.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\AIJX4VQG.txt [ /ad.ad-srv.net ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\6HYIYVM3.txt [ /ox-d.enveromedia.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\C396W9Z6.txt [ /ad.adition.net ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\TLHQLZG4.txt [ /smartadserver.com ]
	C:\Users\Cichon\AppData\Roaming\Microsoft\Windows\Cookies\4PFF2ZQE.txt [ /adfarm1.adition.com ]
	C:\USERS\CICHON\Cookies\TF1DO43T.txt [ Cookie:cichon@adbrite.com/ ]
	C:\USERS\CICHON\Cookies\ZDENGP2O.txt [ Cookie:cichon@ads.gamersmedia.com/ ]
	C:\USERS\CICHON\Cookies\PMCQFXS0.txt [ Cookie:cichon@mediatraffic.com/ ]
	C:\USERS\CICHON\Cookies\X9KG9K1A.txt [ Cookie:cichon@ad3.adfarm1.adition.com/ ]
	C:\USERS\CICHON\Cookies\EF8VSY1R.txt [ Cookie:cichon@vidasco.rotator.hadj7.adjuggler.net/ ]
	C:\USERS\CICHON\Cookies\2JAI16E3.txt [ Cookie:cichon@tracking.quisma.com/ ]
	C:\USERS\CICHON\Cookies\YK1N68Z9.txt [ Cookie:cichon@zanox.com/ ]
	C:\USERS\CICHON\Cookies\IHXX8411.txt [ Cookie:cichon@media6degrees.com/ ]
	C:\USERS\CICHON\Cookies\OL7DWJ2G.txt [ Cookie:cichon@invitemedia.com/ ]
	C:\USERS\CICHON\Cookies\N5HO02N7.txt [ Cookie:cichon@trafficno.com/ ]
	C:\USERS\CICHON\Cookies\QMEP6PPF.txt [ Cookie:cichon@ad.yieldmanager.com/ ]
	C:\USERS\CICHON\Cookies\6X5QLQFF.txt [ Cookie:cichon@atdmt.com/ ]
	C:\USERS\CICHON\Cookies\YLNGZPY2.txt [ Cookie:cichon@tradedoubler.com/ ]
	C:\USERS\CICHON\Cookies\YBE3VZW9.txt [ Cookie:cichon@doubleclick.net/ ]
	C:\USERS\CICHON\Cookies\1ONUV2LC.txt [ Cookie:cichon@adtech.de/ ]
	C:\USERS\CICHON\Cookies\OPCJL6SZ.txt [ Cookie:cichon@ad2.adfarm1.adition.com/ ]
	C:\USERS\CICHON\Cookies\RJLB98S2.txt [ Cookie:cichon@unitymedia.de/ ]
	C:\USERS\CICHON\Cookies\6HYIYVM3.txt [ Cookie:cichon@ox-d.enveromedia.com/ ]
	C:\USERS\CICHON\Cookies\C396W9Z6.txt [ Cookie:cichon@ad.adition.net/ ]
	C:\USERS\CICHON\Cookies\TLHQLZG4.txt [ Cookie:cichon@smartadserver.com/ ]
	C:\USERS\CICHON\Cookies\4PFF2ZQE.txt [ Cookie:cichon@adfarm1.adition.com/ ]
	.xiti.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	delivery.way2traffic.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	delivery.way2traffic.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	delivery.way2traffic.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	delivery.way2traffic.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	delivery.way2traffic.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	counter.hitslink.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wdkywlcjocp.stats.esomniture.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wjkyekczakq.stats.esomniture.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.clickaider.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.apmebf.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.mediaplex.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.zieltrack.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	6.zieltrack.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	ad.zanox.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wjl4wjajweq.stats.esomniture.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.hallvarssonohalvarsson.112.2o7.net [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.carpediscount.fr [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.w3counter.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.politiken.112.2o7.net [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	media-manager.ksk-koeln.de [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wjk4wicjsgo.stats.esomniture.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.philips.112.2o7.net [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	stat.dealtime.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6wnkoeldpalp.stats.esomniture.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.tracking.quisma.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]
	.e-2dj6walyaidzsep.stats.esomniture.com [ C:\USERS\CICHON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ESYF0S4S.DEFAULT\COOKIES.SQLITE ]

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9873d9c3ac3994419980da96ab347f49
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-29 01:08:54
# local_time=2011-12-29 02:08:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 963958 963958 0 0
# compatibility_mode=5893 16776574 66 94 586632 76789599 0 0
# compatibility_mode=8192 67108863 100 0 492890 492890 0 0
# scanned=147634
# found=4
# cleaned=0
# scan_time=4385
C:\Qoobox\Quarantine\C\Users\Cichon\AppData\Local\05248925\X.vir	Win64/Sirefef.N trojan (unable to clean)	00000000000000000000000000000000	I
C:\Qoobox\Quarantine\C\Users\Cichon\AppData\Local\05248925\U\80000000.@.vir	Win64/Sirefef.P trojan (unable to clean)	00000000000000000000000000000000	I
C:\Qoobox\Quarantine\C\Users\Cichon\AppData\Local\05248925\U\800000cb.@.vir	Win64/Sirefef.M trojan (unable to clean)	00000000000000000000000000000000	I
C:\Qoobox\Quarantine\C\Users\Cichon\AppData\Local\05248925\U\800000cf.@.vir	Win64/Sirefef.O trojan (unable to clean)	00000000000000000000000000000000	I

24.12.2011, 15:19	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Browser öffnet automatisch Tab Wozu ein neuer Strang? Ist das ein anderer Rechner? __________________ __________________

Browser öffnet automatisch Tab

Log-Analyse und Auswertung: Browser öffnet automatisch Tab