50 Euro Virus

A.Vidal · 01.01.2012, 16:05

Hallo, Trojaner-Board,
ich habe vor geraumer Zeit ein Video in einem online-video-portal angeschaut, als ich auf "Play" drückte wurde mein Bildschirm schwarz und es erschien der 50 Euro-Virus.
Ich besitze einen Windows XP und kann meinen PC im abesicherten Modus starten, ohne dass sich der Virus öffnet.
Ich habe die Schritte vom Thema "Alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?" befolgt.

Schritt 1 ausgeführt

Schritt 2: OTL.txt

Code:

ATTFilter

OTL logfile created on: 01.01.2012 14:52:31 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Felix\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 812,09 Mb Available Physical Memory | 79,35% Memory free
2,40 Gb Paging File | 2,33 Gb Available in Paging File | 96,78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 9,77 Gb Total Space | 0,16 Gb Free Space | 1,65% Space Free | Partition Type: NTFS
Drive D: | 69,34 Gb Total Space | 26,94 Gb Free Space | 38,85% Space Free | Partition Type: NTFS
Drive E: | 69,94 Gb Total Space | 57,10 Gb Free Space | 81,65% Space Free | Partition Type: NTFS
 
Computer Name: FELIX-7EE248200 | User Name: Felix | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.01 14:49:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Felix\Desktop\OTL.exe
PRC - [2008.01.12 20:26:24 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.03.31 22:30:12 | 000,473,704 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nvShell.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.07.21 19:21:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.19 12:00:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.18 15:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- E:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.07.14 20:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Stopped] -- C:\Programme\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2006.06.01 20:06:00 | 000,483,397 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2006.06.01 20:06:00 | 000,241,731 | ---- | M] (Raxco Software, Inc.) [Auto | Stopped] -- C:\Programme\Raxco\PerfectDisk\PDSched.exe -- (PDSched)
SRV - [2002.03.19 11:15:46 | 000,036,864 | ---- | M] (D-Link) [Auto | Stopped] -- C:\Programme\WZCBDL Service\WZCBDLS.exe -- (WZCBDLService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.21 19:21:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.21 19:21:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.03.26 11:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.11.18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.06.12 16:21:40 | 000,500,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.21 14:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009.04.09 12:38:32 | 000,110,592 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 12:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 12:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 12:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 12:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 12:38:32 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2006.06.01 20:06:00 | 000,061,920 | ---- | M] (Raxco Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\defrag32b.sys -- (Defrag32b)
DRV - [2006.06.01 20:06:00 | 000,061,920 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\defrag32.sys -- (Defrag32)
DRV - [2006.04.24 10:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.03.22 07:24:02 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.22 07:24:00 | 000,052,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.03.15 16:04:00 | 000,161,792 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov530vid.sys -- (ovt530)
DRV - [2005.02.23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.05.05 21:17:28 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003.04.10 18:44:00 | 000,636,502 | R--- | M] (Intersil Americas Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMUSB.sys -- (PRISM_USB)
DRV - [2002.09.27 17:21:26 | 000,022,912 | ---- | M] (D-Link Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\NIOC.sys -- (NIOC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=244506&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: koyotesoft@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:3.0.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=244506&p="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: D:\Programme\Mozilla\components [2011.12.21 21:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: D:\Programme\Mozilla\plugins [2011.12.21 21:12:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Programme\Mein Gutscheincode Finder\Firefox [2011.07.15 23:48:42 | 000,000,000 | ---D | M]
 
[2010.05.08 11:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Extensions
[2012.01.01 03:35:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions
[2010.07.26 19:26:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.18 18:19:14 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.08 22:19:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.07 16:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.09.25 15:23:08 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\vshare@toolbar
[2011.10.07 16:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2010.06.13 17:28:39 | 000,002,253 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\searchplugins\askcom.xml
[2010.07.28 23:37:18 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\searchplugins\conduit.xml
[2011.12.20 10:19:09 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
[2010.05.08 10:16:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.12.20 10:19:09 | 000,000,000 | ---D | M] (Koyote Soft Toolbar) -- C:\PROGRAMME\KOYOTE SOFT TOOLBAR\FF
[2011.07.15 23:48:42 | 000,000,000 | ---D | M] (preisspion.de) -- C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX
[2010.09.17 20:41:23 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe (D-Link)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [PlusService] d:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [iexploer.exe] C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Microsoft\Internet Explorer\iexploer.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Image Transfer.lnk = E:\Programme\Sony Corporation\Image Transfer\SonyTray.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk = C:\Programme\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\FIFA 10-Registrierung.lnk = D:\Programme\EA SPORTS\Fussball Manager 2004\Support\EAregister.exe (Leader Technologies)
O4 - Startup: C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O4 - Startup: C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7510E3E9-5DE7-4ED6-B9E2-8B5525C9260A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.06 09:39:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.09.28 14:09:47 | 000,000,000 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (pdboot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.01 14:49:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Felix\Desktop\OTL.exe
[2012.01.01 14:37:54 | 000,000,000 | ---D | C] -- D:\Trojaner-Board-Hilfe
[2012.01.01 14:07:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011.12.30 17:04:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Felix\Recent
[2011.12.20 10:19:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings
[2011.12.20 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2011.12.20 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Koyote Soft Toolbar
[2011.12.20 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2011.12.20 10:18:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.01 14:49:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Felix\Desktop\OTL.exe
[2012.01.01 14:47:34 | 000,010,113 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Desktop\hilfe.odt
[2012.01.01 14:44:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.01 14:41:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.01 14:39:35 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\defogger_reenable
[2012.01.01 13:59:12 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011.12.18 14:48:44 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\FIFA 10-Registrierung.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.01 14:44:45 | 000,010,113 | ---- | C] () -- C:\Dokumente und Einstellungen\Felix\Desktop\hilfe.odt
[2012.01.01 14:39:35 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Felix\defogger_reenable
[2010.12.31 01:23:31 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010.11.06 22:15:56 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010.11.04 23:12:24 | 000,000,439 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010.06.13 17:36:24 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.05.27 07:53:21 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2010.05.08 16:40:53 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.08 11:05:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.06 10:41:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2010.05.06 10:41:57 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2010.05.06 10:41:57 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2010.05.06 10:29:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.05.06 10:28:23 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.05.06 10:12:33 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.05.06 10:06:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.06 10:06:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.05.06 09:42:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.05.06 09:36:41 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.05.06 09:36:01 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4
[2008.01.12 20:28:16 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2004.08.04 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 12:00:00 | 000,458,822 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 12:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 12:00:00 | 000,084,326 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 12:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 12:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.06.09 12:07:30 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\DevCtrl.dll
 
========== LOP Check ==========
 
[2010.05.08 10:20:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2010.06.13 17:36:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.08.02 13:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI
[2010.05.08 12:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2010.05.06 10:41:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver
[2010.09.16 19:24:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2011.05.20 14:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.08 10:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\ACD Systems
[2010.06.13 17:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Canneverbe Limited
[2011.07.25 22:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoft
[2011.07.25 22:55:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.07.15 23:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FFP
[2010.11.06 22:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FreeAudioPack
[2010.11.06 22:17:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FreeCDRipper
[2011.07.15 23:21:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FreeFLVConverter
[2011.08.21 15:32:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\GetRightToGo
[2011.06.18 18:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\gtk-2.0
[2011.02.06 20:08:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\JavaEditor
[2011.07.15 23:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Koyote Soft
[2010.05.08 21:59:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Leadertech
[2010.05.08 10:21:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\OpenOffice.org
[2011.12.30 17:04:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\PriceGong
[2010.11.06 00:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\QuickStoresToolbar
[2011.12.20 10:19:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings
[2011.11.18 21:48:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\temp
[2010.09.16 19:25:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.12.20 18:57:15 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010.05.06 09:44:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.05.27 07:53:20 | 000,000,000 | ---D | M] -- C:\Drivers
[2011.01.01 20:05:12 | 000,000,000 | ---D | M] -- C:\Games
[2010.05.06 10:12:26 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.12.20 10:19:03 | 000,000,000 | R--D | M] -- C:\Programme
[2010.05.08 09:04:17 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.05.06 09:44:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.01 14:07:41 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2004.08.04 12:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\system32\dllcache\afd.sys
[2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\system32\drivers\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2008.01.12 20:26:24 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\ipsec.sys
[2004.08.04 12:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\system32\drivers\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2004.08.04 12:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2004.08.04 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 12:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2010.05.02 08:54:39 | 001,860,096 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-14 23:27:48
 
<           >

< End of report >

Extras.Txt

Code:

ATTFilter

OTL Extras logfile created on: 01.01.2012 14:52:31 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Felix\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 812,09 Mb Available Physical Memory | 79,35% Memory free
2,40 Gb Paging File | 2,33 Gb Available in Paging File | 96,78% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 9,77 Gb Total Space | 0,16 Gb Free Space | 1,65% Space Free | Partition Type: NTFS
Drive D: | 69,34 Gb Total Space | 26,94 Gb Free Space | 38,85% Space Free | Partition Type: NTFS
Drive E: | 69,94 Gb Total Space | 57,10 Gb Free Space | 81,65% Space Free | Partition Type: NTFS
 
Computer Name: FELIX-7EE248200 | User Name: Felix | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "D:\Programme\acdsee\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Metin2\metin2.bin" = D:\Programme\Metin2\metin2.bin:*:Enabled:metin2 -- ()
"D:\Programme\Metin2\metin2client.bin" = D:\Programme\Metin2\metin2client.bin:*:Enabled:metin2client -- ()
"D:\PES 2010\pes2010.exe" = D:\PES 2010\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)
"C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Temp\Update_adc7.exe" = C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Temp\Update_adc7.exe:*:Enabled:InstallCore™
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C47AB7-0EFA-4804-BCFC-63DD27698B89}" = Stunt GP Demo
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 9.19b, 2010.01.31
"{6E5BC38E-F22B-4197-00A2-CD8E58EF139C}" = Fussball Manager 2004
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A50B4F2-7723-4291-B0AF-E9052CDE0720}" = Koyote Soft Toolbar v4.9
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A250D351-A07F-4D5D-AB6C-693C69B9BFAF}" = Hercules Webcam
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C190CB55-817E-4713-84F4-0BBB8961CED9}" = PerfectDisk
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D208F4A7-6B73-4C2A-8B1E-8756FCBA831E}" = Hercules WebCam Station
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAB1F336-1B7C-4057-A7BC-2922CD82A781}" = Ralink RT6x Wireless LAN Card
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"aTube Catcher" = aTube Catcher
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"conduitEngine" = Conduit Engine 
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.93
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.11.5.722
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service
"InstallShield_{2CA94ED4-F38D-44B4-A79D-E5835E276EFC}" = Air USB Utility
"InstallShield_{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"MP3-Cutter" = MP3-Cutter
"MSXML3SP7" = Microsoft XML Parser 3 SP7
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Q936181" = Sicherheitsupdate für MSXML 4.0 SP2 - KB936181
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"WIC" = Windows Imaging Component
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMP11" = Windows Media Player 11 Slipstream
"WUV30" = Windows Update Agent 3.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"gamealarm-DEFAULT" = Game Alarm
"sc11-DE_SEVENONE_MAIN" = Big Pizza Ski Challenge 11
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.12.2011 06:45:45 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 29.12.2011 08:37:22 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 29.12.2011 16:47:38 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 30.12.2011 08:42:08 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 30.12.2011 12:01:32 | Computer Name = FELIX-7EE248200 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.21256, stamp 4bc5e577,
 faulting module conversiononeie.dll, version 1.0.0.0, stamp 4e01d9de, debug? 0,
 fault address 0x0000a61a.
 
Error - 31.12.2011 10:35:23 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 31.12.2011 17:14:12 | Computer Name = FELIX-7EE248200 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.4363,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.3520, Fehleradresse 0x0000100b.
 
Error - 31.12.2011 22:11:18 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 01.01.2012 08:53:20 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 01.01.2012 09:01:30 | Computer Name = FELIX-7EE248200 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 28.11.2011 10:45:37 | Computer Name = FELIX-7EE248200 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "unacev2.dll" auf Volume "HarddiskVolume1"
 ist im Wiederherstellungsfilter der unerwartete Fehler "0xC000007F" aufgetreten.
 Die Volumeüberwachung wurde angehalten.
 
Error - 05.12.2011 08:20:06 | Computer Name = FELIX-7EE248200 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "aerdl.dll" auf Volume "HarddiskVolume1"
 ist im Wiederherstellungsfilter der unerwartete Fehler "0xC000007F" aufgetreten.
 Die Volumeüberwachung wurde angehalten.
 
Error - 01.01.2012 09:09:50 | Computer Name = FELIX-7EE248200 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 01.01.2012 09:09:56 | Computer Name = FELIX-7EE248200 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   avgio  avipbb  Fips  Processor  ssmdrv
 
Error - 01.01.2012 09:37:35 | Computer Name = FELIX-7EE248200 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 01.01.2012 09:37:42 | Computer Name = FELIX-7EE248200 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 01.01.2012 09:44:08 | Computer Name = FELIX-7EE248200 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 01.01.2012 09:44:14 | Computer Name = FELIX-7EE248200 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   avgio  avipbb  Fips  Processor  ssmdrv
 
 
< End of report >

Schritt 3:
GMER: Hasn´t found any system modification
Nach dem Scann habe ich auf "Save" geklickt und auf dem Desktop unter GMER.txt gespeichert, jedoch ist dieser leer.

Danke im vorraus und mfG A.Vidal

cosinus · 02.01.2012, 16:21

Zitat:

Boot Mode: SafeMode with Networking |

na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

A.Vidal · 04.01.2012, 20:31

Hier sind die Ergebnisse von MalewareBytes :

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.03.04

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Felix :: FELIX-7EE248200 [administrator]

Protection: Disabled

03.01.2012 21:40:29
mbam-log-2012-01-03 (21-40-29).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237073
Time elapsed: 42 minute(s), 31 second(s)

Memory Processes Detected: 1
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Microsoft\Internet Explorer\iexploer.exe (Trojan.Agent) -> 2040 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iexploer.exe (Trojan.Agent) -> Data: C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Microsoft\Internet Explorer\iexploer.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Microsoft\Internet Explorer\iexploer.exe (Trojan.Agent) -> Delete on reboot.

(end)

Hier die Ergebnisse des online-scanns

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=7.00.6000.21256 (vista_ldr.100414-0533)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=381b53d83ccc774eb598a8baf822aeec
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-04 07:19:04
# local_time=2012-01-04 08:19:04 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775126 100 93 321285 62238280 183407 0
# compatibility_mode=8192 67108863 100 0 3759 3759 0 0
# scanned=79990
# found=13
# cleaned=0
# scan_time=3325
C:\Programme\Application Updater\ApplicationUpdater.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
D:\Mp3 to WMA Converter.exe	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\Programme\MsgPlusLive-484.exe	a variant of Win32/MessengerPlus application (unable to clean)	00000000000000000000000000000000	I
D:\Programme\msn messenger.exe	a variant of Win32/Adware.CiDHelp application (unable to clean)	00000000000000000000000000000000	I
D:\Programme\Setup19_FreeConverter.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I

mfG A.Vidal.

cosinus · 04.01.2012, 21:53

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Zitat:

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13

Warum meidest du essentielle Updates wie das SP3 und den IE8 für WindowsXP?

A.Vidal · 05.01.2012, 14:14

Bisher habe ich noch keinen MalewareByte-scann durchgeführt, dies war der erste.
Ich habe kein Internetexplorer-update, da ich stets Firefox benutze, lediglich zum downloaden von Dateien aus dem Internet, benutze ich den Internetexplorer, da ich beim Download über Mozilla nicht den gewünschten Speicherort festlegen kann, den Internetexplorer habe ich wie gesagt nur zum downloaden.

Ich konnte bisher nicht den "normalen Modus" starten, da sofort der Virus auf meinem Bildschirm erschien, doch nun erscheint der Virus nichtmehr wenn ich den "normalen Modus" starte. Sind die Viren bereits gelöscht ? - oder besteht immernoch die Möglichkeit, dass die Viren weiterhin auf meinem PC sind und sollte deswegen lieber weiterhin im abgesicherten Modus arbeiten ?

Sollte ich alle gespeicherten Passwörter erneuern ?

Vielen Dank schonmal für die Hilfe bis hierher

mfG A.Vidal

cosinus · 05.01.2012, 15:30

Zitat:

Ich habe kein Internetexplorer-update, da ich stets Firefox benutze,

Diese Ausreden liest man leider häufiger. Erklärt aber nicht warum du das SP3 auch noch weglässt.

Zum IE, auch bei Nichtbenutzung muss dieser so aktuell wie möglich sein. Der IE ist fester Bestandteil von Windows, IE und Windows sind miteinander verflochten, Sicherheitskücken im IE wirken sich u.U. direkt in Windows aus auch dann wenn du kein IE-Fenster geöffnet hast

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

A.Vidal · 05.01.2012, 19:50

Hier der OTL-SCANN

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.01.2012 19:44:41 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Felix\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 813,75 Mb Available Physical Memory | 79,51% Memory free
2,40 Gb Paging File | 2,33 Gb Available in Paging File | 96,77% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 9,77 Gb Total Space | 0,34 Gb Free Space | 3,44% Space Free | Partition Type: NTFS
Drive D: | 69,34 Gb Total Space | 26,92 Gb Free Space | 38,82% Space Free | Partition Type: NTFS
Drive E: | 69,94 Gb Total Space | 57,10 Gb Free Space | 81,65% Space Free | Partition Type: NTFS
 
Computer Name: FELIX-7EE248200 | User Name: Felix | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.01 14:49:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Felix\Desktop\OTL.exe
PRC - [2010.09.20 22:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2008.01.12 20:26:24 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Trojaner-Board-Hilfe\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.07.21 19:21:04 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.19 12:00:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.18 15:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Stopped] -- E:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.07.14 20:53:00 | 000,185,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Stopped] -- C:\Programme\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2009.04.20 16:20:30 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2006.06.01 20:06:00 | 000,483,397 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Programme\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)
SRV - [2006.06.01 20:06:00 | 000,241,731 | ---- | M] (Raxco Software, Inc.) [Auto | Stopped] -- C:\Programme\Raxco\PerfectDisk\PDSched.exe -- (PDSched)
SRV - [2002.03.19 11:15:46 | 000,036,864 | ---- | M] (D-Link) [Auto | Stopped] -- C:\Programme\WZCBDL Service\WZCBDLS.exe -- (WZCBDLService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.07.21 19:21:06 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.21 19:21:06 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.03.26 11:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.11.18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.06.12 16:21:40 | 000,500,096 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61)
DRV - [2009.05.11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.21 14:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2009.04.09 12:38:32 | 000,110,592 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 12:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 12:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 12:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 12:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 12:38:32 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2006.06.01 20:06:00 | 000,061,920 | ---- | M] (Raxco Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\defrag32b.sys -- (Defrag32b)
DRV - [2006.06.01 20:06:00 | 000,061,920 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\defrag32.sys -- (Defrag32)
DRV - [2006.04.24 10:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.03.22 07:24:02 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.22 07:24:00 | 000,052,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.03.15 16:04:00 | 000,161,792 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ov530vid.sys -- (ovt530)
DRV - [2005.02.23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.05.05 21:17:28 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2003.04.10 18:44:00 | 000,636,502 | R--- | M] (Intersil Americas Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMUSB.sys -- (PRISM_USB)
DRV - [2002.09.27 17:21:26 | 000,022,912 | ---- | M] (D-Link Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\NIOC.sys -- (NIOC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=244506&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: koyotesoft@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:3.0.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=244506&p="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: D:\Programme\Mozilla\components [2011.12.21 21:12:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: D:\Programme\Mozilla\plugins [2011.12.21 21:12:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Programme\Mein Gutscheincode Finder\Firefox [2011.07.15 23:48:42 | 000,000,000 | ---D | M]
 
[2010.05.08 11:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Extensions
[2012.01.04 23:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions
[2010.07.26 19:26:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.18 18:19:14 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.08 22:19:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.07 16:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.09.25 15:23:08 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\vshare@toolbar
[2011.10.07 16:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions
[2010.06.13 17:28:39 | 000,002,253 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\searchplugins\askcom.xml
[2010.07.28 23:37:18 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\searchplugins\conduit.xml
[2011.12.20 10:19:09 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
[2010.05.08 10:16:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.12.20 10:19:09 | 000,000,000 | ---D | M] (Koyote Soft Toolbar) -- C:\PROGRAMME\KOYOTE SOFT TOOLBAR\FF
[2011.07.15 23:48:42 | 000,000,000 | ---D | M] (preisspion.de) -- C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX
[2010.09.17 20:41:23 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAMME\MOZILLA\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Device Detector] DevDetect.exe -autorun File not found
O4 - HKLM..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe (D-Link)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [PlusService] d:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [iexploer.exe] C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Microsoft\Internet Explorer\iexploer.exe File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Image Transfer.lnk = E:\Programme\Sony Corporation\Image Transfer\SonyTray.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Ralink Wireless Utility.lnk = C:\Programme\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O4 - Startup: C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\FIFA 10-Registrierung.lnk = D:\Programme\EA SPORTS\Fussball Manager 2004\Support\EAregister.exe (Leader Technologies)
O4 - Startup: C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\Game Alarm.lnk = C:\Games\Game Alarm\gamealarm.exe (Europe Support Ltd. N.V.)
O4 - Startup: C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to iPhone Converter - C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoiphoneconverter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7510E3E9-5DE7-4ED6-B9E2-8B5525C9260A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.06 09:39:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.09.28 14:09:47 | 000,000,000 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (pdboot.exe)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - 
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\WINDOWS\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.05 19:35:35 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Felix\Recent
[2012.01.04 19:21:05 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.01.03 21:31:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Malwarebytes
[2012.01.03 21:31:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.01.03 21:31:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.01.03 21:31:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.01.03 21:27:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Free Download Manager
[2012.01.03 21:26:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Free Download Manager
[2012.01.01 14:49:26 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Felix\Desktop\OTL.exe
[2012.01.01 14:37:54 | 000,000,000 | ---D | C] -- D:\Trojaner-Board-Hilfe
[2012.01.01 14:07:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011.12.20 10:19:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings
[2011.12.20 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2011.12.20 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Koyote Soft Toolbar
[2011.12.20 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2011.12.20 10:18:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.05 16:49:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.05 16:47:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.05 13:37:10 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012.01.05 00:12:12 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.04 20:32:27 | 000,015,576 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Desktop\hilfe.odt
[2012.01.03 21:36:50 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Startmenü\Programme\Autostart\FIFA 10-Registrierung.lnk
[2012.01.01 16:00:19 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Desktop\gmer.text
[2012.01.01 15:09:57 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Desktop\1xydh0wf.exe
[2012.01.01 14:49:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Felix\Desktop\OTL.exe
[2012.01.01 14:39:35 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\defogger_reenable
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.01 16:00:19 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Felix\Desktop\gmer.text
[2012.01.01 15:09:57 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Felix\Desktop\1xydh0wf.exe
[2012.01.01 14:44:45 | 000,015,576 | ---- | C] () -- C:\Dokumente und Einstellungen\Felix\Desktop\hilfe.odt
[2012.01.01 14:39:35 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Felix\defogger_reenable
[2010.12.31 01:23:31 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2010.11.06 22:15:56 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010.11.04 23:12:24 | 000,000,439 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010.06.13 17:36:24 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.05.27 07:53:21 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2010.05.08 16:40:53 | 000,020,992 | ---- | C] () -- C:\Dokumente und Einstellungen\Felix\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.08 11:05:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.05.06 10:41:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2010.05.06 10:41:57 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2010.05.06 10:41:57 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2010.05.06 10:29:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.05.06 10:28:23 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.05.06 10:12:33 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.05.06 10:06:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.05.06 10:06:55 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.05.06 09:42:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.05.06 09:36:41 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.05.06 09:36:01 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2009.04.09 12:44:42 | 000,108,066 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4
[2008.01.12 20:28:16 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2004.08.04 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 12:00:00 | 000,458,822 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 12:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 12:00:00 | 000,084,326 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 12:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 12:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.06.09 12:07:30 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\DevCtrl.dll
 
========== LOP Check ==========
 
[2010.05.08 10:20:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2010.06.13 17:36:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2010.08.02 13:55:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI
[2010.05.08 12:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2010.05.06 10:41:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ralink Driver
[2010.09.16 19:24:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2011.05.20 14:12:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.08 10:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\ACD Systems
[2010.06.13 17:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Canneverbe Limited
[2011.07.25 22:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoft
[2011.07.25 22:55:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.07.15 23:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FFP
[2012.01.03 21:27:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Free Download Manager
[2010.11.06 22:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FreeAudioPack
[2010.11.06 22:17:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FreeCDRipper
[2011.07.15 23:21:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FreeFLVConverter
[2011.08.21 15:32:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\GetRightToGo
[2011.06.18 18:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\gtk-2.0
[2011.02.06 20:08:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\JavaEditor
[2011.07.15 23:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Koyote Soft
[2010.05.08 21:59:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Leadertech
[2010.05.08 10:21:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\OpenOffice.org
[2012.01.05 14:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\PriceGong
[2010.11.06 00:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\QuickStoresToolbar
[2011.12.20 10:19:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings
[2011.11.18 21:48:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\temp
[2010.09.16 19:25:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Vodafone
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.08 10:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\ACD Systems
[2010.05.26 12:50:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Adobe
[2010.05.08 16:55:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\AdobeUM
[2011.05.20 14:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Apple Computer
[2011.02.25 17:39:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\ArcSoft
[2010.05.06 09:58:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Avira
[2010.06.13 17:36:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Canneverbe Limited
[2011.07.25 22:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoft
[2011.07.25 22:55:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.07.15 23:33:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FFP
[2010.09.16 19:31:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FLEXnet
[2012.01.03 21:27:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Free Download Manager
[2010.11.06 22:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FreeAudioPack
[2010.11.06 22:17:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FreeCDRipper
[2011.07.15 23:21:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\FreeFLVConverter
[2011.08.21 15:32:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\GetRightToGo
[2011.06.18 18:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\gtk-2.0
[2010.11.04 23:18:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Help
[2010.05.06 09:44:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Identities
[2010.05.06 10:41:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\InstallShield
[2011.02.06 20:08:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\JavaEditor
[2011.07.15 23:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Koyote Soft
[2010.05.08 21:59:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Leadertech
[2010.05.06 09:52:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Macromedia
[2012.01.03 21:31:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Malwarebytes
[2011.01.12 13:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Media Player Classic
[2010.12.07 15:51:49 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Microsoft
[2010.05.08 11:05:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla
[2010.06.13 17:19:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Nero
[2010.05.08 10:21:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\OpenOffice.org
[2012.01.05 14:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\PriceGong
[2010.11.06 00:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\QuickStoresToolbar
[2011.12.20 10:19:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings
[2010.05.09 13:41:56 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\SecuROM
[2010.05.08 10:16:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Sun
[2011.11.18 21:48:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\temp
[2010.09.16 19:25:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Vodafone
 
< %APPDATA%\*.exe /s >
[2010.11.04 23:09:38 | 000,715,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\QuickStoresToolbar\unins000.exe
[2010.07.13 11:33:40 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\QuickStoresToolbar\Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.12 20:39:01 | 016,774,331 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.12 20:39:01 | 016,774,331 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2004.08.04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2004.08.04 12:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2004.08.04 12:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: NVATA.SYS  >
[2006.04.24 10:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvata.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2004.08.04 12:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.12 20:27:43 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\system32\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2004.08.04 12:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 12:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2010.05.06 11:27:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.05.06 11:27:19 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.05.06 11:27:19 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
<           >

< End of report >

--- --- ---

mfG A.Vidal

cosinus · 05.01.2012, 21:58

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\..\URLSearchHook: {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=244506&ilc=12"
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: koyotesoft@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.9
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:3.0.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=244506&p="
[2010.08.18 18:19:14 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.08 22:19:22 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.09.25 15:23:08 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\vshare@toolbar
[2010.06.13 17:28:39 | 000,002,253 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\searchplugins\askcom.xml
[2010.07.28 23:37:18 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\searchplugins\conduit.xml
[2011.12.20 10:19:09 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM
[2011.12.20 10:19:09 | 000,000,000 | ---D | M] (Koyote Soft Toolbar) -- C:\PROGRAMME\KOYOTE SOFT TOOLBAR\FF
[2011.07.15 23:48:42 | 000,000,000 | ---D | M] (preisspion.de) -- C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX
O2 - BHO: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Koyote Soft Toolbar) - {1E864EAC-892F-4A60-8C17-63123FD5731C} - C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [PlusService] d:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [iexploer.exe] C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Microsoft\Internet Explorer\iexploer.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.06 09:39:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.09.28 14:09:47 | 000,000,000 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\Shell - "" = AutoRun
O33 - MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
[2011.12.20 10:19:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings
[2011.12.20 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Spigot
[2011.12.20 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Koyote Soft Toolbar
[2011.12.20 10:19:03 | 000,000,000 | ---D | C] -- C:\Programme\Application Updater
[2012.01.05 14:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\PriceGong
[2010.11.06 00:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\QuickStoresToolbar
[2011.12.20 10:19:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings

:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

A.Vidal · 05.01.2012, 22:41

Hier das Ergebnis:

Code:

ATTFilter

All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Programme\Application Updater\ApplicationUpdater.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1E864EAC-892F-4A60-8C17-63123FD5731C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ deleted successfully.
C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll moved successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "chr-greentree_ff&type=244506&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: vshare@toolbar:1.0.0 removed from extensions.enabledItems
Prefs.js: koyotesoft@mybrowserbar.com:4.9 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.9 removed from extensions.enabledItems
Prefs.js: finder@meingutscheincode.de:3.0.2 removed from extensions.enabledItems
Prefs.js: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.6 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=244506&p=" removed from keyword.URL
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\vshare@toolbar\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\vshare@toolbar\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\extensions\vshare@toolbar folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\searchplugins\askcom.xml moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Mozilla\Firefox\Profiles\bfdh1rq7.default\searchplugins\conduit.xml moved successfully.
C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAMME\KOYOTE SOFT TOOLBAR\FF\chrome\skin folder moved successfully.
C:\PROGRAMME\KOYOTE SOFT TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.
C:\PROGRAMME\KOYOTE SOFT TOOLBAR\FF\chrome\locale folder moved successfully.
C:\PROGRAMME\KOYOTE SOFT TOOLBAR\FF\chrome\content folder moved successfully.
C:\PROGRAMME\KOYOTE SOFT TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAMME\KOYOTE SOFT TOOLBAR\FF folder moved successfully.
C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX\chrome\skin folder moved successfully.
C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX\chrome\content\vendor folder moved successfully.
C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX\chrome\content\lib folder moved successfully.
C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX\chrome\content folder moved successfully.
C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX\chrome folder moved successfully.
C:\PROGRAMME\MEIN GUTSCHEINCODE FINDER\FIREFOX folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ not found.
File C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED16E0A-E8C4-40A0-8BC2-79485D21F796}\ deleted successfully.
C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Programme\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1E864EAC-892F-4A60-8C17-63123FD5731C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E864EAC-892F-4A60-8C17-63123FD5731C}\ not found.
File C:\Programme\Koyote Soft Toolbar\IE\4.9\koyotesoftToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PlusService deleted successfully.
d:\Programme\Yuna Software\Messenger Plus!\PlusService.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iexploer.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
E:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1ca75df-c1bf-11df-ab26-000fea5b6e6d}\ not found.
File G:\setup_vmc_lite.exe /checkApplicationPresence not found.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings\temp folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings\res folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Res folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\Lang folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings folder moved successfully.
C:\Programme\Gemeinsame Dateien\Spigot folder moved successfully.
C:\Programme\Koyote Soft Toolbar\Res\Lang folder moved successfully.
C:\Programme\Koyote Soft Toolbar\Res folder moved successfully.
C:\Programme\Koyote Soft Toolbar\IE\4.9 folder moved successfully.
C:\Programme\Koyote Soft Toolbar\IE folder moved successfully.
C:\Programme\Koyote Soft Toolbar folder moved successfully.
C:\Programme\Application Updater folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\PriceGong\Data folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\PriceGong folder moved successfully.
C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\QuickStoresToolbar folder moved successfully.
Folder C:\Dokumente und Einstellungen\Felix\Anwendungsdaten\Search Settings\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Felix
->Temp folder emptied: 24521852 bytes
->Temporary Internet Files folder emptied: 1049839 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 45040497 bytes
->Flash cache emptied: 6943 bytes
 
User: LocalService
->Temp folder emptied: 66619 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114764 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 70,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01052012_223350

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

mfG A.Vidal =)

cosinus · 05.01.2012, 23:01

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

A.Vidal · 05.01.2012, 23:36

Hier der Scann des TDSS-Killer :

Code:

ATTFilter

23:26:08.0562 3312	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
23:26:08.0671 3312	============================================================
23:26:08.0671 3312	Current date / time: 2012/01/05 23:26:08.0671
23:26:08.0671 3312	SystemInfo:
23:26:08.0671 3312	
23:26:08.0671 3312	OS Version: 5.1.2600 ServicePack: 2.0
23:26:08.0671 3312	Product type: Workstation
23:26:08.0671 3312	ComputerName: FELIX-7EE248200
23:26:08.0671 3312	UserName: Felix
23:26:08.0671 3312	Windows directory: C:\WINDOWS
23:26:08.0671 3312	System windows directory: C:\WINDOWS
23:26:08.0671 3312	Processor architecture: Intel x86
23:26:08.0671 3312	Number of processors: 1
23:26:08.0671 3312	Page size: 0x1000
23:26:08.0671 3312	Boot type: Normal boot
23:26:08.0671 3312	============================================================
23:26:09.0796 3312	Initialize success
23:28:14.0687 3900	============================================================
23:28:14.0687 3900	Scan started
23:28:14.0687 3900	Mode: Manual; SigCheck; TDLFS; 
23:28:14.0687 3900	============================================================
23:28:14.0906 3900	Abiosdsk - ok
23:28:14.0921 3900	abp480n5 - ok
23:28:14.0984 3900	ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:28:15.0953 3900	ACPI - ok
23:28:16.0093 3900	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
23:28:16.0250 3900	ACPIEC - ok
23:28:16.0328 3900	adpu160m - ok
23:28:16.0375 3900	aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
23:28:16.0703 3900	aec - ok
23:28:16.0796 3900	Afc             (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
23:28:16.0796 3900	Afc ( UnsignedFile.Multi.Generic ) - warning
23:28:16.0796 3900	Afc - detected UnsignedFile.Multi.Generic (1)
23:28:16.0843 3900	AFD             (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
23:28:16.0890 3900	AFD - ok
23:28:16.0921 3900	Aha154x - ok
23:28:16.0953 3900	aic78u2 - ok
23:28:17.0015 3900	aic78xx - ok
23:28:17.0062 3900	AliIde - ok
23:28:17.0156 3900	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
23:28:17.0343 3900	Ambfilt - ok
23:28:17.0437 3900	amsint - ok
23:28:17.0500 3900	Arp1394         (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:28:17.0625 3900	Arp1394 - ok
23:28:17.0734 3900	asc - ok
23:28:17.0750 3900	asc3350p - ok
23:28:17.0781 3900	asc3550 - ok
23:28:17.0828 3900	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:28:17.0968 3900	AsyncMac - ok
23:28:18.0125 3900	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:28:18.0265 3900	atapi - ok
23:28:18.0328 3900	Atdisk - ok
23:28:18.0406 3900	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:28:18.0531 3900	Atmarpc - ok
23:28:18.0593 3900	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:28:18.0734 3900	audstub - ok
23:28:18.0796 3900	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
23:28:18.0812 3900	avgio - ok
23:28:18.0906 3900	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:28:18.0921 3900	avgntflt - ok
23:28:18.0968 3900	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:28:19.0000 3900	avipbb - ok
23:28:19.0031 3900	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:28:19.0171 3900	Beep - ok
23:28:19.0265 3900	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:28:19.0406 3900	cbidf2k - ok
23:28:19.0453 3900	CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:28:19.0593 3900	CCDECODE - ok
23:28:19.0656 3900	cd20xrnt - ok
23:28:19.0718 3900	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:28:19.0843 3900	Cdaudio - ok
23:28:19.0890 3900	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:28:20.0046 3900	Cdfs - ok
23:28:20.0156 3900	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:28:20.0296 3900	Cdrom - ok
23:28:20.0296 3900	Changer - ok
23:28:20.0343 3900	CmdIde - ok
23:28:20.0390 3900	Cpqarray - ok
23:28:20.0421 3900	dac2w2k - ok
23:28:20.0437 3900	dac960nt - ok
23:28:20.0500 3900	Defrag32        (573ac4974e59a28ac5815bf56d59822c) C:\WINDOWS\system32\drivers\Defrag32.sys
23:28:20.0515 3900	Defrag32 - ok
23:28:20.0578 3900	Defrag32b       (739fd63e6ac4f3940ada9b31b8b5de14) C:\WINDOWS\system32\drivers\Defrag32b.sys
23:28:20.0593 3900	Defrag32b - ok
23:28:20.0656 3900	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:28:20.0796 3900	Disk - ok
23:28:20.0906 3900	dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
23:28:21.0125 3900	dmboot - ok
23:28:21.0187 3900	dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
23:28:21.0375 3900	dmio - ok
23:28:21.0468 3900	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:28:21.0609 3900	dmload - ok
23:28:21.0671 3900	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:28:21.0812 3900	DMusic - ok
23:28:21.0890 3900	dpti2o - ok
23:28:21.0937 3900	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:28:22.0078 3900	drmkaud - ok
23:28:22.0156 3900	EagleNT - ok
23:28:22.0218 3900	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:28:22.0375 3900	Fastfat - ok
23:28:22.0453 3900	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
23:28:22.0609 3900	Fdc - ok
23:28:22.0671 3900	Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
23:28:22.0812 3900	Fips - ok
23:28:22.0890 3900	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23:28:23.0031 3900	Flpydisk - ok
23:28:23.0140 3900	FltMgr          (5a85cd3d07273e3f6fe72ee9c6431632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:28:23.0484 3900	FltMgr - ok
23:28:23.0531 3900	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:28:23.0640 3900	Fs_Rec - ok
23:28:23.0703 3900	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:28:23.0859 3900	Ftdisk - ok
23:28:23.0968 3900	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:28:23.0984 3900	GEARAspiWDM - ok
23:28:24.0031 3900	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:28:24.0171 3900	Gpc - ok
23:28:24.0281 3900	HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:28:24.0281 3900	HDAudBus ( UnsignedFile.Multi.Generic ) - warning
23:28:24.0281 3900	HDAudBus - detected UnsignedFile.Multi.Generic (1)
23:28:24.0312 3900	hidusb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:28:24.0453 3900	hidusb - ok
23:28:24.0531 3900	hpn - ok
23:28:24.0578 3900	HTTP            (261bf53e1d1c21f04b4e748a6ed3d055) C:\WINDOWS\system32\Drivers\HTTP.sys
23:28:24.0625 3900	HTTP - ok
23:28:24.0656 3900	i2omgmt - ok
23:28:24.0671 3900	i2omp - ok
23:28:24.0750 3900	i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:28:24.0875 3900	i8042prt - ok
23:28:24.0984 3900	Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
23:28:25.0109 3900	Imapi - ok
23:28:25.0140 3900	ini910u - ok
23:28:25.0343 3900	IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
23:28:25.0765 3900	IntcAzAudAddService - ok
23:28:25.0843 3900	IntelIde - ok
23:28:25.0875 3900	Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:28:26.0015 3900	Ip6Fw - ok
23:28:26.0140 3900	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:28:26.0281 3900	IpFilterDriver - ok
23:28:26.0375 3900	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:28:26.0500 3900	IpInIp - ok
23:28:26.0562 3900	IpNat           (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:28:26.0921 3900	IpNat - ok
23:28:27.0015 3900	IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:28:27.0156 3900	IPSec - ok
23:28:27.0187 3900	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:28:27.0265 3900	IRENUM - ok
23:28:27.0328 3900	isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:28:27.0453 3900	isapnp - ok
23:28:27.0546 3900	Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:28:27.0671 3900	Kbdclass - ok
23:28:27.0718 3900	kbdhid          (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:28:27.0859 3900	kbdhid - ok
23:28:27.0937 3900	kmixer          (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys
23:28:28.0296 3900	kmixer - ok
23:28:28.0375 3900	KSecDD          (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
23:28:28.0406 3900	KSecDD - ok
23:28:28.0484 3900	lbrtfdc - ok
23:28:28.0531 3900	massfilter      (f0435fe3c1ec2659d2bbf073ca0752ee) C:\WINDOWS\system32\DRIVERS\massfilter.sys
23:28:28.0578 3900	massfilter - ok
23:28:28.0640 3900	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
23:28:28.0656 3900	MBAMProtector - ok
23:28:28.0734 3900	MBAMSwissArmy - ok
23:28:28.0781 3900	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:28:28.0906 3900	mnmdd - ok
23:28:28.0984 3900	Modem           (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
23:28:29.0109 3900	Modem - ok
23:28:29.0203 3900	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
23:28:29.0328 3900	Monfilt - ok
23:28:29.0421 3900	Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:28:29.0531 3900	Mouclass - ok
23:28:29.0625 3900	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:28:29.0734 3900	mouhid - ok
23:28:29.0812 3900	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:28:29.0937 3900	MountMgr - ok
23:28:30.0000 3900	mraid35x - ok
23:28:30.0093 3900	MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:28:30.0484 3900	MRxDAV - ok
23:28:30.0578 3900	MRxSmb          (3500e756812e716351f2d341ae1d5623) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:28:30.0640 3900	MRxSmb - ok
23:28:30.0750 3900	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:28:30.0890 3900	Msfs - ok
23:28:31.0000 3900	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:28:31.0125 3900	MSKSSRV - ok
23:28:31.0265 3900	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:28:31.0406 3900	MSPCLOCK - ok
23:28:31.0484 3900	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:28:31.0609 3900	MSPQM - ok
23:28:31.0781 3900	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:28:31.0890 3900	mssmbios - ok
23:28:32.0093 3900	MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
23:28:32.0250 3900	MSTEE - ok
23:28:32.0468 3900	Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:28:32.0625 3900	Mup - ok
23:28:32.0781 3900	NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:28:32.0921 3900	NABTSFEC - ok
23:28:33.0093 3900	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:28:33.0234 3900	NDIS - ok
23:28:33.0343 3900	NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:28:33.0453 3900	NdisIP - ok
23:28:33.0484 3900	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:28:33.0625 3900	NdisTapi - ok
23:28:33.0734 3900	Ndisuio         (5146c3d286e66c72328f6ce6e4d983a8) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:28:34.0140 3900	Ndisuio - ok
23:28:34.0187 3900	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:28:34.0328 3900	NdisWan - ok
23:28:34.0421 3900	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:28:34.0546 3900	NDProxy - ok
23:28:34.0609 3900	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:28:34.0734 3900	NetBIOS - ok
23:28:34.0796 3900	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:28:34.0937 3900	NetBT - ok
23:28:35.0078 3900	NIC1394         (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:28:35.0187 3900	NIC1394 - ok
23:28:35.0218 3900	NIOC            (660afb141d2b66d46bbce3d0167e693b) C:\WINDOWS\system32\NIOC.SYS
23:28:35.0265 3900	NIOC ( UnsignedFile.Multi.Generic ) - warning
23:28:35.0265 3900	NIOC - detected UnsignedFile.Multi.Generic (1)
23:28:35.0343 3900	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:28:35.0468 3900	Npfs - ok
23:28:35.0531 3900	Ntfs            (05ab81909514bfd69cbb1f2c147cf6b9) C:\WINDOWS\system32\drivers\Ntfs.sys
23:28:35.0953 3900	Ntfs - ok
23:28:36.0046 3900	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:28:36.0171 3900	Null - ok
23:28:36.0453 3900	nv              (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:28:37.0250 3900	nv - ok
23:28:37.0359 3900	nvata           (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
23:28:37.0406 3900	nvata - ok
23:28:37.0437 3900	NVENETFD        (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
23:28:37.0484 3900	NVENETFD - ok
23:28:37.0515 3900	nvnetbus        (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
23:28:37.0546 3900	nvnetbus - ok
23:28:37.0671 3900	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:28:37.0796 3900	NwlnkFlt - ok
23:28:37.0828 3900	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:28:37.0953 3900	NwlnkFwd - ok
23:28:38.0140 3900	ohci1394        (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:28:38.0515 3900	ohci1394 - ok
23:28:38.0625 3900	ovt530          (71cffb1e06aa8978a7b4a346c191f8ba) C:\WINDOWS\system32\Drivers\ov530vid.sys
23:28:38.0640 3900	ovt530 ( UnsignedFile.Multi.Generic ) - warning
23:28:38.0640 3900	ovt530 - detected UnsignedFile.Multi.Generic (1)
23:28:38.0734 3900	Parport         (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
23:28:38.0859 3900	Parport - ok
23:28:38.0953 3900	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:28:39.0078 3900	PartMgr - ok
23:28:39.0109 3900	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:28:39.0218 3900	ParVdm - ok
23:28:39.0328 3900	PCI             (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
23:28:39.0468 3900	PCI - ok
23:28:39.0546 3900	PCIDump - ok
23:28:39.0578 3900	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:28:39.0718 3900	PCIIde - ok
23:28:39.0828 3900	Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
23:28:39.0968 3900	Pcmcia - ok
23:28:40.0093 3900	PDCOMP - ok
23:28:40.0109 3900	PDFRAME - ok
23:28:40.0125 3900	PDRELI - ok
23:28:40.0156 3900	PDRFRAME - ok
23:28:40.0203 3900	perc2 - ok
23:28:40.0218 3900	perc2hib - ok
23:28:40.0281 3900	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:28:40.0406 3900	PptpMiniport - ok
23:28:40.0515 3900	PQNTDrv         (590f057b19488420f720bf6423388775) C:\WINDOWS\system32\drivers\PQNTDrv.sys
23:28:40.0515 3900	PQNTDrv ( UnsignedFile.Multi.Generic ) - warning
23:28:40.0515 3900	PQNTDrv - detected UnsignedFile.Multi.Generic (1)
23:28:40.0578 3900	PRISM_USB       (d5e90cd0e51130e0a1c3fec82684fb7d) C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys
23:28:40.0640 3900	PRISM_USB - ok
23:28:40.0703 3900	Processor       (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
23:28:40.0843 3900	Processor - ok
23:28:40.0921 3900	PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:28:41.0062 3900	PSched - ok
23:28:41.0109 3900	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:28:41.0234 3900	Ptilink - ok
23:28:41.0281 3900	ql1080 - ok
23:28:41.0312 3900	Ql10wnt - ok
23:28:41.0328 3900	ql12160 - ok
23:28:41.0359 3900	ql1240 - ok
23:28:41.0375 3900	ql1280 - ok
23:28:41.0406 3900	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:28:41.0531 3900	RasAcd - ok
23:28:41.0640 3900	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:28:41.0765 3900	Rasl2tp - ok
23:28:41.0828 3900	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:28:41.0953 3900	RasPppoe - ok
23:28:42.0000 3900	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:28:42.0171 3900	Raspti - ok
23:28:42.0265 3900	Rdbss           (ed375ce745c42a14f10753f7022ecd6a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:28:42.0671 3900	Rdbss - ok
23:28:42.0734 3900	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:28:42.0859 3900	RDPCDD - ok
23:28:42.0953 3900	rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:28:43.0093 3900	rdpdr - ok
23:28:43.0140 3900	RDPWD           (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
23:28:43.0546 3900	RDPWD - ok
23:28:43.0640 3900	redbook         (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:28:43.0765 3900	redbook - ok
23:28:43.0828 3900	RT61            (57f390bf7af0f68bb804387cbc3a4f0d) C:\WINDOWS\system32\DRIVERS\RT61.sys
23:28:43.0890 3900	RT61 - ok
23:28:43.0968 3900	Scutum50        (f34c06d1c706a6d9433570b087a18b02) C:\WINDOWS\system32\Drivers\Scutum50.sys
23:28:43.0984 3900	Scutum50 ( UnsignedFile.Multi.Generic ) - warning
23:28:43.0984 3900	Scutum50 - detected UnsignedFile.Multi.Generic (1)
23:28:44.0046 3900	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:28:44.0453 3900	Secdrv - ok
23:28:44.0531 3900	serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
23:28:44.0656 3900	serenum - ok
23:28:44.0718 3900	Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
23:28:44.0843 3900	Serial - ok
23:28:44.0968 3900	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
23:28:45.0093 3900	Sfloppy - ok
23:28:45.0109 3900	Simbad - ok
23:28:45.0156 3900	SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:28:45.0296 3900	SLIP - ok
23:28:45.0390 3900	SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
23:28:45.0500 3900	SONYPVU1 - ok
23:28:45.0531 3900	Sparrow - ok
23:28:45.0546 3900	splitter        (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys
23:28:45.0968 3900	splitter - ok
23:28:46.0078 3900	sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
23:28:46.0171 3900	sr - ok
23:28:46.0218 3900	Srv             (d4af9861c3b6a2163d26dc6b9cf05e2a) C:\WINDOWS\system32\DRIVERS\srv.sys
23:28:46.0281 3900	Srv - ok
23:28:46.0359 3900	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:28:46.0359 3900	ssmdrv - ok
23:28:46.0406 3900	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
23:28:46.0437 3900	StarOpen ( UnsignedFile.Multi.Generic ) - warning
23:28:46.0437 3900	StarOpen - detected UnsignedFile.Multi.Generic (1)
23:28:46.0484 3900	streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:28:46.0609 3900	streamip - ok
23:28:46.0718 3900	swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:28:46.0843 3900	swenum - ok
23:28:46.0953 3900	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:28:47.0062 3900	swmidi - ok
23:28:47.0093 3900	symc810 - ok
23:28:47.0125 3900	symc8xx - ok
23:28:47.0203 3900	sym_hi - ok
23:28:47.0218 3900	sym_u3 - ok
23:28:47.0265 3900	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:28:47.0390 3900	sysaudio - ok
23:28:47.0515 3900	Tcpip           (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:28:47.0593 3900	Tcpip - ok
23:28:47.0640 3900	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:28:47.0765 3900	TDPIPE - ok
23:28:47.0828 3900	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:28:47.0953 3900	TDTCP - ok
23:28:48.0000 3900	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:28:48.0156 3900	TermDD - ok
23:28:48.0218 3900	TosIde - ok
23:28:48.0281 3900	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:28:48.0406 3900	Udfs - ok
23:28:48.0468 3900	ultra - ok
23:28:48.0531 3900	Update          (1f03139b77b21c6d84c688798808bc28) C:\WINDOWS\system32\DRIVERS\update.sys
23:28:48.0968 3900	Update - ok
23:28:49.0062 3900	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
23:28:49.0109 3900	USBAAPL - ok
23:28:49.0156 3900	usbaudio        (2f005eb50645d537fff23b472691c269) C:\WINDOWS\system32\drivers\usbaudio.sys
23:28:49.0578 3900	usbaudio - ok
23:28:49.0671 3900	usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:28:49.0796 3900	usbccgp - ok
23:28:49.0843 3900	usbehci         (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:28:50.0265 3900	usbehci - ok
23:28:50.0343 3900	usbhub          (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:28:50.0781 3900	usbhub - ok
23:28:51.0046 3900	usbohci         (555b2b2108c5085cc203202fec702d08) C:\WINDOWS\system32\DRIVERS\usbohci.sys
23:28:51.0437 3900	usbohci - ok
23:28:51.0468 3900	usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:28:51.0593 3900	usbscan - ok
23:28:51.0718 3900	USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:28:51.0843 3900	USBSTOR - ok
23:28:51.0953 3900	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:28:52.0093 3900	VgaSave - ok
23:28:52.0125 3900	ViaIde - ok
23:28:52.0171 3900	VolSnap         (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
23:28:52.0312 3900	VolSnap - ok
23:28:52.0437 3900	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:28:52.0562 3900	Wanarp - ok
23:28:52.0578 3900	WDICA - ok
23:28:52.0609 3900	wdmaud          (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys
23:28:53.0015 3900	wdmaud - ok
23:28:53.0421 3900	WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:28:53.0546 3900	WSTCODEC - ok
23:28:53.0578 3900	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:28:53.0593 3900	WudfPf ( UnsignedFile.Multi.Generic ) - warning
23:28:53.0593 3900	WudfPf - detected UnsignedFile.Multi.Generic (1)
23:28:53.0671 3900	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:28:53.0703 3900	WudfRd ( UnsignedFile.Multi.Generic ) - warning
23:28:53.0703 3900	WudfRd - detected UnsignedFile.Multi.Generic (1)
23:28:53.0812 3900	ZTEusbmdm6k     (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
23:28:53.0859 3900	ZTEusbmdm6k - ok
23:28:53.0953 3900	ZTEusbnet       (9862f9d2ff50ae748ed42c022e6aac15) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
23:28:54.0015 3900	ZTEusbnet - ok
23:28:54.0203 3900	ZTEusbnmea      (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
23:28:54.0281 3900	ZTEusbnmea - ok
23:28:54.0359 3900	ZTEusbser6k     (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
23:28:54.0406 3900	ZTEusbser6k - ok
23:28:54.0593 3900	ZTEusbvoice     (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
23:28:54.0625 3900	ZTEusbvoice - ok
23:28:54.0656 3900	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
23:28:54.0968 3900	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
23:28:54.0968 3900	\Device\Harddisk0\DR0 - detected TDSS File System (1)
23:28:54.0968 3900	Boot (0x1200)   (40bcd8e6f2f0139cb678b33a81b69c9d) \Device\Harddisk0\DR0\Partition0
23:28:54.0968 3900	\Device\Harddisk0\DR0\Partition0 - ok
23:28:55.0046 3900	Boot (0x1200)   (3f699c253e720bf1c133bf5c8677d004) \Device\Harddisk0\DR0\Partition1
23:28:55.0046 3900	\Device\Harddisk0\DR0\Partition1 - ok
23:28:55.0062 3900	Boot (0x1200)   (da1a02adade8306271a083cd40b32b7c) \Device\Harddisk0\DR0\Partition2
23:28:55.0062 3900	\Device\Harddisk0\DR0\Partition2 - ok
23:28:55.0062 3900	============================================================
23:28:55.0062 3900	Scan finished
23:28:55.0062 3900	============================================================
23:28:55.0171 2512	Detected object count: 10
23:28:55.0171 2512	Actual detected object count: 10
23:30:15.0671 2512	Afc ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:15.0671 2512	Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:30:15.0671 2512	HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:15.0671 2512	HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:30:15.0671 2512	NIOC ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:15.0671 2512	NIOC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:30:15.0671 2512	ovt530 ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:15.0671 2512	ovt530 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:30:15.0671 2512	PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:15.0671 2512	PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:30:15.0671 2512	Scutum50 ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:15.0671 2512	Scutum50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:30:15.0671 2512	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:15.0671 2512	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:30:15.0671 2512	WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:15.0671 2512	WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:30:15.0671 2512	WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
23:30:15.0671 2512	WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:30:15.0687 2512	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:30:15.0687 2512	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

'

mfG A.Vidal :-)

A.Vidal · 05.01.2012, 23:45

Vielen Dank nochmals für die Hilfe bis hierher

mfG A.Vidal :-)

cosinus · 06.01.2012, 09:57

Zitat:

23:30:15.0687 2512 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:30:15.0687 2512 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Das TDSS File System bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

A.Vidal · 06.01.2012, 13:50

Wurde gelöscht :

Code:

ATTFilter

13:36:50.0828 3756	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:36:50.0875 3756	============================================================
13:36:50.0875 3756	Current date / time: 2012/01/06 13:36:50.0875
13:36:50.0875 3756	SystemInfo:
13:36:50.0875 3756	
13:36:50.0890 3756	OS Version: 5.1.2600 ServicePack: 2.0
13:36:50.0890 3756	Product type: Workstation
13:36:50.0890 3756	ComputerName: FELIX-7EE248200
13:36:50.0890 3756	UserName: Felix
13:36:50.0890 3756	Windows directory: C:\WINDOWS
13:36:50.0890 3756	System windows directory: C:\WINDOWS
13:36:50.0890 3756	Processor architecture: Intel x86
13:36:50.0890 3756	Number of processors: 1
13:36:50.0890 3756	Page size: 0x1000
13:36:50.0890 3756	Boot type: Normal boot
13:36:50.0890 3756	============================================================
13:36:51.0687 3756	Initialize success
13:37:21.0593 3912	============================================================
13:37:21.0593 3912	Scan started
13:37:21.0593 3912	Mode: Manual; SigCheck; TDLFS; 
13:37:21.0593 3912	============================================================
13:37:22.0312 3912	Abiosdsk - ok
13:37:22.0359 3912	abp480n5 - ok
13:37:22.0453 3912	ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:37:23.0390 3912	ACPI - ok
13:37:23.0484 3912	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:37:23.0640 3912	ACPIEC - ok
13:37:23.0671 3912	adpu160m - ok
13:37:23.0718 3912	aec             (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
13:37:24.0015 3912	aec - ok
13:37:24.0109 3912	Afc             (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
13:37:24.0125 3912	Afc ( UnsignedFile.Multi.Generic ) - warning
13:37:24.0125 3912	Afc - detected UnsignedFile.Multi.Generic (1)
13:37:24.0203 3912	AFD             (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys
13:37:24.0218 3912	AFD - ok
13:37:24.0234 3912	Aha154x - ok
13:37:24.0265 3912	aic78u2 - ok
13:37:24.0312 3912	aic78xx - ok
13:37:24.0328 3912	AliIde - ok
13:37:24.0421 3912	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
13:37:24.0656 3912	Ambfilt - ok
13:37:24.0734 3912	amsint - ok
13:37:24.0781 3912	Arp1394         (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:37:24.0921 3912	Arp1394 - ok
13:37:25.0015 3912	asc - ok
13:37:25.0031 3912	asc3350p - ok
13:37:25.0062 3912	asc3550 - ok
13:37:25.0109 3912	AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:37:25.0265 3912	AsyncMac - ok
13:37:25.0343 3912	atapi           (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:37:25.0500 3912	atapi - ok
13:37:25.0609 3912	Atdisk - ok
13:37:25.0656 3912	Atmarpc         (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:37:25.0781 3912	Atmarpc - ok
13:37:25.0843 3912	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:37:26.0000 3912	audstub - ok
13:37:26.0093 3912	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
13:37:26.0109 3912	avgio - ok
13:37:26.0203 3912	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:37:26.0218 3912	avgntflt - ok
13:37:26.0265 3912	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:37:26.0281 3912	avipbb - ok
13:37:26.0328 3912	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:37:26.0468 3912	Beep - ok
13:37:26.0578 3912	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:37:26.0734 3912	cbidf2k - ok
13:37:26.0796 3912	CCDECODE        (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:37:26.0937 3912	CCDECODE - ok
13:37:27.0015 3912	cd20xrnt - ok
13:37:27.0062 3912	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:37:27.0203 3912	Cdaudio - ok
13:37:27.0234 3912	Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
13:37:27.0390 3912	Cdfs - ok
13:37:27.0515 3912	Cdrom           (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:37:27.0640 3912	Cdrom - ok
13:37:27.0640 3912	Changer - ok
13:37:27.0687 3912	CmdIde - ok
13:37:27.0718 3912	Cpqarray - ok
13:37:27.0750 3912	dac2w2k - ok
13:37:27.0765 3912	dac960nt - ok
13:37:27.0796 3912	Defrag32        (573ac4974e59a28ac5815bf56d59822c) C:\WINDOWS\system32\drivers\Defrag32.sys
13:37:27.0828 3912	Defrag32 - ok
13:37:27.0921 3912	Defrag32b       (739fd63e6ac4f3940ada9b31b8b5de14) C:\WINDOWS\system32\drivers\Defrag32b.sys
13:37:27.0937 3912	Defrag32b - ok
13:37:27.0984 3912	Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
13:37:28.0125 3912	Disk - ok
13:37:28.0218 3912	dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
13:37:28.0437 3912	dmboot - ok
13:37:28.0500 3912	dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
13:37:28.0671 3912	dmio - ok
13:37:28.0765 3912	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:37:28.0890 3912	dmload - ok
13:37:28.0968 3912	DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
13:37:29.0109 3912	DMusic - ok
13:37:29.0187 3912	dpti2o - ok
13:37:29.0250 3912	drmkaud         (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
13:37:29.0390 3912	drmkaud - ok
13:37:29.0453 3912	EagleNT - ok
13:37:29.0531 3912	Fastfat         (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
13:37:29.0687 3912	Fastfat - ok
13:37:29.0765 3912	Fdc             (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:37:29.0906 3912	Fdc - ok
13:37:29.0937 3912	Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
13:37:30.0078 3912	Fips - ok
13:37:30.0125 3912	Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:37:30.0265 3912	Flpydisk - ok
13:37:30.0359 3912	FltMgr          (5a85cd3d07273e3f6fe72ee9c6431632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:37:30.0687 3912	FltMgr - ok
13:37:30.0781 3912	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:37:30.0890 3912	Fs_Rec - ok
13:37:30.0921 3912	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:37:31.0062 3912	Ftdisk - ok
13:37:31.0187 3912	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:37:31.0203 3912	GEARAspiWDM - ok
13:37:31.0234 3912	Gpc             (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:37:31.0375 3912	Gpc - ok
13:37:31.0500 3912	HDAudBus        (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:37:31.0515 3912	HDAudBus ( UnsignedFile.Multi.Generic ) - warning
13:37:31.0515 3912	HDAudBus - detected UnsignedFile.Multi.Generic (1)
13:37:31.0546 3912	hidusb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:37:31.0687 3912	hidusb - ok
13:37:31.0750 3912	hpn - ok
13:37:31.0812 3912	HTTP            (261bf53e1d1c21f04b4e748a6ed3d055) C:\WINDOWS\system32\Drivers\HTTP.sys
13:37:31.0890 3912	HTTP - ok
13:37:31.0906 3912	i2omgmt - ok
13:37:31.0937 3912	i2omp - ok
13:37:31.0984 3912	i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:37:32.0125 3912	i8042prt - ok
13:37:32.0218 3912	Imapi           (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:37:32.0343 3912	Imapi - ok
13:37:32.0375 3912	ini910u - ok
13:37:32.0562 3912	IntcAzAudAddService (db01625d8e286cd17b94dcf088713d7f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:37:33.0062 3912	IntcAzAudAddService - ok
13:37:33.0140 3912	IntelIde - ok
13:37:33.0187 3912	Ip6Fw           (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:37:33.0328 3912	Ip6Fw - ok
13:37:33.0406 3912	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:37:33.0562 3912	IpFilterDriver - ok
13:37:33.0609 3912	IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:37:33.0734 3912	IpInIp - ok
13:37:33.0812 3912	IpNat           (472c75f85e631f8aa87d21c9fee6238d) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:37:34.0203 3912	IpNat - ok
13:37:34.0265 3912	IPSec           (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:37:34.0390 3912	IPSec - ok
13:37:34.0500 3912	IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:37:34.0593 3912	IRENUM - ok
13:37:34.0640 3912	isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:37:34.0765 3912	isapnp - ok
13:37:34.0859 3912	Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:37:34.0984 3912	Kbdclass - ok
13:37:35.0000 3912	kbdhid          (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:37:35.0125 3912	kbdhid - ok
13:37:35.0281 3912	kmixer          (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys
13:37:35.0671 3912	kmixer - ok
13:37:35.0812 3912	KSecDD          (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
13:37:35.0890 3912	KSecDD - ok
13:37:36.0062 3912	lbrtfdc - ok
13:37:36.0125 3912	massfilter      (f0435fe3c1ec2659d2bbf073ca0752ee) C:\WINDOWS\system32\DRIVERS\massfilter.sys
13:37:36.0234 3912	massfilter - ok
13:37:36.0328 3912	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
13:37:36.0343 3912	MBAMProtector - ok
13:37:36.0500 3912	MBAMSwissArmy - ok
13:37:36.0562 3912	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:37:36.0750 3912	mnmdd - ok
13:37:36.0968 3912	Modem           (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
13:37:37.0109 3912	Modem - ok
13:37:37.0234 3912	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
13:37:37.0375 3912	Monfilt - ok
13:37:37.0453 3912	Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:37:37.0593 3912	Mouclass - ok
13:37:37.0640 3912	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:37:37.0765 3912	mouhid - ok
13:37:37.0859 3912	MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
13:37:38.0015 3912	MountMgr - ok
13:37:38.0093 3912	mraid35x - ok
13:37:38.0125 3912	MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:37:38.0515 3912	MRxDAV - ok
13:37:38.0625 3912	MRxSmb          (3500e756812e716351f2d341ae1d5623) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:37:38.0703 3912	MRxSmb - ok
13:37:38.0750 3912	Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
13:37:38.0906 3912	Msfs - ok
13:37:39.0000 3912	MSKSSRV         (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:37:39.0125 3912	MSKSSRV - ok
13:37:39.0156 3912	MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:37:39.0296 3912	MSPCLOCK - ok
13:37:39.0406 3912	MSPQM           (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
13:37:39.0546 3912	MSPQM - ok
13:37:39.0593 3912	mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:37:39.0703 3912	mssmbios - ok
13:37:39.0812 3912	MSTEE           (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
13:37:39.0968 3912	MSTEE - ok
13:37:40.0015 3912	Mup             (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
13:37:40.0140 3912	Mup - ok
13:37:40.0250 3912	NABTSFEC        (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:37:40.0359 3912	NABTSFEC - ok
13:37:40.0406 3912	NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
13:37:40.0562 3912	NDIS - ok
13:37:40.0656 3912	NdisIP          (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:37:40.0781 3912	NdisIP - ok
13:37:40.0812 3912	NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:37:40.0953 3912	NdisTapi - ok
13:37:41.0046 3912	Ndisuio         (5146c3d286e66c72328f6ce6e4d983a8) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:37:41.0421 3912	Ndisuio - ok
13:37:41.0468 3912	NdisWan         (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:37:41.0593 3912	NdisWan - ok
13:37:41.0687 3912	NDProxy         (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
13:37:41.0812 3912	NDProxy - ok
13:37:41.0843 3912	NetBIOS         (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:37:42.0000 3912	NetBIOS - ok
13:37:42.0093 3912	NetBT           (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:37:42.0234 3912	NetBT - ok
13:37:42.0359 3912	NIC1394         (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:37:42.0468 3912	NIC1394 - ok
13:37:42.0515 3912	NIOC            (660afb141d2b66d46bbce3d0167e693b) C:\WINDOWS\system32\NIOC.SYS
13:37:42.0562 3912	NIOC ( UnsignedFile.Multi.Generic ) - warning
13:37:42.0562 3912	NIOC - detected UnsignedFile.Multi.Generic (1)
13:37:42.0656 3912	Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
13:37:42.0796 3912	Npfs - ok
13:37:42.0906 3912	Ntfs            (05ab81909514bfd69cbb1f2c147cf6b9) C:\WINDOWS\system32\drivers\Ntfs.sys
13:37:43.0343 3912	Ntfs - ok
13:37:43.0640 3912	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:37:43.0765 3912	Null - ok
13:37:44.0109 3912	nv              (30913cbf518396912e54c2c9f1dd0f09) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:37:45.0031 3912	nv - ok
13:37:45.0171 3912	nvata           (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
13:37:45.0218 3912	nvata - ok
13:37:45.0250 3912	NVENETFD        (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
13:37:45.0296 3912	NVENETFD - ok
13:37:45.0375 3912	nvnetbus        (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
13:37:45.0406 3912	nvnetbus - ok
13:37:45.0468 3912	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:37:45.0625 3912	NwlnkFlt - ok
13:37:45.0718 3912	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:37:45.0828 3912	NwlnkFwd - ok
13:37:45.0906 3912	ohci1394        (fc128c3d7d5ad30a13742dc3737b9df7) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:37:46.0312 3912	ohci1394 - ok
13:37:46.0390 3912	ovt530          (71cffb1e06aa8978a7b4a346c191f8ba) C:\WINDOWS\system32\Drivers\ov530vid.sys
13:37:46.0406 3912	ovt530 ( UnsignedFile.Multi.Generic ) - warning
13:37:46.0406 3912	ovt530 - detected UnsignedFile.Multi.Generic (1)
13:37:46.0484 3912	Parport         (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
13:37:46.0625 3912	Parport - ok
13:37:46.0718 3912	PartMgr         (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
13:37:46.0843 3912	PartMgr - ok
13:37:46.0906 3912	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
13:37:47.0031 3912	ParVdm - ok
13:37:47.0109 3912	PCI             (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
13:37:47.0234 3912	PCI - ok
13:37:47.0296 3912	PCIDump - ok
13:37:47.0343 3912	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:37:47.0484 3912	PCIIde - ok
13:37:47.0546 3912	Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:37:47.0687 3912	Pcmcia - ok
13:37:47.0765 3912	PDCOMP - ok
13:37:47.0781 3912	PDFRAME - ok
13:37:47.0812 3912	PDRELI - ok
13:37:47.0843 3912	PDRFRAME - ok
13:37:47.0859 3912	perc2 - ok
13:37:47.0890 3912	perc2hib - ok
13:37:47.0953 3912	PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:37:48.0078 3912	PptpMiniport - ok
13:37:48.0187 3912	PQNTDrv         (590f057b19488420f720bf6423388775) C:\WINDOWS\system32\drivers\PQNTDrv.sys
13:37:48.0187 3912	PQNTDrv ( UnsignedFile.Multi.Generic ) - warning
13:37:48.0187 3912	PQNTDrv - detected UnsignedFile.Multi.Generic (1)
13:37:48.0250 3912	PRISM_USB       (d5e90cd0e51130e0a1c3fec82684fb7d) C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys
13:37:48.0312 3912	PRISM_USB - ok
13:37:48.0375 3912	Processor       (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
13:37:48.0515 3912	Processor - ok
13:37:48.0640 3912	PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
13:37:48.0765 3912	PSched - ok
13:37:48.0828 3912	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:37:48.0953 3912	Ptilink - ok
13:37:49.0000 3912	ql1080 - ok
13:37:49.0031 3912	Ql10wnt - ok
13:37:49.0046 3912	ql12160 - ok
13:37:49.0078 3912	ql1240 - ok
13:37:49.0093 3912	ql1280 - ok
13:37:49.0140 3912	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:37:49.0265 3912	RasAcd - ok
13:37:49.0375 3912	Rasl2tp         (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:37:49.0515 3912	Rasl2tp - ok
13:37:49.0609 3912	RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:37:49.0750 3912	RasPppoe - ok
13:37:49.0796 3912	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:37:49.0921 3912	Raspti - ok
13:37:50.0031 3912	Rdbss           (ed375ce745c42a14f10753f7022ecd6a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:37:50.0406 3912	Rdbss - ok
13:37:50.0468 3912	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:37:50.0593 3912	RDPCDD - ok
13:37:50.0687 3912	rdpdr           (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:37:50.0828 3912	rdpdr - ok
13:37:50.0921 3912	RDPWD           (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
13:37:51.0312 3912	RDPWD - ok
13:37:51.0359 3912	redbook         (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:37:51.0484 3912	redbook - ok
13:37:51.0562 3912	RT61            (57f390bf7af0f68bb804387cbc3a4f0d) C:\WINDOWS\system32\DRIVERS\RT61.sys
13:37:51.0609 3912	RT61 - ok
13:37:51.0687 3912	Scutum50        (f34c06d1c706a6d9433570b087a18b02) C:\WINDOWS\system32\Drivers\Scutum50.sys
13:37:51.0703 3912	Scutum50 ( UnsignedFile.Multi.Generic ) - warning
13:37:51.0703 3912	Scutum50 - detected UnsignedFile.Multi.Generic (1)
13:37:51.0796 3912	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:37:52.0171 3912	Secdrv - ok
13:37:52.0250 3912	serenum         (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:37:52.0359 3912	serenum - ok
13:37:52.0390 3912	Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
13:37:52.0531 3912	Serial - ok
13:37:52.0640 3912	Sfloppy         (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:37:52.0750 3912	Sfloppy - ok
13:37:52.0781 3912	Simbad - ok
13:37:52.0828 3912	SLIP            (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:37:52.0968 3912	SLIP - ok
13:37:53.0078 3912	SONYPVU1        (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
13:37:53.0203 3912	SONYPVU1 - ok
13:37:53.0250 3912	Sparrow - ok
13:37:53.0343 3912	splitter        (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys
13:37:53.0750 3912	splitter - ok
13:37:53.0812 3912	sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
13:37:53.0890 3912	sr - ok
13:37:53.0984 3912	Srv             (d4af9861c3b6a2163d26dc6b9cf05e2a) C:\WINDOWS\system32\DRIVERS\srv.sys
13:37:54.0062 3912	Srv - ok
13:37:54.0125 3912	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:37:54.0140 3912	ssmdrv - ok
13:37:54.0234 3912	StarOpen        (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys
13:37:54.0250 3912	StarOpen ( UnsignedFile.Multi.Generic ) - warning
13:37:54.0250 3912	StarOpen - detected UnsignedFile.Multi.Generic (1)
13:37:54.0296 3912	streamip        (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:37:54.0406 3912	streamip - ok
13:37:54.0531 3912	swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:37:54.0656 3912	swenum - ok
13:37:54.0765 3912	swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
13:37:54.0906 3912	swmidi - ok
13:37:54.0984 3912	symc810 - ok
13:37:55.0015 3912	symc8xx - ok
13:37:55.0031 3912	sym_hi - ok
13:37:55.0062 3912	sym_u3 - ok
13:37:55.0109 3912	sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
13:37:55.0234 3912	sysaudio - ok
13:37:55.0343 3912	Tcpip           (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:37:55.0421 3912	Tcpip - ok
13:37:55.0734 3912	TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:37:55.0859 3912	TDPIPE - ok
13:37:55.0953 3912	TDTCP           (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
13:37:56.0062 3912	TDTCP - ok
13:37:56.0125 3912	TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:37:56.0265 3912	TermDD - ok
13:37:56.0343 3912	TosIde - ok
13:37:56.0406 3912	Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
13:37:56.0531 3912	Udfs - ok
13:37:56.0578 3912	ultra - ok
13:37:56.0625 3912	Update          (1f03139b77b21c6d84c688798808bc28) C:\WINDOWS\system32\DRIVERS\update.sys
13:37:57.0156 3912	Update - ok
13:37:57.0234 3912	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:37:57.0281 3912	USBAAPL - ok
13:37:57.0343 3912	usbaudio        (2f005eb50645d537fff23b472691c269) C:\WINDOWS\system32\drivers\usbaudio.sys
13:37:57.0796 3912	usbaudio - ok
13:37:57.0890 3912	usbccgp         (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:37:58.0031 3912	usbccgp - ok
13:37:58.0062 3912	usbehci         (a45ea1550ea4b368c4fba7ca9d056bc9) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:37:58.0500 3912	usbehci - ok
13:37:58.0593 3912	usbhub          (6d46b1f89134892a862ac56b00ac11fe) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:37:59.0062 3912	usbhub - ok
13:37:59.0125 3912	usbohci         (555b2b2108c5085cc203202fec702d08) C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:37:59.0609 3912	usbohci - ok
13:37:59.0734 3912	usbscan         (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:37:59.0859 3912	usbscan - ok
13:37:59.0968 3912	USBSTOR         (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:38:00.0093 3912	USBSTOR - ok
13:38:00.0140 3912	VgaSave         (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
13:38:00.0265 3912	VgaSave - ok
13:38:00.0328 3912	ViaIde - ok
13:38:00.0359 3912	VolSnap         (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
13:38:00.0500 3912	VolSnap - ok
13:38:00.0625 3912	Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:38:00.0750 3912	Wanarp - ok
13:38:00.0765 3912	WDICA - ok
13:38:00.0828 3912	wdmaud          (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys
13:38:01.0281 3912	wdmaud - ok
13:38:01.0750 3912	WSTCODEC        (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:38:01.0890 3912	WSTCODEC - ok
13:38:02.0203 3912	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:38:02.0390 3912	WudfPf ( UnsignedFile.Multi.Generic ) - warning
13:38:02.0390 3912	WudfPf - detected UnsignedFile.Multi.Generic (1)
13:38:02.0984 3912	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:38:03.0062 3912	WudfRd ( UnsignedFile.Multi.Generic ) - warning
13:38:03.0062 3912	WudfRd - detected UnsignedFile.Multi.Generic (1)
13:38:03.0750 3912	ZTEusbmdm6k     (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys
13:38:03.0968 3912	ZTEusbmdm6k - ok
13:38:04.0875 3912	ZTEusbnet       (9862f9d2ff50ae748ed42c022e6aac15) C:\WINDOWS\system32\DRIVERS\ZTEusbnet.sys
13:38:05.0453 3912	ZTEusbnet - ok
13:38:05.0953 3912	ZTEusbnmea      (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys
13:38:06.0125 3912	ZTEusbnmea - ok
13:38:06.0812 3912	ZTEusbser6k     (c2215c6ada8b1e9feb507cee9b446661) C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys
13:38:07.0359 3912	ZTEusbser6k - ok
13:38:07.0765 3912	ZTEusbvoice     (f16ce3c7690ab7426dc96520d54a737e) C:\WINDOWS\system32\DRIVERS\ZTEusbvoice.sys
13:38:07.0843 3912	ZTEusbvoice - ok
13:38:07.0906 3912	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
13:38:15.0328 3912	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:38:15.0328 3912	\Device\Harddisk0\DR0 - detected TDSS File System (1)
13:38:15.0343 3912	Boot (0x1200)   (40bcd8e6f2f0139cb678b33a81b69c9d) \Device\Harddisk0\DR0\Partition0
13:38:15.0375 3912	\Device\Harddisk0\DR0\Partition0 - ok
13:38:15.0390 3912	Boot (0x1200)   (3f699c253e720bf1c133bf5c8677d004) \Device\Harddisk0\DR0\Partition1
13:38:15.0406 3912	\Device\Harddisk0\DR0\Partition1 - ok
13:38:15.0421 3912	Boot (0x1200)   (da1a02adade8306271a083cd40b32b7c) \Device\Harddisk0\DR0\Partition2
13:38:15.0453 3912	\Device\Harddisk0\DR0\Partition2 - ok
13:38:15.0453 3912	============================================================
13:38:15.0453 3912	Scan finished
13:38:15.0453 3912	============================================================
13:38:15.0578 3148	Detected object count: 10
13:38:15.0578 3148	Actual detected object count: 10
13:39:03.0015 3148	Afc ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:03.0015 3148	Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:39:03.0015 3148	HDAudBus ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:03.0015 3148	HDAudBus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:39:03.0015 3148	NIOC ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:03.0015 3148	NIOC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:39:03.0015 3148	ovt530 ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:03.0015 3148	ovt530 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:39:03.0031 3148	PQNTDrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:03.0031 3148	PQNTDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:39:03.0031 3148	Scutum50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:03.0031 3148	Scutum50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:39:03.0031 3148	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:03.0031 3148	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:39:03.0031 3148	WudfPf ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:03.0031 3148	WudfPf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:39:03.0031 3148	WudfRd ( UnsignedFile.Multi.Generic ) - skipped by user
13:39:03.0031 3148	WudfRd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:39:03.0031 3148	\Device\Harddisk0\DR0\TDLFS - deleted
13:39:03.0031 3148	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

mfG A.Vidal

cosinus · 06.01.2012, 15:08

Ja, du solltest aber neustarten und ein neues Log mit dem Tool machen

06.01.2012, 15:08	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	50 Euro Virus Ja, du solltest aber neustarten und ein neues Log mit dem Tool machen __________________ Logfiles bitte immer in CODE-Tags posten

50 Euro Virus

Plagegeister aller Art und deren Bekämpfung: 50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

50 Euro Virus

Ähnliche Themen: 50 Euro Virus

05.01.2012, 23:45	#12
A.Vidal	50 Euro Virus Vielen Dank nochmals für die Hilfe bis hierher mfG A.Vidal :-) Geändert von A.Vidal (06.01.2012 um 00:03 Uhr)