Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
mbam Trojaner gefunden

mbam Trojaner gefunden


Plagegeister aller Art und deren Bekämpfung: mbam Trojaner gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 3 1 2 3
Alt 30.01.2012, 13:54   #16
klein_lola
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


ich hab noch ein paar fragen und zwar
1. wo bekomme ich die windows vista cd/dvd her, bei meinem laptop kauf war keine dabei und hab jetz im netz gelesen, dass man nach dem 1. start ein backup des systems hätte machen müssen, gibts da jetz noch irgendne möglichkeit?

2. was macht/verursacht dieser trojaner auf meinem laptop?

3. was is mit meinen usb-stick etc.?

VG

Alt 30.01.2012, 13:59   #17
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


Du müsstest auch mal die Handbücher lesen, die bei deinem Computer beiliegen. Dann erübrigen sich solche bösen Überraschungen im Nachhinein.

Die anderen Fragen klären wir später, weil das tw. schon die übernächsten Schritt sind sind und du von deiner jetzigen Aufgabe abgelenkt wirst. Wenn wir durch sind, werde ich solche und andere Fragen beantworten.
__________________

__________________
Alt 31.01.2012, 16:36   #18
klein_lola
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


combofix dann aber wieder unter windows ausführen oder?
datensicherung läuft grad!
__________________
Alt 31.01.2012, 16:37   #19
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


Ja eine Windows-EXE läuft nicht nativ unter Linux!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 31.01.2012, 18:11   #20
klein_lola
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


jedes mal wenn ich combofix starte meint er das antivir desktop noch aktiv wäre und es probleme geben könnte, jedoch habe ich antivir schon vor einer weile deinstalliert. wenn ich den taskmanager starte um ihn zu beenden finde ich ihn nicht. soll ich combofix trotzdem ausführen?


Alt 31.01.2012, 20:58   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


Ja, dann kannste CF ausführen
__________________
--> mbam Trojaner gefunden

Alt 31.01.2012, 21:57   #22
klein_lola
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


also CF läuft jetz bei mir schon ne stunde..., is das normal? denn es regt sich auch nix aufm bildschirm......
"Suche nach infizierten Dateien....
Dies dauert normalerweise nicht länger als 10 Minuten.
Die Scanzeit für stark infizierte Rechner kann sich leicht verdoppeln."
aber es wirkt als würde er noch arbeiten

Alt 31.01.2012, 22:18   #23
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


Ja dann warte noch etwas ab bitte...
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.02.2012, 16:44   #24
klein_lola
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


musste CF gestern abbrechen, da nach 2h immer noch nix passiert war.
ich lasse es grad nochmal laufen und poste den logfile dann, aber hab grad bei beenden von MSE im Taskmanager einen prozess gefunden. der hieß "MsMpEng.exe" Antimalware Service Executable.
als ich ihn beendet hab, kam er nach ein paar sekunden immer wieder!
klingt verdächtig oder???

Alt 02.02.2012, 06:23   #25
klein_lola
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


Also ich habe CF jetz sogar übernacht laufen lassen (12h) und es is kein ergebnis gekommen, aber das system hat sich auch nicht aufgehangen oder so. es kam nur folgende fehlermeldung "windows media center store-upadate-manager funktioniert nicht mehr".
was soll ich da nun tun???

Alt 02.02.2012, 13:49   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


Starte Windows neu, lösch die alte combofix.exe, lade CF neu runter und probier es bitte nochmal aber im abgesicherten Modus mit Netzwerk
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.02.2012, 13:13   #27
klein_lola
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


so..., nun hab ich alles gemacht was du gesagt hast und hab CF seit gestern abend 22uhr im abgesicherten modus, mit netzwerk laufen lassen und wieder is nix passiert. ich halt wieder sagen das es gewirkt hat als würde er noch arbeiten, da auch der Strich " - " im fenster weiter geblinkt hat. wie gehts jetz weiter???

Alt 03.02.2012, 13:48   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


Hmpf, dann geht CF nicht...

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.02.2012, 16:17   #29
klein_lola
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


hier OTL-logfile:
Code:
ATTFilter
OTL logfile created on: 03.02.2012 15:41:35 - Run 8
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Lola\Desktop\André\SystemSicherheit\TrojanerBoard
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 55,19% Memory free
4,21 Gb Paging File | 3,31 Gb Available in Paging File | 78,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140,11 Gb Total Space | 15,59 Gb Free Space | 11,13% Space Free | Partition Type: NTFS
 
Computer Name: LOLA-PC | User Name: Lola | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.22 21:23:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lola\Desktop\André\SystemSicherheit\TrojanerBoard\OTL.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009.04.11 07:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.04.04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2007.07.24 18:26:38 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007.06.15 11:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006.11.02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.06.30 02:07:56 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008.04.04 18:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service)
SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.07.24 18:26:38 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007.07.05 18:12:52 | 000,292,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007.02.25 20:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.11.11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007.07.07 01:10:36 | 002,591,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007.06.30 12:04:34 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007.06.27 18:29:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007.06.16 01:17:13 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007.06.06 01:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007.05.30 19:14:58 | 000,016,640 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007.04.24 18:36:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007.04.24 12:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.04.20 01:01:10 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007.04.20 01:01:10 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007.03.01 15:53:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.02.13 18:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006.11.20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.06 09:29:32 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.08.01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005.02.11 10:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.02.11 10:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.02.11 10:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2005.01.06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7C 55 40 99 EF B1 CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.groupon.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Lola\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lola\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lola\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.03.09 15:01:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.11 16:42:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.02 20:22:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.14 14:42:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{A89AED22-9133-424c-88E7-C8235C5FF302}: C:\Program Files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\
 
[2009.06.19 19:28:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lola\AppData\Roaming\mozilla\Extensions
[2012.01.27 20:16:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions
[2012.01.09 17:47:12 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.07.16 12:30:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.09 17:46:59 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.04.01 09:48:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lola\AppData\Roaming\mozilla\Firefox\Profiles\qvdnm9g2.default\extensions\engine@conduit.com
[2010.07.27 20:14:08 | 000,000,873 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\conduit.xml
[2009.02.02 09:53:50 | 000,001,632 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\live-search.xml
[2010.11.03 18:30:51 | 000,002,057 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\Mozilla\Firefox\Profiles\qvdnm9g2.default\searchplugins\youtube-videosuche.xml
[2012.01.26 18:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012.01.26 18:09:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\LOLA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVDNM9G2.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.02 20:22:26 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.01.26 18:08:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.21 11:08:41 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.01.02 20:22:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.02 20:22:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.01.02 20:22:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.02 20:22:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.02 20:22:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.02 20:22:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
CHR - default_search_provider: suggest_url = 
 
Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20090921024610 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1225017435 (Image Uploader Control)
O16 - DPF: {741747F6-83B4-4FB9-A268-8CA4010762C8} hxxp://www3.snapfish.de/SnapfishActivia2.cab (Snapfish Activia2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33FE9BC3-FC54-4248-B154-2B975A9721AA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8D3B9EF-A0AB-41E2-979F-2C01C0F80089}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) -  File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO CR Wallpaper Pink 1280x800.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO CR Wallpaper Pink 1280x800.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk - C:\PROGRA~1\Toshiba\BLUETO~1\TosBtMng.exe - (TOSHIBA CORPORATION.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Magic-i Visual Effects.lnk - C:\PROGRA~1\ArcSoft\MAGIC-~1\MAGIC-~1.EXE - (ArcSoft, Inc.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scrybe.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: AdVantage Setup - hkey= - key= -  File not found
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= -  File not found
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Easy-PrintToolBox - hkey= - key= - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
MsConfig - StartUpReg: fssui - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= -  File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\Lola\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: MBBalloon - hkey= - key= -  File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: PPort11reminder - hkey= - key= - C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= -  File not found
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= -  File not found
MsConfig - StartUpReg: swg - hkey= - key= -  File not found
MsConfig - StartUpReg: Symantec PIF AlertEng - hkey= - key= -  File not found
MsConfig - StartUpReg: SynTPEnh - hkey= - key= -  File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: klmdb.sys - Driver
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: klmdb.sys - Driver
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.I263 - C:\Windows\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.02 21:55:00 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012.02.02 21:49:47 | 004,395,020 | R--- | C] (Swearware) -- C:\Users\Lola\Desktop\ComboFix.exe
[2012.01.31 17:56:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.27 20:26:06 | 000,000,000 | ---D | C] -- C:\Users\Lola\AppData\Local\fotokasten comfort
[2012.01.27 16:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.01.27 16:19:01 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Lola\Desktop\esetsmartinstaller_enu.exe
[2012.01.26 18:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.26 15:44:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.26 15:44:23 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.26 15:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.24 22:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.01.22 22:08:29 | 000,100,864 | ---- | C] (GMER) -- C:\kxldapow.sys
[2012.01.04 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\Lola\AppData\Roaming\pdfforge
[2012.01.04 17:27:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.01.04 17:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[1 C:\Users\Lola\AppData\Roaming\*.tmp files -> C:\Users\Lola\AppData\Roaming\*.tmp -> ]
[1 C:\Users\Lola\AppData\Local\*.tmp files -> C:\Users\Lola\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.03 15:44:17 | 000,634,352 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.03 15:44:17 | 000,601,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.03 15:44:17 | 000,128,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.03 15:44:17 | 000,105,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.03 15:40:19 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.03 15:36:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.03 15:36:26 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.03 15:36:26 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.03 15:36:18 | 2135,359,488 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.03 15:35:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.02 21:50:05 | 004,395,020 | R--- | M] (Swearware) -- C:\Users\Lola\Desktop\ComboFix.exe
[2012.02.02 05:53:11 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000UA.job
[2012.02.01 19:53:07 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2758217544-4115683230-4201137011-1000Core.job
[2012.01.31 16:02:09 | 000,088,160 | ---- | M] () -- C:\Users\Lola\Desktop\bookmarks-2012-01-31.json
[2012.01.27 16:18:58 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Lola\Desktop\esetsmartinstaller_enu.exe
[2012.01.26 16:14:24 | 000,002,631 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Office Word 2007.lnk
[2012.01.26 15:54:35 | 000,002,037 | ---- | M] () -- C:\Users\Lola\Desktop\Google Chrome.lnk
[2012.01.24 22:40:23 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.01.22 22:15:44 | 000,002,032 | ---- | M] () -- C:\Users\Lola\AppData\Local\d3d9caps.dat
[2012.01.22 22:12:24 | 131,775,807 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.22 22:08:29 | 000,100,864 | ---- | M] (GMER) -- C:\kxldapow.sys
[2012.01.22 21:25:35 | 000,000,000 | ---- | M] () -- C:\Users\Lola\defogger_reenable
[2012.01.22 17:12:42 | 000,000,000 | ---- | M] () -- C:\Users\Lola\AppData\Local\{2DC0DC1F-7795-48EB-951D-D3D8B60F1C81}
[2012.01.22 17:06:16 | 000,000,000 | ---- | M] () -- C:\Users\Lola\AppData\Local\{AB681BC9-38AD-40E0-A129-E51516C14CF8}
[2012.01.20 09:09:56 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.01.20 09:04:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.01.20 09:04:16 | 000,155,136 | ---- | M] () -- C:\Users\Lola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.17 20:53:04 | 000,002,735 | ---- | M] () -- C:\Users\Lola\Desktop\Microsoft Office Outlook 2007.lnk
[2012.01.17 20:37:06 | 000,225,123 | ---- | M] () -- C:\Users\Lola\Documents\Flug Melbourne.xps
[2012.01.15 15:15:18 | 000,000,098 | ---- | M] () -- C:\Windows\WirelessFTP.INI
[2012.01.04 17:18:22 | 000,001,899 | ---- | M] () -- C:\Users\Lola\Desktop\Netzwerk.lnk
[1 C:\Users\Lola\AppData\Roaming\*.tmp files -> C:\Users\Lola\AppData\Roaming\*.tmp -> ]
[1 C:\Users\Lola\AppData\Local\*.tmp files -> C:\Users\Lola\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.03 15:36:18 | 2135,359,488 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.31 16:02:09 | 000,088,160 | ---- | C] () -- C:\Users\Lola\Desktop\bookmarks-2012-01-31.json
[2012.01.24 22:28:29 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.01.24 22:18:10 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.01.22 22:05:50 | 131,775,807 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.22 21:25:35 | 000,000,000 | ---- | C] () -- C:\Users\Lola\defogger_reenable
[2012.01.22 17:12:42 | 000,000,000 | ---- | C] () -- C:\Users\Lola\AppData\Local\{2DC0DC1F-7795-48EB-951D-D3D8B60F1C81}
[2012.01.22 17:06:16 | 000,000,000 | ---- | C] () -- C:\Users\Lola\AppData\Local\{AB681BC9-38AD-40E0-A129-E51516C14CF8}
[2012.01.17 20:37:02 | 000,225,123 | ---- | C] () -- C:\Users\Lola\Documents\Flug Melbourne.xps
[2012.01.04 17:27:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.01.04 17:15:10 | 000,001,899 | ---- | C] () -- C:\Users\Lola\Desktop\Netzwerk.lnk
[2011.12.03 19:47:04 | 000,000,036 | ---- | C] () -- C:\Users\Lola\AppData\Roaming\blckdom.res
[2011.05.02 18:14:53 | 000,000,061 | ---- | C] () -- C:\Windows\dcmvwr.INI
[2011.03.16 15:10:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.03.16 15:10:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.03.16 15:10:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.03.16 15:10:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.03.16 15:10:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.01.29 10:13:28 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2011.01.26 16:45:18 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011.01.26 16:45:16 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.01.26 16:41:00 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.11.03 08:59:57 | 000,171,288 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010.10.02 09:39:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2010.10.02 09:39:18 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2010.10.02 09:39:18 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2010.10.02 09:39:17 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2010.10.02 09:39:17 | 000,000,335 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2010.10.02 09:38:18 | 000,032,768 | ---- | C] () -- C:\Windows\System32\osclpthread.dll
[2010.06.14 17:30:52 | 000,003,766 | ---- | C] () -- C:\Windows\scad3.INI
[2009.12.21 16:43:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.21 16:43:49 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.10.17 15:51:17 | 000,000,098 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009.10.05 11:02:43 | 000,221,291 | ---- | C] () -- C:\Windows\Imei_dll.dll
[2009.10.05 11:02:43 | 000,040,960 | ---- | C] () -- C:\Windows\Sublock.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.05.12 10:38:38 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008.12.04 00:30:10 | 000,000,151 | ---- | C] () -- C:\Windows\PhotoSnapViewer.INI
[2008.12.02 12:57:15 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008.11.25 18:16:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.11.25 10:36:43 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.11.25 10:36:27 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.11.18 11:00:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.10.16 20:16:44 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008.10.13 15:48:59 | 000,091,923 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.10.13 15:48:59 | 000,076,956 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.10.13 15:48:59 | 000,039,121 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.10.13 15:48:59 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat
[2008.03.09 15:01:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.01.22 10:14:36 | 000,972,072 | ---- | C] () -- C:\Windows\UNNeroMediaHome.exe
[2008.01.02 21:38:23 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2008.01.02 21:33:14 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS64.DLL
[2007.12.31 13:34:35 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.12.30 18:38:28 | 004,590,949 | ---- | C] () -- C:\Users\Lola\AppData\Roaming\UserTile.png
[2007.12.28 21:31:27 | 000,155,136 | ---- | C] () -- C:\Users\Lola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.28 21:31:25 | 000,002,032 | ---- | C] () -- C:\Users\Lola\AppData\Local\d3d9caps.dat
[2007.09.08 02:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007.08.13 23:00:50 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007.08.13 23:00:50 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007.08.13 23:00:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007.08.13 23:00:49 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.08.13 23:00:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.08.13 23:00:48 | 000,145,050 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.08.13 13:46:45 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007.08.13 04:25:16 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007.08.03 14:04:08 | 000,972,072 | ---- | C] () -- C:\Windows\UNRecode.exe
[2007.08.03 13:58:48 | 000,972,072 | ---- | C] () -- C:\Windows\UNNeroVision.exe
[2007.03.20 20:22:04 | 000,972,336 | ---- | C] () -- C:\Windows\UNNeroBackItUp.exe
[2007.02.28 15:41:02 | 000,972,336 | ---- | C] () -- C:\Windows\UNNeroShowTime.exe
[2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 16:33:31 | 000,634,352 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,128,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,454,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,601,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,105,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2005.04.28 05:22:34 | 000,831,488 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005.04.28 05:22:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000081.DLL
[1999.04.29 22:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2010.02.20 12:36:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\CoSoSys
[2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools
[2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools Lite
[2011.07.21 16:44:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoft
[2011.07.21 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.28 10:38:36 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Facebook
[2011.03.21 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Foxit
[2011.09.24 09:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\GoPal Assistant
[2008.01.02 21:38:54 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\ICQ Toolbar
[2008.09.05 13:20:40 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\InterVideo
[2011.12.03 19:46:57 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\kock
[2009.01.29 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Leadertech
[2009.10.05 11:02:33 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\LG Electronics
[2008.11.25 10:40:07 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\MAGIX
[2012.01.04 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\pdfforge
[2011.10.15 09:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\SmartDraw
[2009.08.05 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Snapfish
[2011.12.06 20:43:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Synaptics
[2007.12.29 13:37:26 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\temp
[2011.12.17 10:07:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Thunderbird
[2011.12.03 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\UAs
[2008.10.10 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Ulead Systems
[2011.12.03 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\xmldm
[2012.02.02 21:41:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.05.29 09:55:55 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Adobe
[2009.08.21 18:57:25 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Ahead
[2010.11.03 08:59:45 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Apple Computer
[2008.11.25 10:28:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\ArcSoft
[2008.11.24 21:34:38 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\AVS4YOU
[2011.01.28 08:25:40 | 000,000,000 | R--D | M] -- C:\Users\Lola\AppData\Roaming\Brother
[2010.02.20 12:36:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\CoSoSys
[2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools
[2009.09.12 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DAEMON Tools Lite
[2010.06.06 19:18:26 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DivX
[2011.09.21 19:41:44 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\dvdcss
[2011.07.21 16:44:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoft
[2011.07.21 16:44:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.28 10:38:36 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Facebook
[2011.03.21 11:08:53 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Foxit
[2007.12.29 13:40:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Google
[2011.09.24 09:37:14 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\GoPal Assistant
[2008.01.02 21:38:54 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\ICQ Toolbar
[2007.08.13 13:10:34 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Identities
[2007.08.13 15:04:23 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\InstallShield
[2008.09.05 13:20:40 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\InterVideo
[2011.12.03 19:46:57 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\kock
[2009.01.29 10:41:04 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Leadertech
[2009.10.05 11:02:33 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\LG Electronics
[2007.08.14 09:26:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Macromedia
[2008.11.25 10:40:07 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\MAGIX
[2011.03.13 20:15:57 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Media Center Programs
[2011.05.29 09:55:55 | 000,000,000 | --SD | M] -- C:\Users\Lola\AppData\Roaming\Microsoft
[2007.12.31 13:29:52 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Microsoft Web Folders
[2009.06.19 19:28:46 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Mozilla
[2012.01.04 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\pdfforge
[2011.10.29 21:27:37 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Skype
[2011.10.29 15:00:31 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\skypePM
[2011.10.15 09:45:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\SmartDraw
[2009.08.05 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Snapfish
[2008.02.03 19:56:52 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Sony Corporation
[2008.01.19 14:35:31 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Symantec
[2011.12.06 20:43:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Synaptics
[2007.12.29 13:37:26 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\temp
[2011.12.17 10:07:56 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Thunderbird
[2011.12.03 19:49:06 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\UAs
[2008.10.10 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\Ulead Systems
[2011.10.23 17:28:16 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\vlc
[2008.02.03 18:45:11 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\WinRAR
[2011.12.03 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Lola\AppData\Roaming\xmldm
 
< %APPDATA%\*.exe /s >
[2010.06.28 10:38:36 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\Lola\AppData\Roaming\Facebook\uninstall.exe
[2011.09.25 14:44:31 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\0B65B083-694A-4E3E-8F06-6E9DD7493672\AutoRunCE.exe
[2011.09.25 14:44:35 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\0B65B083-694A-4E3E-8F06-6E9DD7493672\1\module.exe
[2011.09.25 14:43:50 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\1E7717FD-79BC-4600-97C8-98DA58814DF3\AutoRunCE.exe
[2011.09.25 14:43:59 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\1E7717FD-79BC-4600-97C8-98DA58814DF3\1\module.exe
[2011.09.25 14:44:58 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\2CFAE8CE-5D2C-42C3-9161-12F15A6B7711\AutoRunCE.exe
[2011.09.25 14:45:01 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\2CFAE8CE-5D2C-42C3-9161-12F15A6B7711\1\module.exe
[2011.09.25 14:44:16 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\2D2D7328-687E-4B19-AC40-A348045A684F\AutoRunCE.exe
[2011.09.25 14:44:19 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\2D2D7328-687E-4B19-AC40-A348045A684F\1\module.exe
[2011.09.25 14:44:10 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\4E54CB56-FD7E-4455-B0C8-B49566BBBFDD\AutoRunCE.exe
[2011.09.25 14:44:15 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\4E54CB56-FD7E-4455-B0C8-B49566BBBFDD\1\module.exe
[2011.09.25 14:44:55 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\697F52C2-B029-4B07-95A0-97C5204A1EAA\AutoRunCE.exe
[2011.09.25 14:44:57 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\697F52C2-B029-4B07-95A0-97C5204A1EAA\1\module.exe
[2011.09.25 14:44:26 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\72E2D4FF-45AD-412E-BFCF-56BC9C389A07\AutoRunCE.exe
[2011.09.25 14:44:30 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\72E2D4FF-45AD-412E-BFCF-56BC9C389A07\1\module.exe
[2011.09.25 14:44:37 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\89AC976A-E0B3-4B6E-B208-E1C177776D2B\AutoRunCE.exe
[2011.09.25 14:44:40 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\89AC976A-E0B3-4B6E-B208-E1C177776D2B\1\module.exe
[2011.09.25 14:44:49 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\8DFA0A1F-3D03-435A-9081-1A8B9E7C59D8\AutoRunCE.exe
[2011.09.25 14:44:52 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\8DFA0A1F-3D03-435A-9081-1A8B9E7C59D8\1\module.exe
[2011.09.25 14:47:53 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\9ED4F986-2082-496F-8C7B-994612E8AF52\AutoRunCE.exe
[2011.09.25 14:48:07 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\9ED4F986-2082-496F-8C7B-994612E8AF52\1\module.exe
[2011.09.25 14:44:21 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\A5A79E90-FA5C-4145-85F8-1289612CB21D\AutoRunCE.exe
[2011.09.25 14:44:24 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\A5A79E90-FA5C-4145-85F8-1289612CB21D\1\module.exe
[2011.09.25 14:45:01 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\B6E6FB59-5F02-4AB3-8FE7-41596354010B\AutoRunCE.exe
[2011.09.25 14:45:04 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\B6E6FB59-5F02-4AB3-8FE7-41596354010B\1\module.exe
[2011.09.25 14:44:53 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\B9A18AA9-6BAE-44C0-9BD5-E86B8422AF02\AutoRunCE.exe
[2011.09.25 14:44:54 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\B9A18AA9-6BAE-44C0-9BD5-E86B8422AF02\1\module.exe
[2011.09.25 14:45:04 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\BD98DB02-93F7-439C-AB1F-A1EA7424AEED\AutoRunCE.exe
[2011.09.25 14:45:07 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\BD98DB02-93F7-439C-AB1F-A1EA7424AEED\1\module.exe
[2011.09.25 14:44:41 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\E0CB5E85-A116-4D73-B1DB-71658CB6A3E0\AutoRunCE.exe
[2011.09.25 14:44:44 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\E0CB5E85-A116-4D73-B1DB-71658CB6A3E0\1\module.exe
[2011.09.25 14:45:07 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\E1B8ABA8-CFD4-4331-821F-4621FDB92245\AutoRunCE.exe
[2011.09.25 14:45:11 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\E1B8ABA8-CFD4-4331-821F-4621FDB92245\1\module.exe
[2011.09.25 14:44:00 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\E53E67CC-71F0-44FB-A42D-EA7F6B4BDAE3\AutoRunCE.exe
[2011.09.25 14:44:03 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\E53E67CC-71F0-44FB-A42D-EA7F6B4BDAE3\1\module.exe
[2011.09.25 14:44:45 | 000,028,672 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\F88A580C-D2ED-416B-9ABE-E2EB81B03594\AutoRunCE.exe
[2011.09.25 14:44:48 | 000,057,856 | ---- | M] () -- C:\Users\Lola\AppData\Roaming\GoPal Assistant\Library\F88A580C-D2ED-416B-9ABE-E2EB81B03594\1\module.exe
[2008.12.02 07:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Templates\I\UninstallMSI.exe
[2008.12.01 12:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Templates\I\UninstallMSI32.exe
[2008.12.01 12:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Templates\I\UninstallMSI64.exe
[2009.03.20 06:09:32 | 001,360,008 | R--- | M] () -- C:\Users\Lola\AppData\Roaming\Microsoft\Windows\Templates\I\USBAutoRun.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.14 10:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.14 10:53:06 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.14 10:53:05 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.08.13 14:11:30 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.08.13 14:11:31 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB10488$] ->  -> Unknown point type

< End of report >

Alt 04.02.2012, 13:22   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
mbam Trojaner gefunden - Standard

mbam Trojaner gefunden


Zitat:
[C:\Windows\$NtUninstallKB10488$] -> -> Unknown point type
ZeroAccess scheint noch aktiv zu sein. CF läuft leider nicht, ich denke du solltest deine Daten sichern falls noch nciht gemacht und dem Artikel zur Neuinstallation folgen
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu mbam Trojaner gefunden
0x00000001, adobe, avira, bho, bonjour, canon, converter, defender, downloader, emsisoft, emsisoft anti-malware, error, explorer, firefox, format, google earth, helper, home, langs, microsoft office word, mozilla thunderbird, mp3, plug-in, realtek, registry, required, rojaner gefunden, rundll, safer networking, senden, software, studio, symantec, temp, trojaner, trojaner gefunden, version=1.0, virus, vista, winlogon.exe


« Ratlos! Westernunion lässt sich nicht als Startseite entfernen | leider auch "Windows aus Sicherheitsgründen blockiert" bzw. win32/ransom.EJ gefunden »


Ähnliche Themen: mbam Trojaner gefunden


  1. Mbam hat Virus gefunden
    Log-Analyse und Auswertung - 08.02.2015 (9)
  2. Mbam hat virus gefunden
    Plagegeister aller Art und deren Bekämpfung - 12.01.2015 (10)
  3. Mit mbam mehrere Bedrohungen gefunden.
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (13)
  4. Win 7 64bit: stark nachlassende Systemleistung (Ruckeln, Standbilder) (Trojaner S.Protector mit MBAM gefunden)
    Log-Analyse und Auswertung - 26.03.2014 (11)
  5. MBAM hat Trojaner gefunden: C:\...\WebTect\trzF037.tmp (Trojan.SProtector)
    Log-Analyse und Auswertung - 14.02.2014 (9)
  6. MBAM hat über 200 infizierte Dateien und co gefunden...
    Log-Analyse und Auswertung - 22.09.2013 (9)
  7. Windows 7: Funde mit MBAM / entrusted toolbar gefunden
    Log-Analyse und Auswertung - 15.09.2013 (9)
  8. Windows 7: PUP.Optional.OpenCandy von MBAM gefunden
    Plagegeister aller Art und deren Bekämpfung - 14.08.2013 (9)
  9. MBAM hat einen Trojaner namens Trojan.Autorun gefunden
    Log-Analyse und Auswertung - 06.08.2013 (13)
  10. An 22 Stellen pup.loadtubes bei Scan mit MBAM gefunden
    Log-Analyse und Auswertung - 08.02.2013 (25)
  11. PUP.Blabbers gefunden mit mbam
    Log-Analyse und Auswertung - 07.01.2013 (10)
  12. Nach dem Scan mit mbam einen Rootkit.Agent gefunden
    Log-Analyse und Auswertung - 22.07.2012 (2)
  13. MBAM hat 3x PUM.Hijack.Startmenu/Help bei XP mit SP3 gefunden!
    Log-Analyse und Auswertung - 17.11.2011 (6)
  14. backdoor.agent von mbam gefunden (hh.exe)
    Plagegeister aller Art und deren Bekämpfung - 02.02.2011 (24)
  15. MBAM Log hat einiges gefunden, löschen oder nicht?
    Log-Analyse und Auswertung - 14.07.2010 (19)
  16. Mbam: Backdoor.bot in Registry gefunden
    Log-Analyse und Auswertung - 23.09.2009 (12)
  17. sysrest.sys (Rootkit.Agent) von MBAM gefunden
    Plagegeister aller Art und deren Bekämpfung - 23.08.2009 (22)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema mbam Trojaner gefunden - ich hab noch ein paar fragen und zwar 1. wo bekomme ich die windows vista cd/dvd her, bei meinem laptop kauf war keine dabei und hab jetz im netz gelesen, - mbam Trojaner gefunden...
Archiv
Du betrachtest: mbam Trojaner gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131