Ich habe mir auch den 50 Euro Virus eingefangen. Was tun?

lena-laura · 05.02.2012, 22:40

Hallo zu später Stund,

auch ich habe mir leider den 50 Euro Virus eingefangen. habe auch schon den scan gemacht. leider weiß ich nicht, wie ich das seperat einfügen kann und habe es jetzt hier rein kopiert. im anhang ist der "extras.txt" .
wie auch viele andere hier, bekomme ich die meldung dass das windows system blockiert ist. 1000000 dank im voraus!
Hier der OTL Logfile

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 05.02.2012 19:52:41 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\lena-laura\Downloads
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,56% Memory free
3,98 Gb Paging File | 3,55 Gb Available in Paging File | 89,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 30,18 Gb Free Space | 37,73% Space Free | Partition Type: NTFS
Drive D: | 59,03 Gb Total Space | 3,81 Gb Free Space | 6,46% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: lena-laura | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.05 19:34:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lena-laura\Downloads\OTL(2).exe
PRC - [2012.02.05 00:44:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.05 00:44:11 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.09.29 10:19:56 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (NMIndexingService)
SRV - [2011.07.05 14:08:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.12 18:31:26 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009.08.18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:33 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\iprip.dll -- (iprip)
SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.07.14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.05 14:08:07 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.05 14:08:07 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.08.20 03:43:40 | 000,583,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2010.08.20 03:43:08 | 000,840,704 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009.10.05 08:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.27 08:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009.07.20 10:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2005.08.17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.T-Mobile.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://asus.msn.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://asus.msn.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.T-Mobile.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.T-Mobile.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://asus.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lena-laura\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lena-laura\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\lena-laura\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.17 19:24:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.05 00:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.24 09:20:59 | 000,000,000 | ---D | M]
 
[2011.05.12 18:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lena-laura\AppData\Roaming\mozilla\Extensions
[2011.06.05 01:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions
[2011.11.10 01:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.13 03:42:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.05 00:44:12 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 10:19:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.04.23 15:07:10 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.11.10 01:17:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! Deutschland (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_Porsche = C:\Users\lena-laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_1\
CHR - Extension: Skype Click to Call = C:\Users\lena-laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\lena-laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FILSHtray] C:\Program Files\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Firefox helper] C:\Users\lena-laura\AppData\Local\Mozilla\Firefox\firefox.exe ()
O4 - Startup: C:\Users\lena-laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10D8D06D-13E7-46A5-AEC4-38C5609E3260}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{049ca162-d23b-11e0-a356-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{049ca162-d23b-11e0-a356-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3d6035cd-68dc-11e0-8259-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{3d6035cd-68dc-11e0-8259-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{4666dbe8-7cbd-11e0-986c-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{4666dbe8-7cbd-11e0-986c-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4666dc02-7cbd-11e0-986c-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{4666dc02-7cbd-11e0-986c-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{521546b0-aab6-11df-808c-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{521546b0-aab6-11df-808c-e0cb4eb0427f}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O33 - MountPoints2\{8f862723-3db4-11e0-81c7-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{8f862723-3db4-11e0-81c7-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a74b0db3-8526-11e0-8947-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{a74b0db3-8526-11e0-8947-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a74b0dc0-8526-11e0-8947-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{a74b0dc0-8526-11e0-8947-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dc49d409-20a3-11df-a859-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{dc49d409-20a3-11df-a859-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e156c5bf-cfa0-11e0-a7bc-001e101f7f74}\Shell - "" = AutoRun
O33 - MountPoints2\{e156c5bf-cfa0-11e0-a7bc-001e101f7f74}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e156c5c4-cfa0-11e0-a7bc-001e101f7f74}\Shell - "" = AutoRun
O33 - MountPoints2\{e156c5c4-cfa0-11e0-a7bc-001e101f7f74}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f13ede54-62a2-11e0-bd00-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{f13ede54-62a2-11e0-bd00-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.05 19:29:34 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012.02.02 18:30:00 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{B4B289B1-9E76-4A41-87EE-872E53342399}
[2012.01.28 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{060BCF3A-EF92-4C73-B053-A062A279A6DC}
[2012.01.28 09:19:45 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{3DB838EE-C94F-4ED6-AAB5-2563E7661750}
[2012.01.11 01:08:46 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{A3BC6859-796B-4F62-988F-5370FD3D3D52}
[2012.01.11 01:08:34 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{08BD80DA-A291-4CB3-AB5B-9E78D7A39A0B}
[2009.08.13 05:52:58 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\lena-laura\*.tmp files -> C:\Users\lena-laura\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.05 19:52:36 | 000,010,447 | ---- | M] () -- C:\Users\lena-laura\Documents\aw.odt
[2012.02.05 19:50:03 | 000,024,845 | ---- | M] () -- C:\Users\lena-laura\Documents\user.odt
[2012.02.05 19:41:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.02.05 09:42:46 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.05 09:42:46 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.05 00:17:00 | 000,001,140 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3837843822-382491344-1778226907-1000UA.job
[2012.02.04 23:44:41 | 000,013,352 | ---- | M] () -- C:\Users\lena-laura\Documents\4.2.odt
[2012.02.04 18:45:37 | 000,000,480 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for lena-laura.job
[2012.02.04 14:17:01 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3837843822-382491344-1778226907-1000Core.job
[2012.02.02 19:39:54 | 000,011,686 | ---- | M] () -- C:\Users\lena-laura\Documents\untermiet.odt
[2012.02.02 19:34:28 | 000,030,175 | ---- | M] () -- C:\Users\lena-laura\Documents\neu.pdf
[2012.02.02 19:34:04 | 000,030,178 | ---- | M] () -- C:\Users\lena-laura\Documents\unterie.pdf
[2012.02.02 18:52:34 | 000,033,930 | ---- | M] () -- C:\Users\lena-laura\Documents\mv.pdf
[2012.02.02 18:47:13 | 000,704,072 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.02.02 18:47:13 | 000,655,402 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.02.02 18:47:13 | 000,145,342 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.02.02 18:47:13 | 000,118,952 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.02.02 18:46:43 | 000,000,425 | ---- | M] () -- C:\windows\BRWMARK.INI
[2012.02.02 18:46:43 | 000,000,027 | ---- | M] () -- C:\windows\BRPP2KA.INI
[2012.02.02 18:45:55 | 000,033,750 | ---- | M] () -- C:\Users\lena-laura\Documents\mietverrtrag.pdf
[2012.01.22 05:24:58 | 000,011,660 | ---- | M] () -- C:\Users\lena-laura\Documents\step back.odt
[2012.01.09 20:06:00 | 000,026,775 | ---- | M] () -- C:\Users\lena-laura\Documents\lovew.odt
[2012.01.09 01:20:25 | 000,010,821 | ---- | M] () -- C:\Users\lena-laura\Documents\09.01.odt
[2012.01.08 00:24:56 | 000,012,436 | ---- | M] () -- C:\Users\lena-laura\Documents\07.01.odt
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\lena-laura\*.tmp files -> C:\Users\lena-laura\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.05 19:52:34 | 000,010,447 | ---- | C] () -- C:\Users\lena-laura\Documents\aw.odt
[2012.02.05 19:50:00 | 000,024,845 | ---- | C] () -- C:\Users\lena-laura\Documents\user.odt
[2012.02.04 23:44:39 | 000,013,352 | ---- | C] () -- C:\Users\lena-laura\Documents\4.2.odt
[2012.02.02 19:39:51 | 000,011,686 | ---- | C] () -- C:\Users\lena-laura\Documents\untermiet.odt
[2012.02.02 19:34:26 | 000,030,175 | ---- | C] () -- C:\Users\lena-laura\Documents\neu.pdf
[2012.02.02 19:32:29 | 000,030,178 | ---- | C] () -- C:\Users\lena-laura\Documents\unterie.pdf
[2012.02.02 18:52:31 | 000,033,930 | ---- | C] () -- C:\Users\lena-laura\Documents\mv.pdf
[2012.02.02 18:46:43 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012.02.02 18:46:43 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2012.02.02 18:45:53 | 000,033,750 | ---- | C] () -- C:\Users\lena-laura\Documents\mietverrtrag.pdf
[2012.01.22 05:24:47 | 000,011,660 | ---- | C] () -- C:\Users\lena-laura\Documents\step back.odt
[2012.01.09 01:20:23 | 000,010,821 | ---- | C] () -- C:\Users\lena-laura\Documents\09.01.odt
[2012.01.08 00:24:55 | 000,012,436 | ---- | C] () -- C:\Users\lena-laura\Documents\07.01.odt
[2011.10.20 13:30:59 | 000,000,000 | ---- | C] () -- C:\Users\lena-laura\AppData\Roaming\wklnhst.dat
[2011.03.20 11:12:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.05 00:59:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\StarOpen.sys
[2010.04.10 14:08:15 | 000,027,623 | ---- | C] () -- C:\Users\lena-laura\AppData\Roaming\UserTile.png
[2010.03.27 21:24:46 | 000,001,472 | ---- | C] () -- C:\Users\lena-laura\AppData\Local\RecConfig.xml
[2010.02.25 19:00:30 | 000,000,008 | R--- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010.02.25 18:51:01 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010.02.25 18:43:55 | 000,039,089 | ---- | C] () -- C:\windows\Ascd_log.ini
[2010.02.25 18:41:52 | 000,025,440 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2009.10.16 11:46:45 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2009.10.16 11:44:22 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009.10.16 11:41:37 | 000,004,692 | R--- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2009.07.14 09:47:43 | 000,704,072 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,145,342 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 05:33:53 | 000,351,440 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,655,402 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,118,952 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009.07.14 01:55:09 | 000,587,776 | ---- | C] () -- C:\windows\System32\hpotscl1.dll
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2011.01.16 21:38:40 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Alawar Entertainment
[2010.03.16 20:14:32 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\ICQ
[2010.03.28 18:55:02 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\No23
[2011.06.06 18:58:17 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\OpenOffice.org
[2011.11.08 04:36:03 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\PhotoScape
[2009.10.16 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\T-Mobile
[2011.03.19 10:11:50 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\T-Mobile Internet Manager
[2011.10.20 13:31:06 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Template
[2010.10.19 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\TitanicMystery
[2010.09.23 13:48:52 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\TMInc
[2010.10.22 18:39:19 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\TuneUp Software
[2010.09.04 13:34:17 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\V-Games
[2011.11.08 01:31:27 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Windows Live Writer
[2012.02.01 12:54:01 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.02.23 18:55:26 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.06.26 13:48:37 | 000,000,000 | ---D | M] -- C:\24f9b73c4ca54b0bfb344d5d22
[2009.06.15 07:14:32 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.01.03 05:13:20 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.02.23 18:53:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.31 18:52:22 | 000,000,000 | ---D | M] -- C:\inetpub
[2009.10.16 11:39:13 | 000,000,000 | ---D | M] -- C:\Intel
[2010.11.03 13:58:59 | 000,000,000 | R--D | M] -- C:\lena-laura-PC
[2009.10.16 11:49:38 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.30 17:06:38 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.12.12 12:59:05 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.02.23 18:53:15 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.02.23 18:53:15 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.29 19:22:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.13 03:41:48 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.05 19:29:34 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.02.05 20:04:27 | 002,359,296 | -HS- | M] () -- C:\Users\lena-laura\ntuser.dat
[2012.02.05 20:04:27 | 000,262,144 | -HS- | M] () -- C:\Users\lena-laura\ntuser.dat.LOG1
[2010.02.23 18:53:47 | 000,000,000 | -HS- | M] () -- C:\Users\lena-laura\ntuser.dat.LOG2
[2010.03.28 22:17:49 | 000,065,536 | -HS- | M] () -- C:\Users\lena-laura\ntuser.dat{26ee11ca-3a93-11df-b15e-e0cb4eb0427f}.TM.blf
[2010.03.28 22:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\lena-laura\ntuser.dat{26ee11ca-3a93-11df-b15e-e0cb4eb0427f}.TMContainer00000000000000000001.regtrans-ms
[2010.03.28 22:17:49 | 000,524,288 | -HS- | M] () -- C:\Users\lena-laura\ntuser.dat{26ee11ca-3a93-11df-b15e-e0cb4eb0427f}.TMContainer00000000000000000002.regtrans-ms
[2010.04.10 19:19:04 | 000,065,536 | -HS- | M] () -- C:\Users\lena-laura\ntuser.dat{4af22062-44a3-11df-b54e-e0cb4eb0427f}.TM.blf
[2010.04.10 19:19:04 | 000,524,288 | -HS- | M] () -- C:\Users\lena-laura\ntuser.dat{4af22062-44a3-11df-b54e-e0cb4eb0427f}.TMContainer00000000000000000001.regtrans-ms
[2010.04.10 19:19:04 | 000,524,288 | -HS- | M] () -- C:\Users\lena-laura\ntuser.dat{4af22062-44a3-11df-b54e-e0cb4eb0427f}.TMContainer00000000000000000002.regtrans-ms
[2010.02.23 16:05:20 | 000,065,536 | -HS- | M] () -- C:\Users\lena-laura\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.02.23 16:05:20 | 000,524,288 | -HS- | M] () -- C:\Users\lena-laura\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.02.23 16:05:20 | 000,524,288 | -HS- | M] () -- C:\Users\lena-laura\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2011.03.20 14:02:53 | 000,065,536 | -HS- | M] () -- C:\Users\lena-laura\ntuser.dat{d92befd9-520b-11e0-bd8e-e0cb4eb0427f}.TM.blf
[2011.03.20 14:02:53 | 000,524,288 | -HS- | M] () -- C:\Users\lena-laura\ntuser.dat{d92befd9-520b-11e0-bd8e-e0cb4eb0427f}.TMContainer00000000000000000001.regtrans-ms
[2011.03.20 14:02:53 | 000,524,288 | -HS- | M] () -- C:\Users\lena-laura\ntuser.dat{d92befd9-520b-11e0-bd8e-e0cb4eb0427f}.TMContainer00000000000000000002.regtrans-ms
[2009.07.14 05:53:59 | 000,000,020 | -HS- | M] () -- C:\Users\lena-laura\ntuser.ini
[1 C:\Users\lena-laura\*.tmp files -> C:\Users\lena-laura\*.tmp -> ]
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >

--- --- ---

cosinus · 05.02.2012, 23:55

Zitat:

Boot Mode: SafeMode with Networking |

na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

lena-laura · 06.02.2012, 14:52

Rest folgt demnächst.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.06.01

Windows 7 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
lena-laura :: PC [Administrator]

06.02.2012 12:55:34
mbam-log-2012-02-06 (12-55-34).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 282646
Laufzeit: 48 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Firefox helper (Trojan.Ransom) -> Daten: C:\Users\lena-laura\AppData\Local\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\lena-laura\AppData\Local\Mozilla\Firefox\firefox.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\lena-laura\AppData\Local\Temp\ms0cfg32.exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

lena-laura · 06.02.2012, 17:37

und hier nune der rest. habe hoffentlich alles richtig ausgeführt. und jetzt?

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=fdd479e945f09e42a96266792f8712a5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-06 04:31:06
# local_time=2012-02-06 05:31:06 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1797 16775166 100 94 871061 65073624 756334 0
# compatibility_mode=5893 16776574 66 85 80975378 80975378 0 0
# compatibility_mode=8192 67108863 100 0 4889 4889 0 0
# scanned=121604
# found=15
# cleaned=0
# scan_time=9233
C:\lena-laura-PC\Backup Set 2010-02-23 142257\Backup Files 2010-02-28 204508\Backup files 1.zip	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\lena-laura-PC\Backup Set 2010-03-28 200615\Backup Files 2010-03-28 200615\Backup files 1.zip	Win32/Adware.ADON application (unable to clean)	00000000000000000000000000000000	I
C:\Users\lena-laura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5e340a50-5927d2fe	a variant of Java/Agent.DP trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\lena-laura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\3e15a615-4eedc541	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\lena-laura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\6df5b9d6-348bee29	a variant of Java/Agent.DP trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\lena-laura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\363c805b-6fcf0aff	Java/Agent.DW trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\lena-laura\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\4be054ac-68b0d77a	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-01-08 190010\Backup Files 2012-01-08 190010\Backup files 10.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-01-08 190010\Backup Files 2012-01-16 022517\Backup files 1.zip	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-01-08 190010\Backup Files 2012-01-16 022517\Backup files 2.zip	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-01-08 190010\Backup Files 2012-01-16 022517\Backup files 3.zip	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-01-08 190010\Backup Files 2012-01-16 022517\Backup files 4.zip	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-01-08 190010\Backup Files 2012-01-16 022517\Backup files 5.zip	multiple threats (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-01-08 190010\Backup Files 2012-01-16 022517\Backup files 6.zip	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I
D:\pc\Backup Set 2012-01-08 190010\Backup Files 2012-01-16 022517\Backup files 7.zip	HTML/Iframe.B.Gen virus (unable to clean)	00000000000000000000000000000000	I

cosinus · 06.02.2012, 19:52

Funktioniert der normale Modus wieder?

lena-laura · 06.02.2012, 22:44

Jaaaa! Und bis jetzt kam auch keine Meldung Nur ist der Virus doch nicht verschwunden oder???

cosinus · 07.02.2012, 09:05

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

lena-laura · 07.02.2012, 10:48

OTL hängt sich ständig auf. Probiere es nochmal...ansonsten geh ich über den abgesicherten Modus....vielleicht klappt es da besser.

LG

lena-laura · 07.02.2012, 12:56

so, hier nun aber....hoffe alles korrekt so.

Code:

ATTFilter

OTL logfile created on: 07.02.2012 12:08:25 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\lena-laura\Downloads
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 67,47% Memory free
3,98 Gb Paging File | 3,47 Gb Available in Paging File | 87,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,00 Gb Total Space | 31,87 Gb Free Space | 39,84% Space Free | Partition Type: NTFS
Drive D: | 59,03 Gb Total Space | 3,81 Gb Free Space | 6,46% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: lena-laura | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.05 19:27:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\lena-laura\Downloads\OTL.exe
PRC - [2012.02.05 00:44:12 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.05 00:44:11 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.09.29 10:19:56 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (NMIndexingService)
SRV - [2011.07.05 14:08:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.12 18:31:26 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009.08.18 17:35:56 | 000,219,136 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:33 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\iprip.dll -- (iprip)
SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.07.14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.05 14:08:07 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.05 14:08:07 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.08.20 03:43:40 | 000,583,680 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2010.08.20 03:43:08 | 000,840,704 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009.10.05 08:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.07.27 08:06:46 | 000,051,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV - [2009.07.20 10:29:00 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2005.08.17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.T-Mobile.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://asus.msn.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://asus.msn.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.T-Mobile.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.T-Mobile.de
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://asus.msn.com [binary data]
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lena-laura\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lena-laura\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\lena-laura\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.17 19:24:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.05 00:44:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.24 09:20:59 | 000,000,000 | ---D | M]
 
[2011.05.12 18:36:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lena-laura\AppData\Roaming\mozilla\Extensions
[2011.06.05 01:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lena-laura\AppData\Roaming\mozilla\Firefox\Profiles\ztgpl636.default\extensions
[2011.11.10 01:17:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.13 03:42:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.05 00:44:12 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.09.29 10:19:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.04.23 15:07:10 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.11.10 01:17:16 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! Deutschland (Enabled)
CHR - default_search_provider: search_url = hxxp://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\lena-laura\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AT_Porsche = C:\Users\lena-laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_1\
CHR - Extension: Skype Click to Call = C:\Users\lena-laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\lena-laura\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FILSHtray] C:\Program Files\FILSHtray\FILSHtray.exe (FILSH Media GmbH)
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [HotKeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\lena-laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10D8D06D-13E7-46A5-AEC4-38C5609E3260}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18A4EB30-28E1-4E04-8664-4351C9AD8B76}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{049ca162-d23b-11e0-a356-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{049ca162-d23b-11e0-a356-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3d6035cd-68dc-11e0-8259-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{3d6035cd-68dc-11e0-8259-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{4666dbe8-7cbd-11e0-986c-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{4666dbe8-7cbd-11e0-986c-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4666dc02-7cbd-11e0-986c-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{4666dc02-7cbd-11e0-986c-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{521546b0-aab6-11df-808c-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{521546b0-aab6-11df-808c-e0cb4eb0427f}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O33 - MountPoints2\{8f862723-3db4-11e0-81c7-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{8f862723-3db4-11e0-81c7-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a74b0db3-8526-11e0-8947-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{a74b0db3-8526-11e0-8947-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a74b0dc0-8526-11e0-8947-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{a74b0dc0-8526-11e0-8947-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dc49d409-20a3-11df-a859-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{dc49d409-20a3-11df-a859-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e156c5bf-cfa0-11e0-a7bc-001e101f7f74}\Shell - "" = AutoRun
O33 - MountPoints2\{e156c5bf-cfa0-11e0-a7bc-001e101f7f74}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e156c5c4-cfa0-11e0-a7bc-001e101f7f74}\Shell - "" = AutoRun
O33 - MountPoints2\{e156c5c4-cfa0-11e0-a7bc-001e101f7f74}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f13ede54-62a2-11e0-bd00-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{f13ede54-62a2-11e0-bd00-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= -  File not found
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.06 14:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.06 12:44:59 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Roaming\Malwarebytes
[2012.02.06 12:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.06 12:44:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.06 12:44:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.02.06 12:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.05 19:29:34 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012.02.02 18:30:00 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{B4B289B1-9E76-4A41-87EE-872E53342399}
[2012.01.28 09:19:57 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{060BCF3A-EF92-4C73-B053-A062A279A6DC}
[2012.01.28 09:19:45 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{3DB838EE-C94F-4ED6-AAB5-2563E7661750}
[2012.01.11 01:08:46 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{A3BC6859-796B-4F62-988F-5370FD3D3D52}
[2012.01.11 01:08:34 | 000,000,000 | ---D | C] -- C:\Users\lena-laura\AppData\Local\{08BD80DA-A291-4CB3-AB5B-9E78D7A39A0B}
[2009.08.13 05:52:58 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\lena-laura\*.tmp files -> C:\Users\lena-laura\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.07 11:56:07 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012.02.07 11:55:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.02.07 11:55:23 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 11:55:23 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.07 11:54:45 | 000,012,006 | ---- | M] () -- C:\Users\lena-laura\Documents\1.odt
[2012.02.07 11:17:06 | 000,001,140 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3837843822-382491344-1778226907-1000UA.job
[2012.02.06 14:51:36 | 000,014,382 | ---- | M] () -- C:\Users\lena-laura\Documents\malware.odt
[2012.02.06 12:44:47 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.05 21:00:32 | 000,022,742 | ---- | M] () -- C:\Users\lena-laura\Documents\otl.exe text.odt
[2012.02.05 19:52:36 | 000,010,447 | ---- | M] () -- C:\Users\lena-laura\Documents\aw.odt
[2012.02.05 19:50:03 | 000,024,845 | ---- | M] () -- C:\Users\lena-laura\Documents\user.odt
[2012.02.04 23:44:41 | 000,013,352 | ---- | M] () -- C:\Users\lena-laura\Documents\4.2.odt
[2012.02.04 18:45:37 | 000,000,480 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for lena-laura.job
[2012.02.04 14:17:01 | 000,001,088 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3837843822-382491344-1778226907-1000Core.job
[2012.02.02 19:39:54 | 000,011,686 | ---- | M] () -- C:\Users\lena-laura\Documents\untermiet.odt
[2012.02.02 19:34:28 | 000,030,175 | ---- | M] () -- C:\Users\lena-laura\Documents\neu.pdf
[2012.02.02 19:34:04 | 000,030,178 | ---- | M] () -- C:\Users\lena-laura\Documents\unterie.pdf
[2012.02.02 18:52:34 | 000,033,930 | ---- | M] () -- C:\Users\lena-laura\Documents\mv.pdf
[2012.02.02 18:47:13 | 000,704,072 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.02.02 18:47:13 | 000,655,402 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.02.02 18:47:13 | 000,145,342 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.02.02 18:47:13 | 000,118,952 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.02.02 18:46:43 | 000,000,425 | ---- | M] () -- C:\windows\BRWMARK.INI
[2012.02.02 18:46:43 | 000,000,027 | ---- | M] () -- C:\windows\BRPP2KA.INI
[2012.02.02 18:45:55 | 000,033,750 | ---- | M] () -- C:\Users\lena-laura\Documents\mietverrtrag.pdf
[2012.01.22 05:24:58 | 000,011,660 | ---- | M] () -- C:\Users\lena-laura\Documents\step back.odt
[2012.01.09 20:06:00 | 000,026,775 | ---- | M] () -- C:\Users\lena-laura\Documents\lovew.odt
[2012.01.09 01:20:25 | 000,010,821 | ---- | M] () -- C:\Users\lena-laura\Documents\09.01.odt
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\lena-laura\*.tmp files -> C:\Users\lena-laura\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.07 11:54:43 | 000,012,006 | ---- | C] () -- C:\Users\lena-laura\Documents\1.odt
[2012.02.06 14:52:59 | 000,065,536 | ---- | C] () -- C:\windows\System32\Ikeext.etl
[2012.02.06 14:51:33 | 000,014,382 | ---- | C] () -- C:\Users\lena-laura\Documents\malware.odt
[2012.02.06 12:44:47 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.05 21:00:27 | 000,022,742 | ---- | C] () -- C:\Users\lena-laura\Documents\otl.exe text.odt
[2012.02.05 19:52:34 | 000,010,447 | ---- | C] () -- C:\Users\lena-laura\Documents\aw.odt
[2012.02.05 19:50:00 | 000,024,845 | ---- | C] () -- C:\Users\lena-laura\Documents\user.odt
[2012.02.04 23:44:39 | 000,013,352 | ---- | C] () -- C:\Users\lena-laura\Documents\4.2.odt
[2012.02.02 19:39:51 | 000,011,686 | ---- | C] () -- C:\Users\lena-laura\Documents\untermiet.odt
[2012.02.02 19:34:26 | 000,030,175 | ---- | C] () -- C:\Users\lena-laura\Documents\neu.pdf
[2012.02.02 19:32:29 | 000,030,178 | ---- | C] () -- C:\Users\lena-laura\Documents\unterie.pdf
[2012.02.02 18:52:31 | 000,033,930 | ---- | C] () -- C:\Users\lena-laura\Documents\mv.pdf
[2012.02.02 18:46:43 | 000,000,425 | ---- | C] () -- C:\windows\BRWMARK.INI
[2012.02.02 18:46:43 | 000,000,027 | ---- | C] () -- C:\windows\BRPP2KA.INI
[2012.02.02 18:45:53 | 000,033,750 | ---- | C] () -- C:\Users\lena-laura\Documents\mietverrtrag.pdf
[2012.01.22 05:24:47 | 000,011,660 | ---- | C] () -- C:\Users\lena-laura\Documents\step back.odt
[2012.01.09 01:20:23 | 000,010,821 | ---- | C] () -- C:\Users\lena-laura\Documents\09.01.odt
[2011.10.20 13:30:59 | 000,000,000 | ---- | C] () -- C:\Users\lena-laura\AppData\Roaming\wklnhst.dat
[2011.03.20 11:12:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.05 00:59:32 | 000,005,632 | ---- | C] () -- C:\windows\System32\StarOpen.sys
[2010.04.10 14:08:15 | 000,027,623 | ---- | C] () -- C:\Users\lena-laura\AppData\Roaming\UserTile.png
[2010.03.27 21:24:46 | 000,001,472 | ---- | C] () -- C:\Users\lena-laura\AppData\Local\RecConfig.xml
[2010.02.25 19:00:30 | 000,000,008 | R--- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010.02.25 18:51:01 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010.02.25 18:43:55 | 000,039,089 | ---- | C] () -- C:\windows\Ascd_log.ini
[2010.02.25 18:41:52 | 000,025,440 | ---- | C] () -- C:\windows\Ascd_tmp.ini
[2009.10.16 11:46:45 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2009.10.16 11:44:22 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2009.10.16 11:41:37 | 000,004,692 | R--- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2009.07.14 09:47:43 | 000,704,072 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,145,342 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 05:33:53 | 000,351,440 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,655,402 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,118,952 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009.07.14 01:55:09 | 000,587,776 | ---- | C] () -- C:\windows\System32\hpotscl1.dll
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2009.10.16 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\T-Mobile
[2009.10.16 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\T-Mobile
[2011.01.16 21:38:40 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Alawar Entertainment
[2010.03.16 20:14:32 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\ICQ
[2010.03.28 18:55:02 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\No23
[2011.06.06 18:58:17 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\OpenOffice.org
[2011.11.08 04:36:03 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\PhotoScape
[2009.10.16 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\T-Mobile
[2011.03.19 10:11:50 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\T-Mobile Internet Manager
[2011.10.20 13:31:06 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Template
[2010.10.19 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\TitanicMystery
[2010.09.23 13:48:52 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\TMInc
[2010.10.22 18:39:19 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\TuneUp Software
[2010.09.04 13:34:17 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\V-Games
[2011.11.08 01:31:27 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Windows Live Writer
[2012.02.01 12:54:01 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.02.23 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Adobe
[2010.02.28 12:59:10 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Ahead
[2011.01.16 21:38:40 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Alawar Entertainment
[2010.04.10 14:11:09 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Apple Computer
[2010.10.22 19:05:08 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Avira
[2011.06.17 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\DivX
[2010.11.02 14:49:37 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\dvdcss
[2010.02.24 09:04:30 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Google
[2010.03.16 20:14:32 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\ICQ
[2009.07.14 05:54:12 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Identities
[2009.10.16 11:43:29 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\InstallShield
[2009.10.16 11:49:24 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Macromedia
[2012.02.06 12:44:59 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Malwarebytes
[2011.10.20 13:30:58 | 000,000,000 | --SD | M] -- C:\Users\lena-laura\AppData\Roaming\Microsoft
[2011.05.12 18:36:26 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Mozilla
[2010.03.28 18:55:02 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\No23
[2011.06.06 18:58:17 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\OpenOffice.org
[2011.11.08 04:36:03 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\PhotoScape
[2012.02.07 11:55:06 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Skype
[2011.11.13 03:40:35 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\skypePM
[2009.10.16 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\T-Mobile
[2011.03.19 10:11:50 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\T-Mobile Internet Manager
[2011.10.20 13:31:06 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Template
[2010.10.19 22:12:10 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\TitanicMystery
[2010.09.23 13:48:52 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\TMInc
[2010.10.22 18:39:19 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\TuneUp Software
[2010.07.02 20:35:49 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\U3
[2010.09.04 13:34:17 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\V-Games
[2011.04.17 18:12:48 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\vlc
[2011.11.08 01:31:27 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Windows Live Writer
[2011.09.21 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\WinRAR
[2010.12.26 20:21:32 | 000,000,000 | ---D | M] -- C:\Users\lena-laura\AppData\Roaming\Yahoo!
 
< %APPDATA%\*.exe /s >
[2011.03.20 12:58:42 | 002,871,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\lena-laura\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2009.06.30 10:52:18 | 000,983,040 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\lena-laura\AppData\Roaming\T-Mobile Internet Manager\LiveUpdate.exe
[2009.06.23 15:43:40 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\lena-laura\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\lena-laura\AppData\Roaming\U3\1100520A2890C80C\cleanup.exe
[2008.05.02 09:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\lena-laura\AppData\Roaming\U3\1100520A2890C80C\Launchpad Removal.exe
[2008.05.04 15:02:26 | 004,603,904 | ---- | M] () -- C:\Users\lena-laura\AppData\Roaming\U3\1100520A2890C80C\LaunchPad.exe
[2007.10.23 08:44:48 | 000,054,584 | ---- | M] () -- C:\Users\lena-laura\AppData\Roaming\U3\1100520A2890C80C\U3AccessGrant.exe
[2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\lena-laura\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009.06.04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_4f144d6467fc7c22\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< End of report >

cosinus · 07.02.2012, 13:00

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.T-Mobile.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://asus.msn.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://asus.msn.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.T-Mobile.de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.T-Mobile.de
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://asus.msn.com [binary data]
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=gppc
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
CHR - default_search_provider: Yahoo! Deutschland (Enabled)
CHR - default_search_provider: search_url = http://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://de-sayt.ff.search.yahoo.com/gossip-de-sayt?output=fxjson&command={searchTerms}
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)
O7 - HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{049ca162-d23b-11e0-a356-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{049ca162-d23b-11e0-a356-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{3d6035cd-68dc-11e0-8259-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{3d6035cd-68dc-11e0-8259-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\LGAutoRun.exe
O33 - MountPoints2\{4666dbe8-7cbd-11e0-986c-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{4666dbe8-7cbd-11e0-986c-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4666dc02-7cbd-11e0-986c-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{4666dc02-7cbd-11e0-986c-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{521546b0-aab6-11df-808c-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{521546b0-aab6-11df-808c-e0cb4eb0427f}\Shell\AutoRun\command - "" = C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O33 - MountPoints2\{8f862723-3db4-11e0-81c7-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{8f862723-3db4-11e0-81c7-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a74b0db3-8526-11e0-8947-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{a74b0db3-8526-11e0-8947-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a74b0dc0-8526-11e0-8947-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{a74b0dc0-8526-11e0-8947-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dc49d409-20a3-11df-a859-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{dc49d409-20a3-11df-a859-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{e156c5bf-cfa0-11e0-a7bc-001e101f7f74}\Shell - "" = AutoRun
O33 - MountPoints2\{e156c5bf-cfa0-11e0-a7bc-001e101f7f74}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e156c5c4-cfa0-11e0-a7bc-001e101f7f74}\Shell - "" = AutoRun
O33 - MountPoints2\{e156c5c4-cfa0-11e0-a7bc-001e101f7f74}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f13ede54-62a2-11e0-bd00-e0cb4eb0427f}\Shell - "" = AutoRun
O33 - MountPoints2\{f13ede54-62a2-11e0-bd00-e0cb4eb0427f}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
:Files
C:\Users\lena-laura\AppData\Local\{*
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

lena-laura · 07.02.2012, 13:51

gemacht! ;-)

Code:

ATTFilter

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
C:\Program Files\Freecorder\prxtbFre0.dll moved successfully.
HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre0.dll not found.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Program Files\Freecorder\prxtbFre0.dll not found.
Registry value HKEY_USERS\S-1-5-21-3837843822-382491344-1778226907-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{049ca162-d23b-11e0-a356-e0cb4eb0427f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{049ca162-d23b-11e0-a356-e0cb4eb0427f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{049ca162-d23b-11e0-a356-e0cb4eb0427f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{049ca162-d23b-11e0-a356-e0cb4eb0427f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d6035cd-68dc-11e0-8259-e0cb4eb0427f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d6035cd-68dc-11e0-8259-e0cb4eb0427f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3d6035cd-68dc-11e0-8259-e0cb4eb0427f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3d6035cd-68dc-11e0-8259-e0cb4eb0427f}\ not found.
File E:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4666dbe8-7cbd-11e0-986c-e0cb4eb0427f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4666dbe8-7cbd-11e0-986c-e0cb4eb0427f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4666dbe8-7cbd-11e0-986c-e0cb4eb0427f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4666dbe8-7cbd-11e0-986c-e0cb4eb0427f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4666dc02-7cbd-11e0-986c-e0cb4eb0427f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4666dc02-7cbd-11e0-986c-e0cb4eb0427f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4666dc02-7cbd-11e0-986c-e0cb4eb0427f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4666dc02-7cbd-11e0-986c-e0cb4eb0427f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{521546b0-aab6-11df-808c-e0cb4eb0427f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{521546b0-aab6-11df-808c-e0cb4eb0427f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{521546b0-aab6-11df-808c-e0cb4eb0427f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{521546b0-aab6-11df-808c-e0cb4eb0427f}\ not found.
File C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f862723-3db4-11e0-81c7-e0cb4eb0427f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f862723-3db4-11e0-81c7-e0cb4eb0427f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f862723-3db4-11e0-81c7-e0cb4eb0427f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f862723-3db4-11e0-81c7-e0cb4eb0427f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a74b0db3-8526-11e0-8947-001e101fa1f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a74b0db3-8526-11e0-8947-001e101fa1f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a74b0db3-8526-11e0-8947-001e101fa1f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a74b0db3-8526-11e0-8947-001e101fa1f5}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a74b0dc0-8526-11e0-8947-001e101fa1f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a74b0dc0-8526-11e0-8947-001e101fa1f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a74b0dc0-8526-11e0-8947-001e101fa1f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a74b0dc0-8526-11e0-8947-001e101fa1f5}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc49d409-20a3-11df-a859-e0cb4eb0427f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc49d409-20a3-11df-a859-e0cb4eb0427f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc49d409-20a3-11df-a859-e0cb4eb0427f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dc49d409-20a3-11df-a859-e0cb4eb0427f}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e156c5bf-cfa0-11e0-a7bc-001e101f7f74}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e156c5bf-cfa0-11e0-a7bc-001e101f7f74}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e156c5bf-cfa0-11e0-a7bc-001e101f7f74}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e156c5bf-cfa0-11e0-a7bc-001e101f7f74}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e156c5c4-cfa0-11e0-a7bc-001e101f7f74}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e156c5c4-cfa0-11e0-a7bc-001e101f7f74}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e156c5c4-cfa0-11e0-a7bc-001e101f7f74}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e156c5c4-cfa0-11e0-a7bc-001e101f7f74}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f13ede54-62a2-11e0-bd00-e0cb4eb0427f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f13ede54-62a2-11e0-bd00-e0cb4eb0427f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f13ede54-62a2-11e0-bd00-e0cb4eb0427f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f13ede54-62a2-11e0-bd00-e0cb4eb0427f}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
========== FILES ==========
C:\Users\lena-laura\AppData\Local\{04C674E5-256C-4318-86D7-C4AA39D371E8} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{060BCF3A-EF92-4C73-B053-A062A279A6DC} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{08BD80DA-A291-4CB3-AB5B-9E78D7A39A0B} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{28364B75-A753-442C-AA4A-CE544BB25204} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{3DB838EE-C94F-4ED6-AAB5-2563E7661750} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{4A1BD709-18AE-4D55-BD12-F610CFEC0489} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{522B201C-10CD-4F67-B5D1-38F0ED960746} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{70C11C57-80CD-40B8-9619-DB82A0327F29} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{A0EAF7EF-7864-4FEF-AC62-5D545D25376C} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{A20E52D3-E913-4AB2-BE24-269D2E7D73DD} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{A3BC6859-796B-4F62-988F-5370FD3D3D52} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{ABEDB830-47AC-4EDD-B0EC-4D8AACE9C2CD} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{B4B289B1-9E76-4A41-87EE-872E53342399} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{C1454E11-D83C-4B3B-84AB-CF70F779821F} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{CBF490A0-99F8-4A56-B381-2A7C39DEEC51} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{D461E0F6-4953-46F5-A05B-8F4B84FFCB2D} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{E7BBC0E5-C35A-4550-AD92-E5026FAC4863} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{EB10CBD0-A225-4A03-A464-41A330C1BC7F} folder moved successfully.
C:\Users\lena-laura\AppData\Local\{FA1129C6-25BD-4623-9AE2-1CAF0BB34959} folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 121634 bytes
->Temporary Internet Files folder emptied: 66340 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 321 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: lena-laura
->Temp folder emptied: 4209527749 bytes
->Temporary Internet Files folder emptied: 15965967767 bytes
->Java cache emptied: 37397509 bytes
->FireFox cache emptied: 329721590 bytes
->Google Chrome cache emptied: 7151375 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2971259 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61402553 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 19.659,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02072012_134117

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 07.02.2012, 13:57

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

lena-laura · 07.02.2012, 14:28

hallo arne,

bin dem link gefolgt und wollte mir weiter unten das programm runterladen (über den TDSSKiller.exe link...) nun wird mir aber von Antivir eine Warnung angezeigt, dass diese Datei einen Virus enthält...im Antivir werde ich nun gefragt, ob ich die Datei in Quarantäne stellen möchte.
Möchte ich das?
Und gibt es noch einen anderen Link?
Und warum fang ich mir mit dem Downloadlink der hier gepostet wurde ein Virus ein?

cosinus · 07.02.2012, 15:08

Das ist ein Fehlalarm! Virenscanner deaktivieren, TDSS-Killer starten

lena-laura · 07.02.2012, 15:17

so! hier!

Code:

ATTFilter

15:10:06.0792 2596	TDSS rootkit removing tool 2.7.10.0 Feb  7 2012 15:14:46
15:10:07.0010 2596	============================================================
15:10:07.0010 2596	Current date / time: 2012/02/07 15:10:07.0010
15:10:07.0010 2596	SystemInfo:
15:10:07.0010 2596	
15:10:07.0011 2596	OS Version: 6.1.7600 ServicePack: 0.0
15:10:07.0011 2596	Product type: Workstation
15:10:07.0011 2596	ComputerName: PC
15:10:07.0011 2596	UserName: lena-laura
15:10:07.0011 2596	Windows directory: C:\windows
15:10:07.0012 2596	System windows directory: C:\windows
15:10:07.0012 2596	Processor architecture: Intel x86
15:10:07.0012 2596	Number of processors: 2
15:10:07.0012 2596	Page size: 0x1000
15:10:07.0012 2596	Boot type: Normal boot
15:10:07.0012 2596	============================================================
15:10:08.0585 2596	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:10:08.0594 2596	\Device\Harddisk0\DR0:
15:10:08.0594 2596	MBR used
15:10:08.0595 2596	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xA000000
15:10:08.0595 2596	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xA000800, BlocksNum 0x7610800
15:10:08.0782 2596	Initialize success
15:10:08.0782 2596	============================================================
15:10:54.0217 5204	============================================================
15:10:54.0217 5204	Scan started
15:10:54.0217 5204	Mode: Manual; SigCheck; TDLFS; 
15:10:54.0217 5204	============================================================
15:10:55.0476 5204	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\windows\system32\DRIVERS\1394ohci.sys
15:10:55.0948 5204	1394ohci - ok
15:10:56.0098 5204	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\windows\system32\DRIVERS\ACPI.sys
15:10:56.0202 5204	ACPI - ok
15:10:56.0268 5204	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\windows\system32\DRIVERS\acpipmi.sys
15:10:56.0375 5204	AcpiPmi - ok
15:10:56.0547 5204	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
15:10:56.0676 5204	adp94xx - ok
15:10:56.0974 5204	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
15:10:57.0090 5204	adpahci - ok
15:10:57.0166 5204	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
15:10:57.0249 5204	adpu320 - ok
15:10:57.0426 5204	AFD             (0db7a48388d54d154ebec120461a0fcd) C:\windows\system32\drivers\afd.sys
15:10:57.0563 5204	AFD - ok
15:10:57.0702 5204	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\DRIVERS\agp440.sys
15:10:57.0771 5204	agp440 - ok
15:10:57.0858 5204	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
15:10:57.0929 5204	aic78xx - ok
15:10:58.0088 5204	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\DRIVERS\aliide.sys
15:10:58.0174 5204	aliide - ok
15:10:58.0290 5204	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\DRIVERS\amdagp.sys
15:10:58.0368 5204	amdagp - ok
15:10:58.0524 5204	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\DRIVERS\amdide.sys
15:10:58.0592 5204	amdide - ok
15:10:58.0648 5204	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
15:10:58.0747 5204	AmdK8 - ok
15:10:59.0807 5204	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
15:10:59.0983 5204	AmdPPM - ok
15:11:00.0139 5204	amdsata         (19ce906b4cdc11fc4fef5745f33a63b6) C:\windows\system32\drivers\amdsata.sys
15:11:00.0220 5204	amdsata - ok
15:11:00.0311 5204	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
15:11:00.0555 5204	amdsbs - ok
15:11:00.0694 5204	amdxata         (869e67d66be326a5a9159fba8746fa70) C:\windows\system32\drivers\amdxata.sys
15:11:00.0777 5204	amdxata - ok
15:11:00.0849 5204	Andbus - ok
15:11:00.0892 5204	AndDiag - ok
15:11:00.0949 5204	AndGps - ok
15:11:00.0974 5204	ANDModem - ok
15:11:01.0180 5204	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\windows\system32\drivers\appid.sys
15:11:01.0312 5204	AppID - ok
15:11:01.0474 5204	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
15:11:01.0527 5204	arc - ok
15:11:01.0589 5204	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
15:11:01.0671 5204	arcsas - ok
15:11:03.0205 5204	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
15:11:03.0507 5204	AsyncMac - ok
15:11:03.0654 5204	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\DRIVERS\atapi.sys
15:11:03.0716 5204	atapi - ok
15:11:03.0833 5204	athr            (b01751cc563aecac09bbe36aaa21fbef) C:\windows\system32\DRIVERS\athr.sys
15:11:04.0047 5204	athr - ok
15:11:04.0181 5204	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
15:11:04.0262 5204	avgio - ok
15:11:04.0449 5204	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
15:11:04.0561 5204	avgntflt - ok
15:11:04.0627 5204	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
15:11:04.0655 5204	avipbb - ok
15:11:05.0743 5204	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
15:11:05.0883 5204	b06bdrv - ok
15:11:06.0021 5204	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
15:11:06.0146 5204	b57nd60x - ok
15:11:06.0335 5204	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
15:11:06.0530 5204	Beep - ok
15:11:06.0685 5204	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
15:11:06.0794 5204	blbdrive - ok
15:11:06.0912 5204	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\windows\system32\DRIVERS\bowser.sys
15:11:07.0015 5204	bowser - ok
15:11:07.0103 5204	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
15:11:07.0205 5204	BrFiltLo - ok
15:11:07.0338 5204	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
15:11:07.0461 5204	BrFiltUp - ok
15:11:07.0649 5204	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
15:11:07.0812 5204	Brserid - ok
15:11:07.0879 5204	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
15:11:07.0958 5204	BrSerWdm - ok
15:11:08.0069 5204	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
15:11:08.0209 5204	BrUsbMdm - ok
15:11:08.0273 5204	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
15:11:08.0396 5204	BrUsbSer - ok
15:11:08.0556 5204	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
15:11:08.0660 5204	BthEnum - ok
15:11:08.0735 5204	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
15:11:08.0849 5204	BTHMODEM - ok
15:11:09.0002 5204	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
15:11:09.0118 5204	BthPan - ok
15:11:09.0205 5204	BTHPORT         (88059ff1ded4472acd17eebabd393069) C:\windows\System32\Drivers\BTHport.sys
15:11:09.0375 5204	BTHPORT - ok
15:11:09.0536 5204	BTHUSB          (80e6384beec03b8bd45edea29802d657) C:\windows\System32\Drivers\BTHUSB.sys
15:11:09.0635 5204	BTHUSB - ok
15:11:09.0762 5204	btwaudio - ok
15:11:09.0834 5204	btwavdt - ok
15:11:09.0870 5204	btwl2cap - ok
15:11:09.0919 5204	btwrchid - ok
15:11:10.0001 5204	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
15:11:10.0205 5204	cdfs - ok
15:11:10.0349 5204	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\windows\system32\DRIVERS\cdrom.sys
15:11:10.0466 5204	cdrom - ok
15:11:10.0635 5204	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
15:11:10.0759 5204	circlass - ok
15:11:10.0911 5204	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
15:11:11.0010 5204	CLFS - ok
15:11:11.0177 5204	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
15:11:11.0274 5204	CmBatt - ok
15:11:11.0345 5204	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\DRIVERS\cmdide.sys
15:11:11.0413 5204	cmdide - ok
15:11:11.0497 5204	CNG             (36c252e474b2ffa0f0fbbff20d92a640) C:\windows\system32\Drivers\cng.sys
15:11:11.0658 5204	CNG - ok
15:11:11.0791 5204	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
15:11:11.0860 5204	Compbatt - ok
15:11:11.0935 5204	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\windows\system32\DRIVERS\CompositeBus.sys
15:11:12.0063 5204	CompositeBus - ok
15:11:12.0289 5204	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
15:11:12.0357 5204	crcdisk - ok
15:11:12.0589 5204	DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\windows\system32\Drivers\dfsc.sys
15:11:12.0664 5204	DfsC - ok
15:11:12.0816 5204	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
15:11:13.0039 5204	discache - ok
15:11:13.0257 5204	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
15:11:13.0353 5204	Disk - ok
15:11:13.0475 5204	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
15:11:13.0565 5204	drmkaud - ok
15:11:13.0708 5204	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\windows\System32\drivers\dxgkrnl.sys
15:11:13.0815 5204	DXGKrnl - ok
15:11:14.0148 5204	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
15:11:14.0503 5204	ebdrv - ok
15:11:14.0700 5204	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
15:11:14.0808 5204	elxstor - ok
15:11:14.0931 5204	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\DRIVERS\errdev.sys
15:11:15.0022 5204	ErrDev - ok
15:11:15.0201 5204	ewusbnet - ok
15:11:15.0262 5204	ew_hwusbdev - ok
15:11:15.0353 5204	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
15:11:15.0554 5204	exfat - ok
15:11:15.0719 5204	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
15:11:15.0940 5204	fastfat - ok
15:11:16.0096 5204	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
15:11:16.0217 5204	fdc - ok
15:11:16.0312 5204	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
15:11:16.0437 5204	FileInfo - ok
15:11:16.0614 5204	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
15:11:16.0802 5204	Filetrace - ok
15:11:16.0933 5204	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
15:11:17.0026 5204	flpydisk - ok
15:11:17.0190 5204	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
15:11:17.0293 5204	FltMgr - ok
15:11:17.0416 5204	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
15:11:17.0481 5204	FsDepends - ok
15:11:17.0606 5204	fssfltr         (bfaaa92861526bb0adcd01e964ab6609) C:\windows\system32\DRIVERS\fssfltr.sys
15:11:17.0663 5204	fssfltr - ok
15:11:17.0733 5204	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
15:11:17.0788 5204	Fs_Rec - ok
15:11:17.0937 5204	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\windows\system32\DRIVERS\fvevol.sys
15:11:18.0035 5204	fvevol - ok
15:11:18.0099 5204	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
15:11:18.0192 5204	gagp30kx - ok
15:11:18.0444 5204	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
15:11:18.0540 5204	hcw85cir - ok
15:11:18.0705 5204	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\windows\system32\drivers\HdAudio.sys
15:11:18.0830 5204	HdAudAddService - ok
15:11:19.0005 5204	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\windows\system32\DRIVERS\HDAudBus.sys
15:11:19.0129 5204	HDAudBus - ok
15:11:19.0270 5204	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
15:11:19.0371 5204	HidBatt - ok
15:11:19.0513 5204	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
15:11:19.0632 5204	HidBth - ok
15:11:19.0689 5204	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
15:11:19.0811 5204	HidIr - ok
15:11:19.0981 5204	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\DRIVERS\hidusb.sys
15:11:20.0074 5204	HidUsb - ok
15:11:20.0356 5204	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\DRIVERS\HpSAMD.sys
15:11:20.0430 5204	HpSAMD - ok
15:11:20.0617 5204	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\windows\system32\drivers\HTTP.sys
15:11:20.0872 5204	HTTP - ok
15:11:21.0038 5204	huawei_enumerator - ok
15:11:21.0217 5204	hwdatacard - ok
15:11:21.0304 5204	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\windows\system32\drivers\hwpolicy.sys
15:11:21.0375 5204	hwpolicy - ok
15:11:21.0516 5204	hwusbdev - ok
15:11:21.0728 5204	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\DRIVERS\i8042prt.sys
15:11:21.0841 5204	i8042prt - ok
15:11:22.0003 5204	iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
15:11:22.0097 5204	iaStor - ok
15:11:22.0276 5204	iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\windows\system32\drivers\iaStorV.sys
15:11:22.0389 5204	iaStorV - ok
15:11:22.0746 5204	igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
15:11:23.0180 5204	igfx - ok
15:11:23.0341 5204	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
15:11:23.0399 5204	iirsp - ok
15:11:23.0622 5204	IntcAzAudAddService (db96b8bd676bb24bd4f1dc53ca1f182c) C:\windows\system32\drivers\RTKVHDA.sys
15:11:23.0869 5204	IntcAzAudAddService - ok
15:11:24.0000 5204	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\DRIVERS\intelide.sys
15:11:24.0041 5204	intelide - ok
15:11:24.0101 5204	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
15:11:24.0199 5204	intelppm - ok
15:11:24.0369 5204	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:11:24.0556 5204	IpFilterDriver - ok
15:11:24.0752 5204	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\windows\system32\DRIVERS\IPMIDrv.sys
15:11:24.0845 5204	IPMIDRV - ok
15:11:24.0920 5204	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
15:11:25.0092 5204	IPNAT - ok
15:11:25.0243 5204	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
15:11:25.0337 5204	IRENUM - ok
15:11:25.0431 5204	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\DRIVERS\isapnp.sys
15:11:25.0501 5204	isapnp - ok
15:11:25.0646 5204	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\windows\system32\DRIVERS\msiscsi.sys
15:11:25.0729 5204	iScsiPrt - ok
15:11:25.0798 5204	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
15:11:25.0874 5204	kbdclass - ok
15:11:26.0010 5204	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\windows\system32\DRIVERS\kbdhid.sys
15:11:26.0101 5204	kbdhid - ok
15:11:26.0257 5204	kbfiltr         (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys
15:11:26.0315 5204	kbfiltr - ok
15:11:26.0399 5204	KSecDD          (0263364acb9c834ace52fb85c2c064ec) C:\windows\system32\Drivers\ksecdd.sys
15:11:26.0489 5204	KSecDD - ok
15:11:26.0642 5204	KSecPkg         (27391db553be2a4e2b0adeea2873b2af) C:\windows\system32\Drivers\ksecpkg.sys
15:11:26.0737 5204	KSecPkg - ok
15:11:26.0918 5204	L1C             (a158cea8644b8a5c1ec0e9a81b70f65a) C:\windows\system32\DRIVERS\L1C62x86.sys
15:11:27.0013 5204	L1C - ok
15:11:27.0178 5204	LgBttPort - ok
15:11:27.0253 5204	lgbusenum - ok
15:11:27.0306 5204	LGVMODEM - ok
15:11:27.0401 5204	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
15:11:27.0601 5204	lltdio - ok
15:11:27.0845 5204	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
15:11:27.0912 5204	LSI_FC - ok
15:11:27.0983 5204	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
15:11:28.0072 5204	LSI_SAS - ok
15:11:28.0214 5204	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
15:11:28.0297 5204	LSI_SAS2 - ok
15:11:28.0420 5204	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
15:11:28.0490 5204	LSI_SCSI - ok
15:11:28.0646 5204	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
15:11:28.0863 5204	luafv - ok
15:11:29.0007 5204	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
15:11:29.0060 5204	megasas - ok
15:11:29.0134 5204	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
15:11:29.0221 5204	MegaSR - ok
15:11:29.0382 5204	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
15:11:29.0589 5204	Modem - ok
15:11:29.0720 5204	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
15:11:29.0829 5204	monitor - ok
15:11:29.0977 5204	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
15:11:30.0050 5204	mouclass - ok
15:11:30.0205 5204	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
15:11:30.0310 5204	mouhid - ok
15:11:30.0380 5204	mountmgr        (921c18727c5920d6c0300736646931c2) C:\windows\system32\drivers\mountmgr.sys
15:11:30.0461 5204	mountmgr - ok
15:11:30.0581 5204	mpio            (2af5997438c55fb79d33d015c30e1974) C:\windows\system32\DRIVERS\mpio.sys
15:11:30.0648 5204	mpio - ok
15:11:30.0698 5204	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
15:11:30.0890 5204	mpsdrv - ok
15:11:31.0023 5204	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\windows\system32\drivers\mrxdav.sys
15:11:31.0142 5204	MRxDAV - ok
15:11:31.0296 5204	mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\windows\system32\DRIVERS\mrxsmb.sys
15:11:31.0453 5204	mrxsmb - ok
15:11:31.0585 5204	mrxsmb10        (f965c3ab2b2ae5c378f4562486e35051) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:11:31.0693 5204	mrxsmb10 - ok
15:11:31.0761 5204	mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:11:31.0850 5204	mrxsmb20 - ok
15:11:31.0996 5204	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\windows\system32\DRIVERS\msahci.sys
15:11:32.0067 5204	msahci - ok
15:11:32.0126 5204	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\windows\system32\DRIVERS\msdsm.sys
15:11:32.0219 5204	msdsm - ok
15:11:32.0414 5204	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
15:11:32.0547 5204	Msfs - ok
15:11:32.0617 5204	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
15:11:32.0773 5204	mshidkmdf - ok
15:11:32.0899 5204	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\DRIVERS\msisadrv.sys
15:11:32.0956 5204	msisadrv - ok
15:11:33.0130 5204	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
15:11:33.0271 5204	MSKSSRV - ok
15:11:33.0413 5204	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
15:11:33.0596 5204	MSPCLOCK - ok
15:11:33.0732 5204	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
15:11:33.0931 5204	MSPQM - ok
15:11:34.0125 5204	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
15:11:34.0224 5204	MsRPC - ok
15:11:34.0300 5204	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\DRIVERS\mssmbios.sys
15:11:34.0376 5204	mssmbios - ok
15:11:34.0514 5204	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
15:11:34.0711 5204	MSTEE - ok
15:11:34.0913 5204	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
15:11:35.0019 5204	MTConfig - ok
15:11:35.0106 5204	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
15:11:35.0179 5204	Mup - ok
15:11:35.0367 5204	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
15:11:35.0500 5204	NativeWifiP - ok
15:11:35.0658 5204	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\windows\system32\drivers\ndis.sys
15:11:35.0794 5204	NDIS - ok
15:11:35.0927 5204	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
15:11:36.0138 5204	NdisCap - ok
15:11:36.0326 5204	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
15:11:36.0543 5204	NdisTapi - ok
15:11:36.0748 5204	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\windows\system32\DRIVERS\ndisuio.sys
15:11:36.0934 5204	Ndisuio - ok
15:11:37.0019 5204	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\windows\system32\DRIVERS\ndiswan.sys
15:11:37.0212 5204	NdisWan - ok
15:11:37.0419 5204	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\windows\system32\drivers\NDProxy.sys
15:11:37.0614 5204	NDProxy - ok
15:11:37.0878 5204	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
15:11:38.0089 5204	NetBIOS - ok
15:11:38.0152 5204	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\windows\system32\DRIVERS\netbt.sys
15:11:38.0369 5204	NetBT - ok
15:11:38.0590 5204	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
15:11:38.0639 5204	nfrd960 - ok
15:11:38.0816 5204	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
15:11:39.0005 5204	Npfs - ok
15:11:39.0109 5204	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
15:11:39.0316 5204	nsiproxy - ok
15:11:39.0558 5204	Ntfs            (187002ce05693c306f43c873f821381f) C:\windows\system32\drivers\Ntfs.sys
15:11:39.0778 5204	Ntfs - ok
15:11:39.0915 5204	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
15:11:40.0100 5204	Null - ok
15:11:40.0191 5204	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\windows\system32\drivers\nvraid.sys
15:11:40.0295 5204	nvraid - ok
15:11:40.0445 5204	nvstor          (4520b63899e867f354ee012d34e11536) C:\windows\system32\drivers\nvstor.sys
15:11:40.0544 5204	nvstor - ok
15:11:40.0680 5204	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\DRIVERS\nv_agp.sys
15:11:40.0774 5204	nv_agp - ok
15:11:40.0940 5204	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\DRIVERS\ohci1394.sys
15:11:41.0059 5204	ohci1394 - ok
15:11:41.0357 5204	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
15:11:41.0458 5204	Parport - ok
15:11:41.0600 5204	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\windows\system32\drivers\partmgr.sys
15:11:41.0676 5204	partmgr - ok
15:11:41.0734 5204	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
15:11:41.0845 5204	Parvdm - ok
15:11:42.0036 5204	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\windows\system32\DRIVERS\pci.sys
15:11:42.0117 5204	pci - ok
15:11:42.0221 5204	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\DRIVERS\pciide.sys
15:11:42.0308 5204	pciide - ok
15:11:42.0455 5204	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
15:11:42.0538 5204	pcmcia - ok
15:11:42.0603 5204	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
15:11:42.0673 5204	pcw - ok
15:11:42.0807 5204	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
15:11:42.0977 5204	PEAUTH - ok
15:11:43.0344 5204	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
15:11:43.0475 5204	PptpMiniport - ok
15:11:43.0515 5204	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
15:11:43.0597 5204	Processor - ok
15:11:43.0770 5204	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
15:11:43.0947 5204	Psched - ok
15:11:44.0175 5204	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
15:11:44.0401 5204	ql2300 - ok
15:11:44.0567 5204	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
15:11:44.0655 5204	ql40xx - ok
15:11:44.0736 5204	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
15:11:44.0867 5204	QWAVEdrv - ok
15:11:44.0989 5204	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
15:11:45.0201 5204	RasAcd - ok
15:11:45.0355 5204	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
15:11:45.0506 5204	RasAgileVpn - ok
15:11:45.0661 5204	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
15:11:45.0830 5204	Rasl2tp - ok
15:11:46.0054 5204	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
15:11:46.0216 5204	RasPppoe - ok
15:11:46.0433 5204	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
15:11:46.0563 5204	RasSstp - ok
15:11:46.0620 5204	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\windows\system32\DRIVERS\rdbss.sys
15:11:46.0783 5204	rdbss - ok
15:11:46.0948 5204	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
15:11:47.0068 5204	rdpbus - ok
15:11:47.0130 5204	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\windows\system32\DRIVERS\RDPCDD.sys
15:11:47.0257 5204	RDPCDD - ok
15:11:47.0427 5204	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
15:11:47.0601 5204	RDPENCDD - ok
15:11:47.0709 5204	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
15:11:47.0921 5204	RDPREFMP - ok
15:11:48.0119 5204	RDPWD           (801371ba9782282892d00aadb08ee367) C:\windows\system32\drivers\RDPWD.sys
15:11:48.0344 5204	RDPWD - ok
15:11:48.0532 5204	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\windows\system32\drivers\rdyboost.sys
15:11:48.0660 5204	rdyboost - ok
15:11:48.0865 5204	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
15:11:48.0993 5204	RFCOMM - ok
15:11:49.0203 5204	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
15:11:49.0433 5204	rspndr - ok
15:11:49.0632 5204	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\windows\system32\DRIVERS\sbp2port.sys
15:11:49.0698 5204	sbp2port - ok
15:11:49.0769 5204	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\windows\system32\DRIVERS\scfilter.sys
15:11:49.0978 5204	scfilter - ok
15:11:50.0214 5204	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
15:11:50.0423 5204	secdrv - ok
15:11:50.0637 5204	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
15:11:50.0725 5204	Serenum - ok
15:11:50.0878 5204	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
15:11:50.0989 5204	Serial - ok
15:11:51.0138 5204	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
15:11:51.0235 5204	sermouse - ok
15:11:51.0414 5204	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\DRIVERS\sffdisk.sys
15:11:51.0523 5204	sffdisk - ok
15:11:51.0687 5204	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\DRIVERS\sffp_mmc.sys
15:11:51.0807 5204	sffp_mmc - ok
15:11:51.0941 5204	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\windows\system32\DRIVERS\sffp_sd.sys
15:11:52.0060 5204	sffp_sd - ok
15:11:52.0195 5204	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
15:11:52.0349 5204	sfloppy - ok
15:11:52.0623 5204	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\DRIVERS\sisagp.sys
15:11:52.0679 5204	sisagp - ok
15:11:52.0817 5204	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
15:11:52.0892 5204	SiSRaid2 - ok
15:11:52.0946 5204	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
15:11:53.0049 5204	SiSRaid4 - ok
15:11:53.0230 5204	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
15:11:53.0450 5204	Smb - ok
15:11:53.0669 5204	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
15:11:53.0769 5204	spldr - ok
15:11:53.0956 5204	srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\windows\system32\DRIVERS\srv.sys
15:11:54.0070 5204	srv - ok
15:11:54.0133 5204	srv2            (414bb592cad8a79649d01f9d94318fb3) C:\windows\system32\DRIVERS\srv2.sys
15:11:54.0215 5204	srv2 - ok
15:11:54.0330 5204	srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\windows\system32\DRIVERS\srvnet.sys
15:11:54.0472 5204	srvnet - ok
15:11:54.0591 5204	sscdbus         (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\windows\system32\DRIVERS\sscdbus.sys
15:11:54.0648 5204	sscdbus - ok
15:11:54.0773 5204	sscdmdfl        (8a1be0c347814f482f493aea619d57f6) C:\windows\system32\DRIVERS\sscdmdfl.sys
15:11:54.0820 5204	sscdmdfl - ok
15:11:54.0865 5204	sscdmdm         (5ab0b1987f682a59b15b78f84c6ad7d0) C:\windows\system32\DRIVERS\sscdmdm.sys
15:11:54.0916 5204	sscdmdm - ok
15:11:55.0052 5204	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
15:11:55.0082 5204	ssmdrv - ok
15:11:55.0169 5204	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
15:11:55.0221 5204	stexstor - ok
15:11:55.0409 5204	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\DRIVERS\swenum.sys
15:11:55.0448 5204	swenum - ok
15:11:55.0527 5204	SynTP           (8bd10dc8809dc69a1c5a795cb10add76) C:\windows\system32\DRIVERS\SynTP.sys
15:11:55.0559 5204	SynTP - ok
15:11:55.0806 5204	Tcpip           (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\drivers\tcpip.sys
15:11:55.0944 5204	Tcpip - ok
15:11:56.0176 5204	TCPIP6          (56c198ac82efa622dd93e9e43575f79c) C:\windows\system32\DRIVERS\tcpip.sys
15:11:56.0364 5204	TCPIP6 - ok
15:11:56.0540 5204	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\windows\system32\drivers\tcpipreg.sys
15:11:56.0684 5204	tcpipreg - ok
15:11:56.0830 5204	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\windows\system32\drivers\tdpipe.sys
15:11:56.0971 5204	TDPIPE - ok
15:11:57.0018 5204	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\windows\system32\drivers\tdtcp.sys
15:11:57.0133 5204	TDTCP - ok
15:11:57.0258 5204	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\windows\system32\DRIVERS\tdx.sys
15:11:57.0393 5204	tdx - ok
15:11:57.0511 5204	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\windows\system32\DRIVERS\termdd.sys
15:11:57.0553 5204	TermDD - ok
15:11:57.0793 5204	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\windows\system32\DRIVERS\tssecsrv.sys
15:11:57.0892 5204	tssecsrv - ok
15:11:58.0044 5204	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\windows\system32\DRIVERS\tunnel.sys
15:11:58.0272 5204	tunnel - ok
15:11:58.0447 5204	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
15:11:58.0524 5204	uagp35 - ok
15:11:58.0605 5204	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\windows\system32\DRIVERS\udfs.sys
15:11:58.0817 5204	udfs - ok
15:11:59.0037 5204	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\DRIVERS\uliagpkx.sys
15:11:59.0094 5204	uliagpkx - ok
15:11:59.0169 5204	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\windows\system32\DRIVERS\umbus.sys
15:11:59.0245 5204	umbus - ok
15:11:59.0357 5204	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
15:11:59.0442 5204	UmPass - ok
15:11:59.0629 5204	USB28xxBGA      (ae246f574c9089e284d9d34b63694c45) C:\windows\system32\DRIVERS\emBDA.sys
15:11:59.0849 5204	USB28xxBGA - ok
15:12:00.0011 5204	USB28xxOEM      (3b2a32c73238f537eb5e695d12acfb74) C:\windows\system32\DRIVERS\emOEM.sys
15:12:00.0146 5204	USB28xxOEM - ok
15:12:00.0368 5204	USBAAPL         (e8c1b9ebac65288e1b51e8a987d98af6) C:\windows\system32\Drivers\usbaapl.sys
15:12:00.0397 5204	USBAAPL ( UnsignedFile.Multi.Generic ) - warning
15:12:00.0397 5204	USBAAPL - detected UnsignedFile.Multi.Generic (1)
15:12:00.0622 5204	usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\windows\system32\drivers\usbaudio.sys
15:12:00.0748 5204	usbaudio - ok
15:12:00.0976 5204	usbbus - ok
15:12:01.0145 5204	usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\windows\system32\DRIVERS\usbccgp.sys
15:12:01.0281 5204	usbccgp - ok
15:12:01.0408 5204	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\DRIVERS\usbcir.sys
15:12:01.0521 5204	usbcir - ok
15:12:01.0648 5204	UsbDiag - ok
15:12:01.0754 5204	usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\windows\system32\drivers\usbehci.sys
15:12:01.0833 5204	usbehci - ok
15:12:01.0966 5204	usbhub          (bdcd7156ec37448f08633fd899823620) C:\windows\system32\DRIVERS\usbhub.sys
15:12:02.0024 5204	usbhub - ok
15:12:02.0058 5204	USBModem - ok
15:12:02.0143 5204	usbohci         (eb2d819a639015253c871cda09d91d58) C:\windows\system32\drivers\usbohci.sys
15:12:02.0380 5204	usbohci - ok
15:12:02.0546 5204	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
15:12:02.0673 5204	usbprint - ok
15:12:02.0864 5204	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
15:12:02.0988 5204	usbscan - ok
15:12:03.0133 5204	USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:12:03.0289 5204	USBSTOR - ok
15:12:03.0563 5204	usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\windows\system32\drivers\usbuhci.sys
15:12:03.0668 5204	usbuhci - ok
15:12:03.0862 5204	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\windows\System32\Drivers\usbvideo.sys
15:12:03.0966 5204	usbvideo - ok
15:12:04.0251 5204	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\DRIVERS\vdrvroot.sys
15:12:04.0355 5204	vdrvroot - ok
15:12:04.0479 5204	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
15:12:04.0681 5204	vga - ok
15:12:04.0987 5204	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
15:12:05.0189 5204	VgaSave - ok
15:12:05.0439 5204	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\windows\system32\DRIVERS\vhdmp.sys
15:12:05.0516 5204	vhdmp - ok
15:12:05.0724 5204	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\DRIVERS\viaagp.sys
15:12:05.0779 5204	viaagp - ok
15:12:05.0880 5204	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
15:12:05.0967 5204	ViaC7 - ok
15:12:06.0178 5204	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\DRIVERS\viaide.sys
15:12:06.0245 5204	viaide - ok
15:12:06.0393 5204	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\windows\system32\DRIVERS\volmgr.sys
15:12:06.0446 5204	volmgr - ok
15:12:06.0525 5204	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
15:12:06.0582 5204	volmgrx - ok
15:12:06.0722 5204	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\windows\system32\DRIVERS\volsnap.sys
15:12:06.0770 5204	volsnap - ok
15:12:06.0888 5204	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
15:12:06.0928 5204	vsmraid - ok
15:12:07.0092 5204	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
15:12:07.0164 5204	vwifibus - ok
15:12:07.0305 5204	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
15:12:07.0355 5204	vwififlt - ok
15:12:07.0427 5204	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
15:12:07.0501 5204	vwifimp - ok
15:12:07.0649 5204	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
15:12:07.0695 5204	WacomPen - ok
15:12:07.0761 5204	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
15:12:07.0888 5204	WANARP - ok
15:12:07.0902 5204	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\windows\system32\DRIVERS\wanarp.sys
15:12:08.0000 5204	Wanarpv6 - ok
15:12:08.0188 5204	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
15:12:08.0224 5204	Wd - ok
15:12:08.0280 5204	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
15:12:08.0338 5204	Wdf01000 - ok
15:12:08.0538 5204	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
15:12:08.0703 5204	WfpLwf - ok
15:12:08.0759 5204	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
15:12:08.0826 5204	WIMMount - ok
15:12:09.0113 5204	WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\windows\system32\DRIVERS\WinUsb.sys
15:12:09.0187 5204	WinUsb - ok
15:12:09.0446 5204	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\DRIVERS\wmiacpi.sys
15:12:09.0567 5204	WmiAcpi - ok
15:12:09.0869 5204	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
15:12:10.0005 5204	ws2ifsl - ok
15:12:10.0113 5204	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\windows\system32\drivers\WudfPf.sys
15:12:10.0276 5204	WudfPf - ok
15:12:10.0439 5204	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\windows\system32\DRIVERS\WUDFRd.sys
15:12:10.0594 5204	WUDFRd - ok
15:12:10.0755 5204	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:12:10.0913 5204	\Device\Harddisk0\DR0 - ok
15:12:10.0932 5204	Boot (0x1200)   (e82e8cb223b133dc906e7ae36c7c522a) \Device\Harddisk0\DR0\Partition0
15:12:10.0934 5204	\Device\Harddisk0\DR0\Partition0 - ok
15:12:10.0973 5204	Boot (0x1200)   (6d96bbb3aa2ca1cd7babdcd8baa76a22) \Device\Harddisk0\DR0\Partition1
15:12:10.0975 5204	\Device\Harddisk0\DR0\Partition1 - ok
15:12:10.0979 5204	============================================================
15:12:10.0979 5204	Scan finished
15:12:10.0979 5204	============================================================
15:12:11.0049 2924	Detected object count: 1
15:12:11.0050 2924	Actual detected object count: 1
15:14:09.0040 2924	USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
15:14:09.0045 2924	USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip

06.02.2012, 19:52	#5
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ich habe mir auch den 50 Euro Virus eingefangen. Was tun? Funktioniert der normale Modus wieder? __________________ Logfiles bitte immer in CODE-Tags posten

07.02.2012, 15:08	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Ich habe mir auch den 50 Euro Virus eingefangen. Was tun? Das ist ein Fehlalarm! Virenscanner deaktivieren, TDSS-Killer starten __________________ Logfiles bitte immer in CODE-Tags posten

Ich habe mir auch den 50 Euro Virus eingefangen. Was tun?

Log-Analyse und Auswertung: Ich habe mir auch den 50 Euro Virus eingefangen. Was tun?