50 Euro Virus. PC ist gesperrt. Bitte um Hilfe.

Keno79 · 24.02.2012, 18:20

Auch ich habe mir diesen Virus eingefangen, der den PC sperrt und 50 € haben will.

Ich habe daraufhin hier mal etwas gelesen und hoffe das ich alles an Informationen was zur Behebung des Problems benötigt wird jetzt zusammen habe. Ich hoffe Ihr könnt mir helfen.

Den Inhalt der OLT.txt schreibe ich mal direkt hier rein. Der Rest (hoffentlich ist das alles was benötigt wird) ist angehängt.OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.02.2012 18:13:19 - Run 2
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Keno\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,93 Gb Available Physical Memory | 77,02% Memory free
7,60 Gb Paging File | 6,83 Gb Available in Paging File | 89,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 424,66 Gb Total Space | 225,67 Gb Free Space | 53,14% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,73 Gb Free Space | 76,82% Space Free | Partition Type: NTFS
Drive E: | 12,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MEDIONNOTEBOOKI | User Name: Keno | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.24 17:43:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
PRC - [2012.02.18 21:59:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.18 21:59:56 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.08.31 22:22:30 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.12.08 08:21:46 | 000,229,520 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2011.12.06 22:00:14 | 000,214,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.09.21 08:45:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.22 22:05:48 | 000,057,344 | ---- | M] (Oki Data Americas, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\PrintSuperVision\www\bin\PSVEngine.exe -- (PrintSuperVision Engine)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.09.28 16:43:06 | 000,161,280 | ---- | M] (Oki Data Corporation) [Auto | Stopped] -- C:\Programme\Okidata\Common\Extend3\portmgrsrv.exe -- (OpLclSrv)
SRV - [2009.06.23 14:59:32 | 000,259,368 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.21 08:45:22 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.09.21 08:45:22 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.04.10 10:51:08 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.15 00:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.04.01 09:13:36 | 001,100,320 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.02.26 15:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.13 16:39:42 | 000,909,408 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.08 10:55:22 | 000,115,328 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2006.11.30 15:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV - [2011.09.12 14:28:52 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Stopped] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.tagesschau.de"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.8
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.09.19 15:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 21:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.03 12:04:22 | 000,000,000 | ---D | M]
 
[2010.11.04 11:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keno\AppData\Roaming\mozilla\Extensions
[2012.01.07 01:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\r8we546a.default\extensions
[2012.01.07 01:02:50 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\r8we546a.default\extensions\foxmarks@kei.com
[2011.07.24 14:31:22 | 000,000,917 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\Firefox\Profiles\r8we546a.default\searchplugins\conduit.xml
[2011.11.09 19:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.18 21:59:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.02 12:05:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.02 12:05:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.02 12:05:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.02 12:05:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.02 12:05:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.02 12:05:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome ==========
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [Recordpad] C:\Program Files (x86)\NCH Swift Sound\Recordpad\recordpad.exe (NCH Software)
O4 - HKCU..\Run: [dualmonitor] C:\Program Files (x86)\Dual Monitor\DualMonitor.exe (Cristi)
O4 - HKCU..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
O4 - HKCU..\Run: [SkypeM] C:\Users\Keno\AppData\Local\Skype\Skype.exe ()
O4 - Startup: C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Keno\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCFCEA60-BC4F-41A3-9160-5ACCAD2D6BA4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5343dd25-0c77-11e0-8158-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{5343dd25-0c77-11e0-8158-00262df5bafb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5343dd28-0c77-11e0-8158-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{5343dd28-0c77-11e0-8158-00262df5bafb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5e81af68-0225-11e1-943b-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{5e81af68-0225-11e1-943b-00262df5bafb}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{6824129c-ad20-11e0-b3be-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{6824129c-ad20-11e0-b3be-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{682412a0-ad20-11e0-b3be-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{682412a0-ad20-11e0-b3be-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c23ff375-0b6b-11e0-b45b-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c23ff375-0b6b-11e0-b45b-1c4bd6664f03}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c23ff37c-0b6b-11e0-b45b-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c23ff37c-0b6b-11e0-b45b-1c4bd6664f03}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{c23ff424-0b6b-11e0-b45b-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{c23ff424-0b6b-11e0-b45b-00262df5bafb}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{c8977cf0-1544-11e1-ae99-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c8977cf0-1544-11e1-ae99-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c8977d04-1544-11e1-ae99-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c8977d04-1544-11e1-ae99-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c8977d2a-1544-11e1-ae99-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{c8977d2a-1544-11e1-ae99-00262df5bafb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cc0edae7-16db-11e1-80c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc0edae7-16db-11e1-80c6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fd88daaa-ade4-11e0-b472-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{fd88daaa-ade4-11e0-b472-00262df5bafb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.24 17:55:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Keno\Desktop\dds.com
[2012.02.24 17:43:37 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
[2012.02.24 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Avira
[2012.02.22 14:22:14 | 000,000,000 | ---D | C] -- C:\Temp
[2012.02.22 14:22:14 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Motorola
[2012.02.22 14:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012.02.20 15:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.02.20 15:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.02.20 15:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.02.20 15:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.02.15 12:14:34 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\AUtokauf
[2012.02.15 08:13:44 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.15 08:13:44 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.15 08:13:33 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.15 08:13:23 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.15 08:13:04 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.02.15 08:13:04 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.15 08:13:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.15 08:13:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.15 08:13:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.15 08:13:03 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.15 08:13:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.09 07:48:07 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\Kopie von 1TB -HD
[2012.02.08 14:09:59 | 001,002,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller2.dll
[2012.02.08 14:08:16 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\a1
[2012.02.07 08:31:48 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\RavensburgerTipToi
[2012.02.07 08:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\RavensburgerTipToi
[2012.02.07 08:31:19 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
[2012.02.07 08:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ravensburger tiptoi
[2012.02.03 10:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2012.02.03 10:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012.02.02 09:13:26 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\SCans für Zeugniss
[2012.02.01 13:58:48 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\2012_02_01
[2012.02.01 13:57:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2012.02.01 13:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 5.5
[2012.02.01 13:54:21 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL
[2012.02.01 13:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2012.02.01 13:52:27 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012.02.01 13:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan 5600F
[2012.02.01 13:51:56 | 000,744,960 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNQ4808L.DLL
[2012.02.01 13:51:56 | 000,229,888 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNQ4808O.DLL
[2012.02.01 13:51:56 | 000,092,672 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNQ4808I.DLL
[2012.02.01 13:51:55 | 001,354,240 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNQ4808C.DLL
[2012.02.01 13:51:55 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012.01.31 22:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmoK Exif Sorter
[2012.01.31 14:03:24 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2012.01.31 13:02:54 | 000,000,000 | R--D | C] -- C:\Users\Keno\Virtual Machines
[2012.01.31 11:57:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2012.01.31 11:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2012.01.31 10:57:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpchbus.sys.mui
[2012.01.31 10:57:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcuxd.sys
[2012.01.31 10:57:37 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpchbuspipe.dll
[2012.01.31 10:57:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcuxd.sys.mui
[2012.01.31 10:57:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcuxd.sys.mui
[2012.01.31 10:57:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcusb.sys.mui
[2012.01.31 10:57:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcusb.sys.mui
[2012.01.31 10:57:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcnfltr.sys.mui
[2012.01.31 10:57:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcnfltr.sys.mui
[2012.01.31 10:57:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcuxd.sys.mui
[2012.01.31 10:57:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcusb.sys.mui
[2012.01.31 10:57:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcusb.sys.mui
[2012.01.31 10:57:34 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcuxd.sys.mui
[2012.01.31 10:57:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcuxd.sys.mui
[2012.01.31 10:57:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcusb.sys.mui
[2012.01.31 10:57:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcusb.sys.mui
[2012.01.31 10:57:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcusb.sys.mui
[2012.01.31 10:57:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcvmm.sys.mui
[2012.01.31 10:57:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcvmm.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcnfltr.sys.mui
[2012.01.31 10:57:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcnfltr.sys.mui
[2012.01.31 10:57:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcnfltr.sys.mui
[2012.01.31 10:57:28 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys
[2012.01.31 10:57:28 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys
[2012.01.31 10:57:27 | 000,359,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys
[2012.01.31 10:57:27 | 000,066,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys
[2012.01.31 10:57:26 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vmsal.exe
[2012.01.31 10:57:25 | 004,513,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpc.exe
[2012.01.31 10:57:25 | 002,262,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCWizard.exe
[2012.01.31 10:57:25 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCSettings.exe
[2012.01.31 10:57:25 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMWindow.exe
[2012.01.31 10:57:25 | 000,936,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmsal.exe
[2012.01.31 10:57:25 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMCPropertyHandler.dll
[2012.01.30 17:33:43 | 001,097,189 | ---- | C] (Prismatic Software ) -- C:\Users\Keno\Desktop\SetupDD_3.3.02.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.24 17:55:37 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Keno\Desktop\dds.com
[2012.02.24 17:55:11 | 000,000,000 | ---- | M] () -- C:\Users\Keno\defogger_reenable
[2012.02.24 17:51:04 | 000,050,477 | ---- | M] () -- C:\Users\Keno\Desktop\Defogger.exe
[2012.02.24 17:43:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
[2012.02.24 17:36:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.24 17:36:11 | 3062,833,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.24 16:40:24 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.24 15:38:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.24 15:38:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.24 15:31:57 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.23 19:43:14 | 000,398,848 | ---- | M] () -- C:\Users\Keno\Documents\Familie Behrends Konten.stb
[2012.02.21 14:43:36 | 000,002,128 | ---- | M] () -- C:\Users\Keno\Desktop\20120131 - Kärcher - Leiter Schulugsakademie - Verknüpfung.lnk
[2012.02.20 21:06:36 | 001,622,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.20 21:06:36 | 000,702,524 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.20 21:06:36 | 000,655,860 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.20 21:06:36 | 000,150,048 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.20 21:06:36 | 000,122,732 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.20 15:50:31 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.16 18:00:04 | 004,357,766 | ---- | M] () -- C:\Users\Keno\Desktop\Sicherungskopie von Keno Behrends_schreiben gmx.wbk
[2012.02.15 14:17:48 | 000,413,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 12:34:57 | 000,660,939 | ---- | M] () -- C:\Users\Keno\Desktop\coupon_9810643624751_1329137932.pdf
[2012.02.15 11:52:37 | 000,009,304 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Microsoft Excel 97-2003.EML
[2012.02.08 14:21:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012.02.07 08:33:28 | 000,001,115 | ---- | M] () -- C:\Users\Keno\Desktop\tiptoi.lnk
[2012.02.06 16:27:00 | 000,318,545 | ---- | M] () -- C:\Users\Keno\Documents\Rechnung_04.02.2012.zip
[2012.02.02 07:07:28 | 000,012,288 | -H-- | M] () -- C:\Users\Keno\Desktop\photothumb.db
[2012.02.01 13:53:15 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2012.02.01 13:53:06 | 000,002,138 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2012.01.31 14:22:01 | 1552,534,016 | ---- | M] () -- C:\Users\Keno\Desktop\VirtualXPVHD.vhd
[2012.01.30 17:33:54 | 001,097,189 | ---- | M] (Prismatic Software ) -- C:\Users\Keno\Desktop\SetupDD_3.3.02.exe
[2012.01.30 09:47:10 | 000,007,168 | ---- | M] () -- C:\Users\Keno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.02.24 17:55:11 | 000,000,000 | ---- | C] () -- C:\Users\Keno\defogger_reenable
[2012.02.24 17:51:03 | 000,050,477 | ---- | C] () -- C:\Users\Keno\Desktop\Defogger.exe
[2012.02.21 14:43:36 | 000,002,128 | ---- | C] () -- C:\Users\Keno\Desktop\20120131 - Kärcher - Leiter Schulugsakademie - Verknüpfung.lnk
[2012.02.20 15:50:31 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.16 18:00:02 | 004,357,766 | ---- | C] () -- C:\Users\Keno\Desktop\Sicherungskopie von Keno Behrends_schreiben gmx.wbk
[2012.02.15 12:34:57 | 000,660,939 | ---- | C] () -- C:\Users\Keno\Desktop\coupon_9810643624751_1329137932.pdf
[2012.02.08 14:21:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012.02.07 08:31:19 | 000,001,115 | ---- | C] () -- C:\Users\Keno\Desktop\tiptoi.lnk
[2012.02.06 16:27:43 | 000,318,545 | ---- | C] () -- C:\Users\Keno\Documents\Rechnung_04.02.2012.zip
[2012.02.01 13:53:15 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2012.02.01 13:53:06 | 000,002,138 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2012.01.31 13:27:28 | 1552,534,016 | ---- | C] () -- C:\Users\Keno\Desktop\VirtualXPVHD.vhd
[2012.01.05 10:31:28 | 000,004,096 | -H-- | C] () -- C:\Users\Keno\AppData\Local\keyfile3.drm
[2011.12.04 16:20:27 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.10.18 07:42:57 | 000,007,168 | ---- | C] () -- C:\Users\Keno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.18 13:51:53 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.06.26 14:42:34 | 000,009,304 | ---- | C] () -- C:\Users\Keno\AppData\Roaming\Microsoft Excel 97-2003.EML
[2011.06.20 23:08:48 | 000,182,937 | ---- | C] () -- C:\Windows\hpoins52.dat.temp
[2011.06.03 10:59:55 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.06.03 10:47:27 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.06.03 10:47:27 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011.05.03 22:24:26 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp
[2011.04.10 10:49:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.04.10 10:49:10 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.04.10 10:49:10 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.04.10 10:18:24 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2010.11.04 14:30:45 | 001,599,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.04 11:40:11 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.11.04 11:40:11 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.11.04 11:40:11 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.11.04 11:40:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.11.04 11:40:10 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\Keno\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty
 
< End of report >

--- --- ---

cosinus · 24.02.2012, 20:08

Zitat:

Boot Mode: SafeMode with Networking |

na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Keno79 · 24.02.2012, 23:41

So, das dauert dann ja doch ne ganze Weile, bis das alles durchläuft... hier die Ergebnisse:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.24.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
Keno :: MEDIONNOTEBOOKI [Administrator]

Schutz: Deaktiviert

24.02.2012 22:42:47
mbam-log-2012-02-24 (22-42-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 393739
Laufzeit: 52 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=58cccbda5f4e3542b00899abaf92f0b0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-24 09:32:22
# local_time=2012-02-24 10:32:22 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775166 100 94 14579 66644212 8328 0
# compatibility_mode=5893 16776573 100 94 24010 81742199 0 0
# compatibility_mode=8192 67108863 100 0 3919 3919 0 0
# scanned=199397
# found=10
# cleaned=0
# scan_time=6793
C:\Users\Keno\AppData\Local\Skype\Skype.exe	a variant of Win32/Kryptik.ABIZ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Keno\AppData\Local\Temp\0.5619873531749975fdrgs.exe	a variant of Win32/Kryptik.ABIZ trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Keno\AppData\Local\Temp\ICReinstall\cnet_fences_public_exe.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Keno\Desktop\a1\Exploits\psneuter	Linux/Exploit.Lotoor.AK trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Keno\Downloads\cnet_fences_public_exe.exe	a variant of Win32/InstallCore.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Keno\Downloads\RegistryReviverSetup(1).exe	a variant of Win32/RegistryReviver application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Keno\Downloads\RegistryReviverSetup.exe	a variant of Win32/RegistryReviver application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Keno\Downloads\SoftonicDownloader_fuer_acd-fotoslate.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Keno\Downloads\SoftonicDownloader_fuer_dup-detector.exe	Win32/SoftonicDownloader.C application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Keno\Downloads\SoftonicDownloader_fuer_tugzip.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I

cosinus · 25.02.2012, 00:39

Zitat:

C:\Users\Keno\Downloads\SoftonicDownloader_fuer_acd-fotoslate.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Keno\Downloads\SoftonicDownloader_fuer_dup-detector.exe Win32/SoftonicDownloader.C application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Keno\Downloads\SoftonicDownloader_fuer_tugzip.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Keno79 · 25.02.2012, 08:28

Hier das Ergebnis ohne die benutzerdefinierten Eingaben:

Code:

ATTFilter

OTL logfile created on: 25.02.2012 08:23:34 - Run 4
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Keno\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 72,05% Memory free
7,60 Gb Paging File | 6,58 Gb Available in Paging File | 86,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 424,66 Gb Total Space | 225,08 Gb Free Space | 53,00% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,73 Gb Free Space | 76,82% Space Free | Partition Type: NTFS
Drive E: | 12,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 232,88 Gb Total Space | 104,97 Gb Free Space | 45,07% Space Free | Partition Type: NTFS
 
Computer Name: MEDIONNOTEBOOKI | User Name: Keno | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.24 17:43:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.08 08:21:46 | 000,229,520 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2011.12.06 22:00:14 | 000,214,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.09.21 08:45:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.22 22:05:48 | 000,057,344 | ---- | M] (Oki Data Americas, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\PrintSuperVision\www\bin\PSVEngine.exe -- (PrintSuperVision Engine)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.09.28 16:43:06 | 000,161,280 | ---- | M] (Oki Data Corporation) [Auto | Stopped] -- C:\Programme\Okidata\Common\Extend3\portmgrsrv.exe -- (OpLclSrv)
SRV - [2009.06.23 14:59:32 | 000,259,368 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.09.21 08:45:22 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.09.21 08:45:22 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.04.10 10:51:08 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.15 00:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.04.01 09:13:36 | 001,100,320 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.02.26 15:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.13 16:39:42 | 000,909,408 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.08 10:55:22 | 000,115,328 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2006.11.30 15:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV - [2011.09.12 14:28:52 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Stopped] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.tagesschau.de"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.8
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.09.19 15:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 21:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.03 12:04:22 | 000,000,000 | ---D | M]
 
[2010.11.04 11:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keno\AppData\Roaming\mozilla\Extensions
[2012.01.07 01:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\r8we546a.default\extensions
[2012.01.07 01:02:50 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\r8we546a.default\extensions\foxmarks@kei.com
[2011.07.24 14:31:22 | 000,000,917 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\Firefox\Profiles\r8we546a.default\searchplugins\conduit.xml
[2011.11.09 19:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.18 21:59:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.02 12:05:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.02 12:05:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.02 12:05:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.02 12:05:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.02 12:05:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.02 12:05:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [Recordpad] C:\Program Files (x86)\NCH Swift Sound\Recordpad\recordpad.exe (NCH Software)
O4 - HKCU..\Run: [dualmonitor] C:\Program Files (x86)\Dual Monitor\DualMonitor.exe (Cristi)
O4 - HKCU..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
O4 - HKCU..\Run: [SkypeM] C:\Users\Keno\AppData\Local\Skype\Skype.exe ()
O4 - Startup: C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Keno\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCFCEA60-BC4F-41A3-9160-5ACCAD2D6BA4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.12 14:26:33 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 03:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5343dd25-0c77-11e0-8158-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{5343dd25-0c77-11e0-8158-00262df5bafb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5343dd28-0c77-11e0-8158-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{5343dd28-0c77-11e0-8158-00262df5bafb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5e81af68-0225-11e1-943b-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{5e81af68-0225-11e1-943b-00262df5bafb}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{6824129c-ad20-11e0-b3be-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{6824129c-ad20-11e0-b3be-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{682412a0-ad20-11e0-b3be-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{682412a0-ad20-11e0-b3be-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c23ff375-0b6b-11e0-b45b-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c23ff375-0b6b-11e0-b45b-1c4bd6664f03}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c23ff37c-0b6b-11e0-b45b-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c23ff37c-0b6b-11e0-b45b-1c4bd6664f03}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{c23ff424-0b6b-11e0-b45b-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{c23ff424-0b6b-11e0-b45b-00262df5bafb}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{c8977cf0-1544-11e1-ae99-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c8977cf0-1544-11e1-ae99-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c8977d04-1544-11e1-ae99-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c8977d04-1544-11e1-ae99-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c8977d2a-1544-11e1-ae99-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{c8977d2a-1544-11e1-ae99-00262df5bafb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cc0edae7-16db-11e1-80c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc0edae7-16db-11e1-80c6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fd88daaa-ade4-11e0-b472-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{fd88daaa-ade4-11e0-b472-00262df5bafb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.24 20:34:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Keno\Desktop\esetsmartinstaller_enu.exe
[2012.02.24 20:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.24 20:18:10 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Malwarebytes
[2012.02.24 20:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.24 20:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.24 20:17:56 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.24 20:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.24 17:55:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Keno\Desktop\dds.com
[2012.02.24 17:43:37 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
[2012.02.24 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Avira
[2012.02.22 14:22:14 | 000,000,000 | ---D | C] -- C:\Temp
[2012.02.22 14:22:14 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Motorola
[2012.02.22 14:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012.02.20 15:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.02.20 15:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.02.20 15:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.02.20 15:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.02.15 12:14:34 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\AUtokauf
[2012.02.15 08:13:44 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.15 08:13:44 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.15 08:13:33 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.15 08:13:23 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.15 08:13:04 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.02.15 08:13:04 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.15 08:13:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.15 08:13:04 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.15 08:13:04 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.15 08:13:03 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.15 08:13:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.09 07:48:07 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\Kopie von 1TB -HD
[2012.02.08 14:09:59 | 001,002,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller2.dll
[2012.02.08 14:08:16 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\a1
[2012.02.07 08:31:48 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\RavensburgerTipToi
[2012.02.07 08:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\RavensburgerTipToi
[2012.02.07 08:31:19 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
[2012.02.07 08:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ravensburger tiptoi
[2012.02.03 10:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2012.02.03 10:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012.02.02 09:13:26 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\SCans für Zeugniss
[2012.02.01 13:58:48 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\2012_02_01
[2012.02.01 13:57:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2012.02.01 13:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 5.5
[2012.02.01 13:54:21 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL
[2012.02.01 13:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2012.02.01 13:52:27 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012.02.01 13:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan 5600F
[2012.02.01 13:51:56 | 000,744,960 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNQ4808L.DLL
[2012.02.01 13:51:56 | 000,229,888 | ---- | C] (Canon Inc.) -- C:\Windows\SysNative\CNQ4808O.DLL
[2012.02.01 13:51:56 | 000,092,672 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNQ4808I.DLL
[2012.02.01 13:51:55 | 001,354,240 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNQ4808C.DLL
[2012.02.01 13:51:55 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012.01.31 22:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmoK Exif Sorter
[2012.01.31 14:03:24 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2012.01.31 13:02:54 | 000,000,000 | R--D | C] -- C:\Users\Keno\Virtual Machines
[2012.01.31 11:57:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2012.01.31 11:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2012.01.31 10:57:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpchbus.sys.mui
[2012.01.31 10:57:38 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcuxd.sys
[2012.01.31 10:57:37 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpchbuspipe.dll
[2012.01.31 10:57:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpchbus.sys.mui
[2012.01.31 10:57:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcuxd.sys.mui
[2012.01.31 10:57:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcuxd.sys.mui
[2012.01.31 10:57:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcusb.sys.mui
[2012.01.31 10:57:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcusb.sys.mui
[2012.01.31 10:57:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcnfltr.sys.mui
[2012.01.31 10:57:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcnfltr.sys.mui
[2012.01.31 10:57:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcuxd.sys.mui
[2012.01.31 10:57:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcusb.sys.mui
[2012.01.31 10:57:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcuxd.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcusb.sys.mui
[2012.01.31 10:57:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcusb.sys.mui
[2012.01.31 10:57:34 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcvmm.sys.mui
[2012.01.31 10:57:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcuxd.sys.mui
[2012.01.31 10:57:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcuxd.sys.mui
[2012.01.31 10:57:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcusb.sys.mui
[2012.01.31 10:57:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcusb.sys.mui
[2012.01.31 10:57:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcusb.sys.mui
[2012.01.31 10:57:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcvmm.sys.mui
[2012.01.31 10:57:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcvmm.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcnfltr.sys.mui
[2012.01.31 10:57:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcnfltr.sys.mui
[2012.01.31 10:57:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcnfltr.sys.mui
[2012.01.31 10:57:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcnfltr.sys.mui
[2012.01.31 10:57:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcnfltr.sys.mui
[2012.01.31 10:57:28 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys
[2012.01.31 10:57:28 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys
[2012.01.31 10:57:27 | 000,359,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys
[2012.01.31 10:57:27 | 000,066,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys
[2012.01.31 10:57:26 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vmsal.exe
[2012.01.31 10:57:25 | 004,513,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpc.exe
[2012.01.31 10:57:25 | 002,262,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCWizard.exe
[2012.01.31 10:57:25 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCSettings.exe
[2012.01.31 10:57:25 | 001,209,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMWindow.exe
[2012.01.31 10:57:25 | 000,936,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmsal.exe
[2012.01.31 10:57:25 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMCPropertyHandler.dll
[2012.01.30 17:33:43 | 001,097,189 | ---- | C] (Prismatic Software                                          ) -- C:\Users\Keno\Desktop\SetupDD_3.3.02.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.25 08:19:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.25 08:19:36 | 3062,833,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.25 08:15:20 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.24 20:33:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Keno\Desktop\esetsmartinstaller_enu.exe
[2012.02.24 20:17:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.24 19:46:23 | 001,622,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.24 19:46:23 | 000,700,380 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.24 19:46:23 | 000,655,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.24 19:46:23 | 000,149,176 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.24 19:46:23 | 000,121,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.24 17:55:37 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Keno\Desktop\dds.com
[2012.02.24 17:55:11 | 000,000,000 | ---- | M] () -- C:\Users\Keno\defogger_reenable
[2012.02.24 17:51:04 | 000,050,477 | ---- | M] () -- C:\Users\Keno\Desktop\Defogger.exe
[2012.02.24 17:43:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
[2012.02.24 16:40:24 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.24 15:38:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.24 15:38:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.23 19:43:14 | 000,398,848 | ---- | M] () -- C:\Users\Keno\Documents\Familie Behrends Konten.stb
[2012.02.21 14:43:36 | 000,002,128 | ---- | M] () -- C:\Users\Keno\Desktop\20120131 - Kärcher - Leiter Schulugsakademie - Verknüpfung.lnk
[2012.02.20 15:50:31 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.16 18:00:04 | 004,357,766 | ---- | M] () -- C:\Users\Keno\Desktop\Sicherungskopie von Keno Behrends_schreiben gmx.wbk
[2012.02.15 14:17:48 | 000,413,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 12:34:57 | 000,660,939 | ---- | M] () -- C:\Users\Keno\Desktop\coupon_9810643624751_1329137932.pdf
[2012.02.15 11:52:37 | 000,009,304 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Microsoft Excel 97-2003.EML
[2012.02.08 14:21:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012.02.07 08:33:28 | 000,001,115 | ---- | M] () -- C:\Users\Keno\Desktop\tiptoi.lnk
[2012.02.06 16:27:00 | 000,318,545 | ---- | M] () -- C:\Users\Keno\Documents\Rechnung_04.02.2012.zip
[2012.02.02 07:07:28 | 000,012,288 | -H-- | M] () -- C:\Users\Keno\Desktop\photothumb.db
[2012.02.01 13:53:15 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2012.02.01 13:53:06 | 000,002,138 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2012.01.31 14:22:01 | 1552,534,016 | ---- | M] () -- C:\Users\Keno\Desktop\VirtualXPVHD.vhd
[2012.01.30 17:33:54 | 001,097,189 | ---- | M] (Prismatic Software                                          ) -- C:\Users\Keno\Desktop\SetupDD_3.3.02.exe
[2012.01.30 09:47:10 | 000,007,168 | ---- | M] () -- C:\Users\Keno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.02.24 20:17:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.24 17:55:11 | 000,000,000 | ---- | C] () -- C:\Users\Keno\defogger_reenable
[2012.02.24 17:51:03 | 000,050,477 | ---- | C] () -- C:\Users\Keno\Desktop\Defogger.exe
[2012.02.21 14:43:36 | 000,002,128 | ---- | C] () -- C:\Users\Keno\Desktop\20120131 - Kärcher - Leiter Schulugsakademie - Verknüpfung.lnk
[2012.02.20 15:50:31 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.16 18:00:02 | 004,357,766 | ---- | C] () -- C:\Users\Keno\Desktop\Sicherungskopie von Keno Behrends_schreiben gmx.wbk
[2012.02.15 12:34:57 | 000,660,939 | ---- | C] () -- C:\Users\Keno\Desktop\coupon_9810643624751_1329137932.pdf
[2012.02.08 14:21:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012.02.07 08:31:19 | 000,001,115 | ---- | C] () -- C:\Users\Keno\Desktop\tiptoi.lnk
[2012.02.06 16:27:43 | 000,318,545 | ---- | C] () -- C:\Users\Keno\Documents\Rechnung_04.02.2012.zip
[2012.02.01 13:53:15 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2012.02.01 13:53:06 | 000,002,138 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2012.01.31 13:27:28 | 1552,534,016 | ---- | C] () -- C:\Users\Keno\Desktop\VirtualXPVHD.vhd
[2012.01.05 10:31:28 | 000,004,096 | -H-- | C] () -- C:\Users\Keno\AppData\Local\keyfile3.drm
[2011.12.04 16:20:27 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.10.18 07:42:57 | 000,007,168 | ---- | C] () -- C:\Users\Keno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.18 13:51:53 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.06.26 14:42:34 | 000,009,304 | ---- | C] () -- C:\Users\Keno\AppData\Roaming\Microsoft Excel 97-2003.EML
[2011.06.20 23:08:48 | 000,182,937 | ---- | C] () -- C:\Windows\hpoins52.dat.temp
[2011.06.03 10:59:55 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.06.03 10:47:27 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.06.03 10:47:27 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011.05.03 22:24:26 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp
[2011.04.10 10:49:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.04.10 10:49:10 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.04.10 10:49:10 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.04.10 10:18:24 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2010.11.04 14:30:45 | 001,599,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.04 11:40:11 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.11.04 11:40:11 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.11.04 11:40:11 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.11.04 11:40:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.11.04 11:40:10 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\Keno\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty

< End of report >

Keno79 · 25.02.2012, 08:47

Und hier nochmal der Scan nachdem ich die Eingaben im Feld "Benutzerdefinierte Scans..." gemacht habe:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 25.02.2012 08:33:12 - Run 5
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\Keno\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 3,11 Gb Available Physical Memory | 81,86% Memory free
7,60 Gb Paging File | 6,97 Gb Available in Paging File | 91,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 424,66 Gb Total Space | 225,02 Gb Free Space | 52,99% Space Free | Partition Type: NTFS
Drive D: | 40,00 Gb Total Space | 30,73 Gb Free Space | 76,82% Space Free | Partition Type: NTFS
Drive E: | 12,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 232,88 Gb Total Space | 104,97 Gb Free Space | 45,07% Space Free | Partition Type: NTFS
 
Computer Name: MEDIONNOTEBOOKI | User Name: Keno | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.24 17:43:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.08 08:21:46 | 000,229,520 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe -- (SXDS10)
SRV - [2011.12.06 22:00:14 | 000,214,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011.09.21 08:45:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.22 22:05:48 | 000,057,344 | ---- | M] (Oki Data Americas, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\PrintSuperVision\www\bin\PSVEngine.exe -- (PrintSuperVision Engine)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.09.28 16:43:06 | 000,161,280 | ---- | M] (Oki Data Corporation) [Auto | Stopped] -- C:\Programme\Okidata\Common\Extend3\portmgrsrv.exe -- (OpLclSrv)
SRV - [2009.06.23 14:59:32 | 000,259,368 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.09.21 08:45:22 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.09.21 08:45:22 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011.04.10 10:51:08 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.15 00:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.04.01 09:13:36 | 001,100,320 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2010.02.26 15:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.09.23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009.09.23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009.09.23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009.09.23 02:32:35 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2009.09.23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009.09.18 04:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.08.13 16:39:42 | 000,909,408 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod77-64.sys -- (mod7764)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.08 10:55:22 | 000,115,328 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2006.11.30 15:17:56 | 000,033,048 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\x10ufx2.sys -- (XUIF)
DRV - [2011.09.12 14:28:52 | 000,108,256 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Stopped] -- C:\Windows\SleeN1764.sys -- (SLEE_17_DRIVER)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-601110310-2717015187-1687495764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-601110310-2717015187-1687495764-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-601110310-2717015187-1687495764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-601110310-2717015187-1687495764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.tagesschau.de"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.8
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.09.19 15:43:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.18 21:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.08.03 12:04:22 | 000,000,000 | ---D | M]
 
[2010.11.04 11:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keno\AppData\Roaming\mozilla\Extensions
[2012.01.07 01:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\r8we546a.default\extensions
[2012.01.07 01:02:50 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Keno\AppData\Roaming\mozilla\Firefox\Profiles\r8we546a.default\extensions\foxmarks@kei.com
[2011.07.24 14:31:22 | 000,000,917 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\Firefox\Profiles\r8we546a.default\searchplugins\conduit.xml
[2011.11.09 19:37:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.18 21:59:56 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.02 12:05:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.02 12:05:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.02 12:05:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.02 12:05:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.02 12:05:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.02 12:05:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe File not found
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [Recordpad] C:\Program Files (x86)\NCH Swift Sound\Recordpad\recordpad.exe (NCH Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-601110310-2717015187-1687495764-1000..\Run: [dualmonitor] C:\Program Files (x86)\Dual Monitor\DualMonitor.exe (Cristi)
O4 - HKU\S-1-5-21-601110310-2717015187-1687495764-1000..\Run: [MultiScreen] C:\Program Files (x86)\MultiScreen\MultiScreen.exe ()
O4 - HKU\S-1-5-21-601110310-2717015187-1687495764-1000..\Run: [SkypeM] C:\Users\Keno\AppData\Local\Skype\Skype.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Keno\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-601110310-2717015187-1687495764-1000\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet)
O15 - HKU\S-1-5-21-601110310-2717015187-1687495764-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCFCEA60-BC4F-41A3-9160-5ACCAD2D6BA4}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.12 14:26:33 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 03:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5343dd25-0c77-11e0-8158-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{5343dd25-0c77-11e0-8158-00262df5bafb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5343dd28-0c77-11e0-8158-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{5343dd28-0c77-11e0-8158-00262df5bafb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5e81af68-0225-11e1-943b-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{5e81af68-0225-11e1-943b-00262df5bafb}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{6824129c-ad20-11e0-b3be-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{6824129c-ad20-11e0-b3be-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{682412a0-ad20-11e0-b3be-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{682412a0-ad20-11e0-b3be-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c23ff375-0b6b-11e0-b45b-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c23ff375-0b6b-11e0-b45b-1c4bd6664f03}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c23ff37c-0b6b-11e0-b45b-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c23ff37c-0b6b-11e0-b45b-1c4bd6664f03}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{c23ff424-0b6b-11e0-b45b-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{c23ff424-0b6b-11e0-b45b-00262df5bafb}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{c8977cf0-1544-11e1-ae99-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c8977cf0-1544-11e1-ae99-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c8977d04-1544-11e1-ae99-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c8977d04-1544-11e1-ae99-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c8977d2a-1544-11e1-ae99-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{c8977d2a-1544-11e1-ae99-00262df5bafb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cc0edae7-16db-11e1-80c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc0edae7-16db-11e1-80c6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fd88daaa-ade4-11e0-b472-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{fd88daaa-ade4-11e0-b472-00262df5bafb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.24 20:34:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Keno\Desktop\esetsmartinstaller_enu.exe
[2012.02.24 20:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.24 20:18:10 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Malwarebytes
[2012.02.24 20:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.24 20:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.24 20:17:56 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.24 20:17:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.24 17:55:35 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Keno\Desktop\dds.com
[2012.02.24 17:43:37 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
[2012.02.24 15:32:59 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Avira
[2012.02.22 14:22:14 | 000,000,000 | ---D | C] -- C:\Temp
[2012.02.22 14:22:14 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Motorola
[2012.02.22 14:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Inc
[2012.02.20 15:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.02.20 15:50:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012.02.20 15:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012.02.20 15:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012.02.15 12:14:34 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\AUtokauf
[2012.02.09 07:48:07 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\Kopie von 1TB -HD
[2012.02.08 14:08:16 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\a1
[2012.02.07 08:31:48 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\RavensburgerTipToi
[2012.02.07 08:31:48 | 000,000,000 | ---D | C] -- C:\ProgramData\RavensburgerTipToi
[2012.02.07 08:31:19 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
[2012.02.07 08:31:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ravensburger tiptoi
[2012.02.03 10:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2012.02.03 10:37:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012.02.02 09:13:26 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\SCans für Zeugniss
[2012.02.01 13:58:48 | 000,000,000 | ---D | C] -- C:\Users\Keno\Desktop\2012_02_01
[2012.02.01 13:57:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2012.02.01 13:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoStudio 5.5
[2012.02.01 13:54:21 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\PCDLIB32.DLL
[2012.02.01 13:54:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2012.02.01 13:52:27 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012.02.01 13:52:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan 5600F
[2012.02.01 13:51:55 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012.01.31 22:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmoK Exif Sorter
[2012.01.31 14:03:24 | 000,000,000 | ---D | C] -- C:\Users\Keno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2012.01.31 13:02:54 | 000,000,000 | R--D | C] -- C:\Users\Keno\Virtual Machines
[2012.01.31 11:57:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2012.01.31 11:57:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2012.01.31 11:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Mode
[2012.01.30 17:33:43 | 001,097,189 | ---- | C] (Prismatic Software                                          ) -- C:\Users\Keno\Desktop\SetupDD_3.3.02.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.25 08:19:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.25 08:19:36 | 3062,833,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.25 08:15:20 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.24 20:33:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Keno\Desktop\esetsmartinstaller_enu.exe
[2012.02.24 20:17:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.24 19:46:23 | 001,622,100 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.24 19:46:23 | 000,700,380 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.24 19:46:23 | 000,655,092 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.24 19:46:23 | 000,149,176 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.24 19:46:23 | 000,121,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.24 17:55:37 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Keno\Desktop\dds.com
[2012.02.24 17:55:11 | 000,000,000 | ---- | M] () -- C:\Users\Keno\defogger_reenable
[2012.02.24 17:51:04 | 000,050,477 | ---- | M] () -- C:\Users\Keno\Desktop\Defogger.exe
[2012.02.24 17:43:11 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Keno\Desktop\OTL.exe
[2012.02.24 16:40:24 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.24 15:38:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.24 15:38:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.23 19:43:14 | 000,398,848 | ---- | M] () -- C:\Users\Keno\Documents\Familie Behrends Konten.stb
[2012.02.21 14:43:36 | 000,002,128 | ---- | M] () -- C:\Users\Keno\Desktop\20120131 - Kärcher - Leiter Schulugsakademie - Verknüpfung.lnk
[2012.02.20 15:50:31 | 000,001,826 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.16 18:00:04 | 004,357,766 | ---- | M] () -- C:\Users\Keno\Desktop\Sicherungskopie von Keno Behrends_schreiben gmx.wbk
[2012.02.15 14:17:48 | 000,413,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 12:34:57 | 000,660,939 | ---- | M] () -- C:\Users\Keno\Desktop\coupon_9810643624751_1329137932.pdf
[2012.02.15 11:52:37 | 000,009,304 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Microsoft Excel 97-2003.EML
[2012.02.08 14:21:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012.02.07 08:33:28 | 000,001,115 | ---- | M] () -- C:\Users\Keno\Desktop\tiptoi.lnk
[2012.02.06 16:27:00 | 000,318,545 | ---- | M] () -- C:\Users\Keno\Documents\Rechnung_04.02.2012.zip
[2012.02.02 07:07:28 | 000,012,288 | -H-- | M] () -- C:\Users\Keno\Desktop\photothumb.db
[2012.02.01 13:53:15 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2012.02.01 13:53:06 | 000,002,138 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2012.01.31 14:22:01 | 1552,534,016 | ---- | M] () -- C:\Users\Keno\Desktop\VirtualXPVHD.vhd
[2012.01.30 17:33:54 | 001,097,189 | ---- | M] (Prismatic Software                                          ) -- C:\Users\Keno\Desktop\SetupDD_3.3.02.exe
[2012.01.30 09:47:10 | 000,007,168 | ---- | M] () -- C:\Users\Keno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2012.02.24 20:17:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.24 17:55:11 | 000,000,000 | ---- | C] () -- C:\Users\Keno\defogger_reenable
[2012.02.24 17:51:03 | 000,050,477 | ---- | C] () -- C:\Users\Keno\Desktop\Defogger.exe
[2012.02.21 14:43:36 | 000,002,128 | ---- | C] () -- C:\Users\Keno\Desktop\20120131 - Kärcher - Leiter Schulugsakademie - Verknüpfung.lnk
[2012.02.20 15:50:31 | 000,001,826 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012.02.16 18:00:02 | 004,357,766 | ---- | C] () -- C:\Users\Keno\Desktop\Sicherungskopie von Keno Behrends_schreiben gmx.wbk
[2012.02.15 12:34:57 | 000,660,939 | ---- | C] () -- C:\Users\Keno\Desktop\coupon_9810643624751_1329137932.pdf
[2012.02.08 14:21:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf
[2012.02.07 08:31:19 | 000,001,115 | ---- | C] () -- C:\Users\Keno\Desktop\tiptoi.lnk
[2012.02.06 16:27:43 | 000,318,545 | ---- | C] () -- C:\Users\Keno\Documents\Rechnung_04.02.2012.zip
[2012.02.01 13:53:15 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2012.02.01 13:53:06 | 000,002,138 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2012.01.31 13:27:28 | 1552,534,016 | ---- | C] () -- C:\Users\Keno\Desktop\VirtualXPVHD.vhd
[2012.01.05 10:31:28 | 000,004,096 | -H-- | C] () -- C:\Users\Keno\AppData\Local\keyfile3.drm
[2011.12.04 16:20:27 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.10.18 07:42:57 | 000,007,168 | ---- | C] () -- C:\Users\Keno\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.18 13:51:53 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.06.26 14:42:34 | 000,009,304 | ---- | C] () -- C:\Users\Keno\AppData\Roaming\Microsoft Excel 97-2003.EML
[2011.06.20 23:08:48 | 000,182,937 | ---- | C] () -- C:\Windows\hpoins52.dat.temp
[2011.06.03 10:59:55 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.06.03 10:47:27 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011.06.03 10:47:27 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011.05.03 22:24:26 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat.temp
[2011.04.10 10:49:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011.04.10 10:49:10 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011.04.10 10:49:10 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011.04.10 10:18:24 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2010.11.04 14:30:45 | 001,599,994 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.04 11:40:11 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.11.04 11:40:11 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.11.04 11:40:11 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.11.04 11:40:11 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.11.04 11:40:10 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
 
========== LOP Check ==========
 
[2011.09.12 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Actual Tools
[2012.02.01 13:57:19 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Canon
[2012.02.24 17:17:38 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Dropbox
[2011.11.03 10:15:55 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Dual Monitor
[2011.08.02 09:08:38 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\GetRightToGo
[2012.01.23 11:41:12 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\GMX
[2011.09.06 13:03:36 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\IrfanView
[2012.02.22 14:22:14 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Motorola
[2011.08.02 09:08:10 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\NCH Swift Sound
[2010.11.04 14:28:39 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Opera
[2011.12.16 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\PhotoScape
[2012.02.07 08:31:48 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\RavensburgerTipToi
[2011.08.02 09:08:31 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Recordpad
[2011.09.12 15:56:00 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Stardock
[2011.07.21 15:51:28 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Steganos
[2011.06.08 20:53:04 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Swiss Academic Software
[2012.01.27 16:14:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.09.12 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Actual Tools
[2010.11.04 22:45:58 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Adobe
[2011.12.27 09:46:37 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Apple Computer
[2012.02.24 15:32:59 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Avira
[2012.02.01 13:57:19 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Canon
[2011.06.07 20:56:57 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\CyberLink
[2012.02.24 17:17:38 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Dropbox
[2011.11.03 10:15:55 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Dual Monitor
[2011.08.02 09:08:38 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\GetRightToGo
[2012.01.23 11:41:12 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\GMX
[2011.06.20 23:22:30 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\HP
[2011.09.14 11:38:17 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\HpUpdate
[2010.11.04 08:46:36 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Identities
[2011.08.03 11:31:45 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\InstallShield
[2011.09.06 13:03:36 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\IrfanView
[2010.11.04 11:29:28 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Macromedia
[2012.02.24 20:18:10 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Media Center Programs
[2011.10.18 07:44:11 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Media Player Classic
[2011.12.14 15:04:16 | 000,000,000 | --SD | M] -- C:\Users\Keno\AppData\Roaming\Microsoft
[2012.02.22 14:22:14 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Motorola
[2010.11.04 11:41:32 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Mozilla
[2011.08.02 09:08:10 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\NCH Swift Sound
[2011.06.19 19:20:26 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Nero
[2010.11.04 14:28:39 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Opera
[2011.12.16 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\PhotoScape
[2012.02.07 08:31:48 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\RavensburgerTipToi
[2011.08.02 09:08:31 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Recordpad
[2011.09.12 15:56:00 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Stardock
[2011.07.21 15:51:28 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Steganos
[2011.06.08 20:53:04 | 000,000,000 | ---D | M] -- C:\Users\Keno\AppData\Roaming\Swiss Academic Software
 
< %APPDATA%\*.exe /s >
[2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\Keno\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Keno\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.11.04 11:29:27 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Keno\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.08.31 11:10:46 | 000,010,134 | R--- | M] () -- C:\Users\Keno\AppData\Roaming\Microsoft\Installer\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\Keno\AppData\Roaming\Microsoft Excel 97-2003.EML:OECustomProperty

< End of report >

--- --- ---

cosinus · 26.02.2012, 14:48

Zitat:

Boot Mode: SafeMode with Networking

geht der normale Modus noch nicht?

Keno79 · 26.02.2012, 16:21

Nein, wenn ich nicht im abgesichertem Modus arbeite meldet sich der Virus wieder sofort.

cosinus · 26.02.2012, 16:32

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-601110310-2717015187-1687495764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-601110310-2717015187-1687495764-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found
IE - HKU\S-1-5-21-601110310-2717015187-1687495764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-601110310-2717015187-1687495764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "www.tagesschau.de"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.8
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
[2011.07.24 14:31:22 | 000,000,917 | ---- | M] () -- C:\Users\Keno\AppData\Roaming\Mozilla\Firefox\Profiles\r8we546a.default\searchplugins\conduit.xml
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-601110310-2717015187-1687495764-1000..\Run: [SkypeM] C:\Users\Keno\AppData\Local\Skype\Skype.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.12 14:26:33 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002.10.17 03:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5343dd25-0c77-11e0-8158-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{5343dd25-0c77-11e0-8158-00262df5bafb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5343dd28-0c77-11e0-8158-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{5343dd28-0c77-11e0-8158-00262df5bafb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{5e81af68-0225-11e1-943b-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{5e81af68-0225-11e1-943b-00262df5bafb}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{6824129c-ad20-11e0-b3be-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{6824129c-ad20-11e0-b3be-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{682412a0-ad20-11e0-b3be-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{682412a0-ad20-11e0-b3be-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c23ff375-0b6b-11e0-b45b-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c23ff375-0b6b-11e0-b45b-1c4bd6664f03}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c23ff37c-0b6b-11e0-b45b-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c23ff37c-0b6b-11e0-b45b-1c4bd6664f03}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{c23ff424-0b6b-11e0-b45b-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{c23ff424-0b6b-11e0-b45b-00262df5bafb}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{c8977cf0-1544-11e1-ae99-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c8977cf0-1544-11e1-ae99-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c8977d04-1544-11e1-ae99-1c4bd6664f03}\Shell - "" = AutoRun
O33 - MountPoints2\{c8977d04-1544-11e1-ae99-1c4bd6664f03}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c8977d2a-1544-11e1-ae99-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{c8977d2a-1544-11e1-ae99-00262df5bafb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{cc0edae7-16db-11e1-80c6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{cc0edae7-16db-11e1-80c6-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fd88daaa-ade4-11e0-b472-00262df5bafb}\Shell - "" = AutoRun
O33 - MountPoints2\{fd88daaa-ade4-11e0-b472-00262df5bafb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Files
C:\Users\Keno\AppData\Local\Skype
C:\Users\Keno\AppData\Local\Temp\*.exe
C:\Users\Keno\AppData\Local\Temp\ICReinstall\cnet_fences_public_exe.exe
C:\Users\Keno\Desktop\a1\Exploits
C:\Users\Keno\Downloads\cnet_fences_public_exe.exe
C:\Users\Keno\Downloads\RegistryReviverSetup*
C:\Users\Keno\Downloads\SoftonicDownloader*
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Keno79 · 26.02.2012, 17:59

Ok, bin jetzt gerade im normalen Modus und bis jetzt läuft noch alles

Hoffe das hält auch auf Dauer an. Muss ich noch irgend etwas tun, bzw. in Zukunft bedenken?

Auf jeden Fall schon mal Danke!!!

Code:

ATTFilter

 
All processes killed
========== OTL ==========
HKU\S-1-5-21-601110310-2717015187-1687495764-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-601110310-2717015187-1687495764-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{40c3cc16-7269-4b32-9531-17f2950fb06f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40c3cc16-7269-4b32-9531-17f2950fb06f}\ not found.
HKU\S-1-5-21-601110310-2717015187-1687495764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-601110310-2717015187-1687495764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: "www.tagesschau.de" removed from browser.startup.homepage
Prefs.js: foxmarks@kei.com:3.9.8 removed from extensions.enabledItems
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL
C:\Users\Keno\AppData\Roaming\Mozilla\Firefox\Profiles\r8we546a.default\searchplugins\conduit.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-601110310-2717015187-1687495764-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SkypeM deleted successfully.
C:\Users\Keno\AppData\Local\Skype\Skype.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File  not found.
File F:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5343dd25-0c77-11e0-8158-00262df5bafb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5343dd25-0c77-11e0-8158-00262df5bafb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5343dd25-0c77-11e0-8158-00262df5bafb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5343dd25-0c77-11e0-8158-00262df5bafb}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5343dd28-0c77-11e0-8158-00262df5bafb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5343dd28-0c77-11e0-8158-00262df5bafb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5343dd28-0c77-11e0-8158-00262df5bafb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5343dd28-0c77-11e0-8158-00262df5bafb}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e81af68-0225-11e1-943b-00262df5bafb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e81af68-0225-11e1-943b-00262df5bafb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5e81af68-0225-11e1-943b-00262df5bafb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e81af68-0225-11e1-943b-00262df5bafb}\ not found.
File F:\iStudio.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6824129c-ad20-11e0-b3be-1c4bd6664f03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6824129c-ad20-11e0-b3be-1c4bd6664f03}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6824129c-ad20-11e0-b3be-1c4bd6664f03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6824129c-ad20-11e0-b3be-1c4bd6664f03}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{682412a0-ad20-11e0-b3be-1c4bd6664f03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{682412a0-ad20-11e0-b3be-1c4bd6664f03}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{682412a0-ad20-11e0-b3be-1c4bd6664f03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{682412a0-ad20-11e0-b3be-1c4bd6664f03}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c23ff375-0b6b-11e0-b45b-1c4bd6664f03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c23ff375-0b6b-11e0-b45b-1c4bd6664f03}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c23ff375-0b6b-11e0-b45b-1c4bd6664f03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c23ff375-0b6b-11e0-b45b-1c4bd6664f03}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c23ff37c-0b6b-11e0-b45b-1c4bd6664f03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c23ff37c-0b6b-11e0-b45b-1c4bd6664f03}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c23ff37c-0b6b-11e0-b45b-1c4bd6664f03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c23ff37c-0b6b-11e0-b45b-1c4bd6664f03}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c23ff424-0b6b-11e0-b45b-00262df5bafb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c23ff424-0b6b-11e0-b45b-00262df5bafb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c23ff424-0b6b-11e0-b45b-00262df5bafb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c23ff424-0b6b-11e0-b45b-00262df5bafb}\ not found.
File G:\setup.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8977cf0-1544-11e1-ae99-1c4bd6664f03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8977cf0-1544-11e1-ae99-1c4bd6664f03}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8977cf0-1544-11e1-ae99-1c4bd6664f03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8977cf0-1544-11e1-ae99-1c4bd6664f03}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8977d04-1544-11e1-ae99-1c4bd6664f03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8977d04-1544-11e1-ae99-1c4bd6664f03}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8977d04-1544-11e1-ae99-1c4bd6664f03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8977d04-1544-11e1-ae99-1c4bd6664f03}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8977d2a-1544-11e1-ae99-00262df5bafb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8977d2a-1544-11e1-ae99-00262df5bafb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8977d2a-1544-11e1-ae99-00262df5bafb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8977d2a-1544-11e1-ae99-00262df5bafb}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc0edae7-16db-11e1-80c6-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc0edae7-16db-11e1-80c6-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc0edae7-16db-11e1-80c6-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc0edae7-16db-11e1-80c6-806e6f6e6963}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd88daaa-ade4-11e0-b472-00262df5bafb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd88daaa-ade4-11e0-b472-00262df5bafb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd88daaa-ade4-11e0-b472-00262df5bafb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd88daaa-ade4-11e0-b472-00262df5bafb}\ not found.
File F:\AutoRun.exe not found.
========== FILES ==========
C:\Users\Keno\AppData\Local\Skype folder moved successfully.
C:\Users\Keno\AppData\Local\Temp\0.5619873531749975fdrgs.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\cci.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\contentDATs.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\DataCard_Setup64.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\ffunzip.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\firefoxjre_exe-1.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\firefoxjre_exe-2.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\firefoxjre_exe.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\GLF64C3.tmp.ConduitEngineSetup.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\GXM Compatibility Tool.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\MotoHelper_2.0.24_Driver_4.7.1.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\Motorola_Software_Update_01.16.20_PROD_Only.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\MSETUP4.EXE moved successfully.
C:\Users\Keno\AppData\Local\Temp\MSN52D0.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\ose00000.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\ResetDevice.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\SecurityScan_Release.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\winload_community_tb.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\_isBADF.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\_isC4FD.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\_isD783.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\_isDBA8.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\_isDF12.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\_isE49D.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\_isECD7.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\_isEECB.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\_isF17F.exe moved successfully.
C:\Users\Keno\AppData\Local\Temp\ICReinstall\cnet_fences_public_exe.exe moved successfully.
C:\Users\Keno\Desktop\a1\Exploits folder moved successfully.
C:\Users\Keno\Downloads\cnet_fences_public_exe.exe moved successfully.
C:\Users\Keno\Downloads\RegistryReviverSetup(1).exe moved successfully.
C:\Users\Keno\Downloads\RegistryReviverSetup.exe moved successfully.
C:\Users\Keno\Downloads\SoftonicDownloader_fuer_acd-fotoslate.exe moved successfully.
C:\Users\Keno\Downloads\SoftonicDownloader_fuer_dup-detector.exe moved successfully.
C:\Users\Keno\Downloads\SoftonicDownloader_fuer_tugzip.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Keno
->Temp folder emptied: 2496779776 bytes
->Temporary Internet Files folder emptied: 292749394 bytes
->Java cache emptied: 1245525 bytes
->FireFox cache emptied: 286387904 bytes
->Google Chrome cache emptied: 6129251 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 144507 bytes
 
User: NeroMediaHomeUser.4
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 241650681 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes

RecycleBin emptied: 72433795 bytes
 
Total Files Cleaned = 3.240,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 02262012_174435

Files\Folders moved on Reboot...
C:\Users\Keno\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 26.02.2012, 18:32

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Keno79 · 26.02.2012, 20:11

Hier das Ergebnis:

Code:

ATTFilter

20:06:08.0420 4364	TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
20:06:08.0703 4364	============================================================
20:06:08.0703 4364	Current date / time: 2012/02/26 20:06:08.0703
20:06:08.0703 4364	SystemInfo:
20:06:08.0703 4364	
20:06:08.0703 4364	OS Version: 6.1.7601 ServicePack: 1.0
20:06:08.0703 4364	Product type: Workstation
20:06:08.0703 4364	ComputerName: MEDIONNOTEBOOKI
20:06:08.0703 4364	UserName: Keno
20:06:08.0703 4364	Windows directory: C:\Windows
20:06:08.0703 4364	System windows directory: C:\Windows
20:06:08.0703 4364	Running under WOW64
20:06:08.0703 4364	Processor architecture: Intel x64
20:06:08.0703 4364	Number of processors: 4
20:06:08.0703 4364	Page size: 0x1000
20:06:08.0703 4364	Boot type: Normal boot
20:06:08.0703 4364	============================================================
20:06:09.0785 4364	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:06:09.0794 4364	Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:06:09.0796 4364	\Device\Harddisk0\DR0:
20:06:09.0797 4364	MBR used
20:06:09.0797 4364	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:06:09.0797 4364	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35151800
20:06:09.0797 4364	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x35184000, BlocksNum 0x5000000
20:06:09.0797 4364	\Device\Harddisk2\DR2:
20:06:09.0797 4364	MBR used
20:06:09.0797 4364	\Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C5170
20:06:09.0900 4364	Initialize success
20:06:09.0900 4364	============================================================
20:08:42.0493 5360	============================================================
20:08:42.0493 5360	Scan started
20:08:42.0493 5360	Mode: Manual; 
20:08:42.0493 5360	============================================================
20:08:43.0383 5360	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:08:43.0383 5360	1394ohci - ok
20:08:43.0445 5360	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:08:43.0445 5360	ACPI - ok
20:08:43.0492 5360	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:08:43.0507 5360	AcpiPmi - ok
20:08:43.0554 5360	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:08:43.0570 5360	adp94xx - ok
20:08:43.0663 5360	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:08:43.0679 5360	adpahci - ok
20:08:43.0710 5360	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:08:43.0710 5360	adpu320 - ok
20:08:43.0819 5360	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:08:43.0819 5360	AFD - ok
20:08:43.0882 5360	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:08:43.0882 5360	agp440 - ok
20:08:43.0975 5360	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:08:43.0991 5360	aliide - ok
20:08:43.0991 5360	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:08:44.0007 5360	amdide - ok
20:08:44.0053 5360	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:08:44.0053 5360	AmdK8 - ok
20:08:44.0069 5360	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:08:44.0069 5360	AmdPPM - ok
20:08:44.0131 5360	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:08:44.0131 5360	amdsata - ok
20:08:44.0194 5360	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:08:44.0194 5360	amdsbs - ok
20:08:44.0256 5360	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:08:44.0256 5360	amdxata - ok
20:08:44.0381 5360	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:08:44.0381 5360	AppID - ok
20:08:44.0506 5360	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:08:44.0506 5360	arc - ok
20:08:44.0521 5360	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:08:44.0537 5360	arcsas - ok
20:08:44.0662 5360	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:08:44.0662 5360	AsyncMac - ok
20:08:44.0693 5360	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:08:44.0693 5360	atapi - ok
20:08:44.0802 5360	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
20:08:44.0802 5360	avgntflt - ok
20:08:44.0833 5360	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
20:08:44.0833 5360	avipbb - ok
20:08:44.0943 5360	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:08:44.0958 5360	b06bdrv - ok
20:08:44.0989 5360	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:08:45.0005 5360	b57nd60a - ok
20:08:45.0099 5360	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:08:45.0177 5360	Beep - ok
20:08:45.0317 5360	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:08:45.0317 5360	blbdrive - ok
20:08:45.0411 5360	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:08:45.0411 5360	bowser - ok
20:08:45.0457 5360	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:08:45.0457 5360	BrFiltLo - ok
20:08:45.0473 5360	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:08:45.0473 5360	BrFiltUp - ok
20:08:45.0489 5360	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:08:45.0504 5360	Brserid - ok
20:08:45.0504 5360	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:08:45.0520 5360	BrSerWdm - ok
20:08:45.0520 5360	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:08:45.0520 5360	BrUsbMdm - ok
20:08:45.0535 5360	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:08:45.0535 5360	BrUsbSer - ok
20:08:45.0613 5360	BTCFilterService - ok
20:08:45.0645 5360	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:08:45.0660 5360	BTHMODEM - ok
20:08:45.0769 5360	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:08:45.0769 5360	cdfs - ok
20:08:45.0816 5360	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:08:45.0832 5360	cdrom - ok
20:08:45.0879 5360	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:08:45.0894 5360	circlass - ok
20:08:45.0925 5360	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:08:45.0925 5360	CLFS - ok
20:08:46.0050 5360	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:08:46.0050 5360	CmBatt - ok
20:08:46.0081 5360	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:08:46.0081 5360	cmdide - ok
20:08:46.0128 5360	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
20:08:46.0128 5360	CNG - ok
20:08:46.0191 5360	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:08:46.0191 5360	Compbatt - ok
20:08:46.0300 5360	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:08:46.0300 5360	CompositeBus - ok
20:08:46.0347 5360	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:08:46.0347 5360	crcdisk - ok
20:08:46.0471 5360	dc3d            (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
20:08:46.0471 5360	dc3d - ok
20:08:46.0534 5360	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:08:46.0549 5360	DfsC - ok
20:08:46.0565 5360	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:08:46.0565 5360	discache - ok
20:08:46.0659 5360	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:08:46.0659 5360	Disk - ok
20:08:46.0752 5360	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:08:46.0768 5360	drmkaud - ok
20:08:46.0830 5360	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:08:46.0861 5360	DXGKrnl - ok
20:08:46.0971 5360	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:08:47.0095 5360	ebdrv - ok
20:08:47.0205 5360	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:08:47.0236 5360	elxstor - ok
20:08:47.0267 5360	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:08:47.0283 5360	ErrDev - ok
20:08:47.0392 5360	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:08:47.0392 5360	exfat - ok
20:08:47.0454 5360	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:08:47.0532 5360	fastfat - ok
20:08:47.0719 5360	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:08:47.0719 5360	fdc - ok
20:08:47.0751 5360	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:08:47.0751 5360	FileInfo - ok
20:08:47.0766 5360	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:08:47.0782 5360	Filetrace - ok
20:08:47.0797 5360	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:08:47.0797 5360	flpydisk - ok
20:08:47.0891 5360	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:08:47.0891 5360	FltMgr - ok
20:08:47.0922 5360	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:08:47.0938 5360	FsDepends - ok
20:08:47.0938 5360	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:08:47.0953 5360	Fs_Rec - ok
20:08:48.0047 5360	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:08:48.0047 5360	fvevol - ok
20:08:48.0078 5360	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:08:48.0094 5360	gagp30kx - ok
20:08:48.0187 5360	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:08:48.0187 5360	GEARAspiWDM - ok
20:08:48.0328 5360	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:08:48.0343 5360	hcw85cir - ok
20:08:48.0406 5360	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:08:48.0421 5360	HdAudAddService - ok
20:08:48.0453 5360	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:08:48.0453 5360	HDAudBus - ok
20:08:48.0546 5360	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:08:48.0546 5360	HECIx64 - ok
20:08:48.0577 5360	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:08:48.0577 5360	HidBatt - ok
20:08:48.0640 5360	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:08:48.0655 5360	HidBth - ok
20:08:48.0655 5360	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:08:48.0671 5360	HidIr - ok
20:08:48.0780 5360	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:08:48.0780 5360	HidUsb - ok
20:08:48.0827 5360	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:08:48.0843 5360	HpSAMD - ok
20:08:48.0905 5360	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:08:48.0905 5360	HTTP - ok
20:08:49.0045 5360	hwdatacard      (cdaa8e257bb625b2387219e605dde37d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:08:49.0061 5360	hwdatacard - ok
20:08:49.0092 5360	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:08:49.0092 5360	hwpolicy - ok
20:08:49.0186 5360	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:08:49.0217 5360	i8042prt - ok
20:08:49.0279 5360	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:08:49.0295 5360	iaStorV - ok
20:08:49.0654 5360	igfx            (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:08:50.0013 5360	igfx - ok
20:08:50.0091 5360	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:08:50.0106 5360	iirsp - ok
20:08:50.0169 5360	Impcd           (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
20:08:50.0169 5360	Impcd - ok
20:08:50.0231 5360	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:08:50.0231 5360	IntcDAud - ok
20:08:50.0278 5360	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:08:50.0278 5360	intelide - ok
20:08:50.0325 5360	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:08:50.0325 5360	intelppm - ok
20:08:50.0371 5360	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:08:50.0371 5360	IpFilterDriver - ok
20:08:50.0418 5360	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:08:50.0434 5360	IPMIDRV - ok
20:08:50.0465 5360	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:08:50.0465 5360	IPNAT - ok
20:08:50.0559 5360	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:08:50.0559 5360	IRENUM - ok
20:08:50.0590 5360	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:08:50.0605 5360	isapnp - ok
20:08:50.0652 5360	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:08:50.0652 5360	iScsiPrt - ok
20:08:50.0715 5360	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:08:50.0715 5360	kbdclass - ok
20:08:50.0761 5360	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:08:50.0761 5360	kbdhid - ok
20:08:50.0808 5360	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
20:08:50.0808 5360	KSecDD - ok
20:08:50.0824 5360	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
20:08:50.0824 5360	KSecPkg - ok
20:08:50.0871 5360	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:08:50.0871 5360	ksthunk - ok
20:08:50.0964 5360	L1C             (033b4aed2c5519072c0d81e00804d003) C:\Windows\system32\DRIVERS\L1C62x64.sys
20:08:50.0964 5360	L1C - ok
20:08:51.0011 5360	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:08:51.0011 5360	lltdio - ok
20:08:51.0058 5360	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:08:51.0058 5360	LSI_FC - ok
20:08:51.0073 5360	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:08:51.0073 5360	LSI_SAS - ok
20:08:51.0089 5360	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:08:51.0105 5360	LSI_SAS2 - ok
20:08:51.0214 5360	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:08:51.0214 5360	LSI_SCSI - ok
20:08:51.0245 5360	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:08:51.0261 5360	luafv - ok
20:08:51.0370 5360	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:08:51.0370 5360	MBAMProtector - ok
20:08:51.0432 5360	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:08:51.0448 5360	megasas - ok
20:08:51.0463 5360	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:08:51.0479 5360	MegaSR - ok
20:08:51.0604 5360	mod7764         (f7ab9bbd2d973607c0e69b1d79c7611f) C:\Windows\system32\DRIVERS\mod77-64.sys
20:08:51.0635 5360	mod7764 - ok
20:08:51.0666 5360	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:08:51.0682 5360	Modem - ok
20:08:51.0697 5360	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:08:51.0713 5360	monitor - ok
20:08:51.0775 5360	motccgp - ok
20:08:51.0791 5360	motccgpfl - ok
20:08:51.0807 5360	MotDev - ok
20:08:51.0807 5360	motmodem - ok
20:08:51.0822 5360	MotoSwitchService - ok
20:08:51.0838 5360	Motousbnet - ok
20:08:51.0853 5360	motusbdevice - ok
20:08:51.0916 5360	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:08:51.0916 5360	mouclass - ok
20:08:51.0931 5360	moufiltr - ok
20:08:51.0947 5360	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:08:51.0963 5360	mouhid - ok
20:08:52.0025 5360	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:08:52.0025 5360	mountmgr - ok
20:08:52.0056 5360	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:08:52.0072 5360	mpio - ok
20:08:52.0119 5360	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:08:52.0119 5360	mpsdrv - ok
20:08:52.0197 5360	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:08:52.0197 5360	MRxDAV - ok
20:08:52.0243 5360	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:08:52.0243 5360	mrxsmb - ok
20:08:52.0290 5360	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:08:52.0290 5360	mrxsmb10 - ok
20:08:52.0337 5360	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:08:52.0337 5360	mrxsmb20 - ok
20:08:52.0384 5360	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:08:52.0384 5360	msahci - ok
20:08:52.0431 5360	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:08:52.0446 5360	msdsm - ok
20:08:52.0493 5360	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:08:52.0493 5360	Msfs - ok
20:08:52.0509 5360	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:08:52.0509 5360	mshidkmdf - ok
20:08:52.0555 5360	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:08:52.0555 5360	msisadrv - ok
20:08:52.0618 5360	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:08:52.0618 5360	MSKSSRV - ok
20:08:52.0618 5360	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:08:52.0633 5360	MSPCLOCK - ok
20:08:52.0789 5360	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:08:52.0789 5360	MSPQM - ok
20:08:52.0836 5360	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:08:52.0836 5360	MsRPC - ok
20:08:52.0883 5360	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:08:52.0883 5360	mssmbios - ok
20:08:52.0914 5360	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:08:52.0914 5360	MSTEE - ok
20:08:52.0930 5360	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:08:52.0930 5360	MTConfig - ok
20:08:52.0961 5360	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:08:52.0961 5360	Mup - ok
20:08:53.0070 5360	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:08:53.0086 5360	NativeWifiP - ok
20:08:53.0148 5360	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:08:53.0164 5360	NDIS - ok
20:08:53.0195 5360	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:08:53.0195 5360	NdisCap - ok
20:08:53.0289 5360	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:08:53.0304 5360	NdisTapi - ok
20:08:53.0335 5360	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:08:53.0351 5360	Ndisuio - ok
20:08:53.0382 5360	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:08:53.0398 5360	NdisWan - ok
20:08:53.0429 5360	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:08:53.0445 5360	NDProxy - ok
20:08:53.0601 5360	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:08:53.0601 5360	NetBIOS - ok
20:08:53.0647 5360	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:08:53.0647 5360	NetBT - ok
20:08:53.0757 5360	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:08:53.0772 5360	nfrd960 - ok
20:08:53.0803 5360	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:08:53.0803 5360	Npfs - ok
20:08:53.0819 5360	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:08:53.0819 5360	nsiproxy - ok
20:08:53.0897 5360	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:08:53.0928 5360	Ntfs - ok
20:08:54.0006 5360	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:08:54.0006 5360	Null - ok
20:08:54.0053 5360	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:08:54.0069 5360	nvraid - ok
20:08:54.0100 5360	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:08:54.0115 5360	nvstor - ok
20:08:54.0193 5360	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:08:54.0193 5360	nv_agp - ok
20:08:54.0225 5360	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:08:54.0240 5360	ohci1394 - ok
20:08:54.0303 5360	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:08:54.0303 5360	Parport - ok
20:08:54.0349 5360	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:08:54.0349 5360	partmgr - ok
20:08:54.0396 5360	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:08:54.0396 5360	pci - ok
20:08:54.0427 5360	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:08:54.0427 5360	pciide - ok
20:08:54.0459 5360	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:08:54.0474 5360	pcmcia - ok
20:08:54.0490 5360	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:08:54.0490 5360	pcw - ok
20:08:54.0521 5360	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:08:54.0552 5360	PEAUTH - ok
20:08:54.0693 5360	Point64         (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys
20:08:54.0693 5360	Point64 - ok
20:08:54.0739 5360	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:08:54.0755 5360	PptpMiniport - ok
20:08:54.0786 5360	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:08:54.0786 5360	Processor - ok
20:08:54.0849 5360	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:08:54.0849 5360	Psched - ok
20:08:54.0927 5360	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:08:54.0973 5360	ql2300 - ok
20:08:55.0051 5360	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:08:55.0067 5360	ql40xx - ok
20:08:55.0083 5360	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:08:55.0098 5360	QWAVEdrv - ok
20:08:55.0114 5360	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:08:55.0114 5360	RasAcd - ok
20:08:55.0161 5360	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:08:55.0161 5360	RasAgileVpn - ok
20:08:55.0207 5360	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:08:55.0223 5360	Rasl2tp - ok
20:08:55.0254 5360	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:08:55.0270 5360	RasPppoe - ok
20:08:55.0285 5360	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:08:55.0301 5360	RasSstp - ok
20:08:55.0332 5360	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:08:55.0332 5360	rdbss - ok
20:08:55.0379 5360	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:08:55.0379 5360	rdpbus - ok
20:08:55.0410 5360	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:08:55.0410 5360	RDPCDD - ok
20:08:55.0441 5360	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:08:55.0441 5360	RDPENCDD - ok
20:08:55.0457 5360	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:08:55.0457 5360	RDPREFMP - ok
20:08:55.0504 5360	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:08:55.0504 5360	RDPWD - ok
20:08:55.0566 5360	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:08:55.0566 5360	rdyboost - ok
20:08:55.0660 5360	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:08:55.0675 5360	rspndr - ok
20:08:55.0753 5360	rtl8192se       (8e843c0340c30994161c10fba87eea18) C:\Windows\system32\DRIVERS\rtl8192se.sys
20:08:55.0785 5360	rtl8192se - ok
20:08:55.0816 5360	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:08:55.0831 5360	sbp2port - ok
20:08:55.0863 5360	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:08:55.0878 5360	scfilter - ok
20:08:55.0925 5360	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:08:55.0925 5360	secdrv - ok
20:08:56.0003 5360	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:08:56.0003 5360	Serenum - ok
20:08:56.0034 5360	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:08:56.0050 5360	Serial - ok
20:08:56.0065 5360	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:08:56.0065 5360	sermouse - ok
20:08:56.0112 5360	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:08:56.0112 5360	sffdisk - ok
20:08:56.0128 5360	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:08:56.0128 5360	sffp_mmc - ok
20:08:56.0128 5360	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:08:56.0143 5360	sffp_sd - ok
20:08:56.0175 5360	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:08:56.0190 5360	sfloppy - ok
20:08:56.0221 5360	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:08:56.0221 5360	SiSRaid2 - ok
20:08:56.0253 5360	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:08:56.0253 5360	SiSRaid4 - ok
20:08:56.0346 5360	SLEE_17_DRIVER  (544788d536087daf32b846f10d8392f5) C:\Windows\Sleen1764.sys
20:08:56.0362 5360	SLEE_17_DRIVER - ok
20:08:56.0424 5360	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:08:56.0424 5360	Smb - ok
20:08:56.0471 5360	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:08:56.0471 5360	spldr - ok
20:08:56.0533 5360	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:08:56.0533 5360	srv - ok
20:08:56.0565 5360	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:08:56.0565 5360	srv2 - ok
20:08:56.0580 5360	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:08:56.0580 5360	srvnet - ok
20:08:56.0627 5360	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:08:56.0643 5360	stexstor - ok
20:08:56.0767 5360	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
20:08:56.0767 5360	StillCam - ok
20:08:56.0814 5360	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:08:56.0814 5360	swenum - ok
20:08:56.0923 5360	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:08:56.0970 5360	Tcpip - ok
20:08:57.0111 5360	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:08:57.0126 5360	TCPIP6 - ok
20:08:57.0173 5360	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:08:57.0189 5360	tcpipreg - ok
20:08:57.0220 5360	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:08:57.0220 5360	TDPIPE - ok
20:08:57.0235 5360	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:08:57.0235 5360	TDTCP - ok
20:08:57.0298 5360	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:08:57.0329 5360	tdx - ok
20:08:57.0360 5360	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:08:57.0376 5360	TermDD - ok
20:08:57.0423 5360	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:08:57.0438 5360	tssecsrv - ok
20:08:57.0469 5360	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:08:57.0469 5360	TsUsbFlt - ok
20:08:57.0579 5360	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:08:57.0579 5360	tunnel - ok
20:08:57.0625 5360	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:08:57.0625 5360	uagp35 - ok
20:08:57.0672 5360	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:08:57.0688 5360	udfs - ok
20:08:57.0735 5360	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:08:57.0750 5360	uliagpkx - ok
20:08:57.0797 5360	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:08:57.0813 5360	umbus - ok
20:08:57.0844 5360	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:08:57.0844 5360	UmPass - ok
20:08:57.0906 5360	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
20:08:57.0906 5360	USBAAPL64 - ok
20:08:57.0937 5360	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:08:57.0953 5360	usbccgp - ok
20:08:58.0000 5360	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:08:58.0015 5360	usbcir - ok
20:08:58.0047 5360	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:08:58.0047 5360	usbehci - ok
20:08:58.0078 5360	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:08:58.0078 5360	usbhub - ok
20:08:58.0109 5360	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:08:58.0109 5360	usbohci - ok
20:08:58.0140 5360	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:08:58.0140 5360	usbprint - ok
20:08:58.0187 5360	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:08:58.0203 5360	usbscan - ok
20:08:58.0234 5360	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:08:58.0249 5360	USBSTOR - ok
20:08:58.0281 5360	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:08:58.0281 5360	usbuhci - ok
20:08:58.0343 5360	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:08:58.0359 5360	usbvideo - ok
20:08:58.0405 5360	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:08:58.0405 5360	vdrvroot - ok
20:08:58.0452 5360	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:08:58.0452 5360	vga - ok
20:08:58.0483 5360	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:08:58.0483 5360	VgaSave - ok
20:08:58.0515 5360	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:08:58.0530 5360	vhdmp - ok
20:08:58.0608 5360	vhidmini - ok
20:08:58.0639 5360	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:08:58.0639 5360	viaide - ok
20:08:58.0686 5360	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:08:58.0686 5360	volmgr - ok
20:08:58.0733 5360	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:08:58.0733 5360	volmgrx - ok
20:08:58.0780 5360	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:08:58.0780 5360	volsnap - ok
20:08:58.0889 5360	vpcbus          (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
20:08:58.0905 5360	vpcbus - ok
20:08:59.0029 5360	vpcnfltr        (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
20:08:59.0029 5360	vpcnfltr - ok
20:08:59.0076 5360	vpcusb          (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
20:08:59.0076 5360	vpcusb - ok
20:08:59.0170 5360	vpcuxd          (14578ff302b4c985c9740a0f327ae3c0) C:\Windows\system32\DRIVERS\vpcuxd.sys
20:08:59.0170 5360	vpcuxd - ok
20:08:59.0248 5360	vpcvmm          (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
20:08:59.0248 5360	vpcvmm - ok
20:08:59.0279 5360	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:08:59.0295 5360	vsmraid - ok
20:08:59.0326 5360	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:08:59.0326 5360	vwifibus - ok
20:08:59.0357 5360	VWiFiFlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:08:59.0357 5360	VWiFiFlt - ok
20:08:59.0388 5360	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:08:59.0404 5360	vwifimp - ok
20:08:59.0419 5360	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:08:59.0419 5360	WacomPen - ok
20:08:59.0466 5360	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:08:59.0482 5360	WANARP - ok
20:08:59.0482 5360	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:08:59.0482 5360	Wanarpv6 - ok
20:08:59.0529 5360	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:08:59.0529 5360	Wd - ok
20:08:59.0560 5360	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:08:59.0575 5360	Wdf01000 - ok
20:08:59.0685 5360	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:08:59.0685 5360	WfpLwf - ok
20:08:59.0700 5360	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:08:59.0700 5360	WIMMount - ok
20:08:59.0825 5360	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:08:59.0841 5360	WinUsb - ok
20:08:59.0887 5360	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:08:59.0887 5360	WmiAcpi - ok
20:08:59.0950 5360	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:08:59.0950 5360	ws2ifsl - ok
20:09:00.0012 5360	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:09:00.0028 5360	WudfPf - ok
20:09:00.0059 5360	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:09:00.0059 5360	WUDFRd - ok
20:09:00.0121 5360	XUIF            (6533f30045b0a234783bd8b4069f0433) C:\Windows\system32\Drivers\x10ufx2.sys
20:09:00.0121 5360	XUIF - ok
20:09:00.0153 5360	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:09:00.0215 5360	\Device\Harddisk0\DR0 - ok
20:09:00.0215 5360	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2
20:09:00.0215 5360	\Device\Harddisk2\DR2 - ok
20:09:00.0215 5360	Boot (0x1200)   (42b322b5aef9076adbe074d7de11546a) \Device\Harddisk0\DR0\Partition0
20:09:00.0231 5360	\Device\Harddisk0\DR0\Partition0 - ok
20:09:00.0246 5360	Boot (0x1200)   (489c3c56958f75e9f790d07f6e6e1072) \Device\Harddisk0\DR0\Partition1
20:09:00.0246 5360	\Device\Harddisk0\DR0\Partition1 - ok
20:09:00.0277 5360	Boot (0x1200)   (9ccfe17b0c9566dc5843d432da8ddd04) \Device\Harddisk0\DR0\Partition2
20:09:00.0277 5360	\Device\Harddisk0\DR0\Partition2 - ok
20:09:00.0277 5360	Boot (0x1200)   (9d92e9f55c854640a8f92c8b0ad01430) \Device\Harddisk2\DR2\Partition0
20:09:00.0277 5360	\Device\Harddisk2\DR2\Partition0 - ok
20:09:00.0277 5360	============================================================
20:09:00.0277 5360	Scan finished
20:09:00.0277 5360	============================================================
20:09:00.0293 5872	Detected object count: 0
20:09:00.0293 5872	Actual detected object count: 0

cosinus · 26.02.2012, 20:16

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Keno79 · 26.02.2012, 22:09

Hier wieder das Ergebnis:

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-02-25.02 - Keno 26.02.2012  21:50:53.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3895.2144 [GMT 1:00]
ausgeführt von:: c:\users\Keno\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Keno\30d
c:\users\Keno\30d\SAM_1359_1600x1067.JPG
c:\users\Keno\AppData\Local\assembly\tmp
F:\Autorun.inf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-26 bis 2012-02-26  ))))))))))))))))))))))))))))))
.
.
2012-02-26 20:55 . 2012-02-26 20:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-26 16:44 . 2012-02-26 16:44	--------	d-----w-	C:\_OTL
2012-02-24 19:33 . 2012-02-24 19:33	--------	d-----w-	c:\program files (x86)\ESET
2012-02-24 19:18 . 2012-02-24 19:18	--------	d-----w-	c:\users\Keno\AppData\Roaming\Malwarebytes
2012-02-24 19:17 . 2012-02-24 19:17	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-24 19:17 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-24 19:17 . 2012-02-24 19:18	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-24 14:32 . 2012-02-24 14:32	--------	d-----w-	c:\users\Keno\AppData\Roaming\Avira
2012-02-24 07:34 . 2012-02-08 07:13	8643640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD785F03-41B2-47FC-BEC2-58DA89C318DD}\mpengine.dll
2012-02-22 13:22 . 2012-02-26 20:56	--------	d-----w-	C:\Temp
2012-02-22 13:22 . 2012-02-22 13:22	--------	d-----w-	c:\users\Keno\AppData\Roaming\Motorola
2012-02-22 13:21 . 2012-02-22 13:21	--------	d-----w-	c:\program files\Motorola Inc
2012-02-20 14:50 . 2012-02-20 14:50	--------	d-----w-	c:\program files\iPod
2012-02-20 14:50 . 2012-02-20 14:50	--------	d-----w-	c:\program files\iTunes
2012-02-20 14:50 . 2012-02-20 14:50	--------	d-----w-	c:\program files (x86)\iTunes
2012-02-08 13:09 . 2011-06-25 09:52	1002728	----a-w-	c:\windows\system32\WinUSBCoInstaller2.dll
2012-02-07 07:31 . 2012-02-07 07:33	--------	d-----w-	c:\programdata\RavensburgerTipToi
2012-02-07 07:31 . 2012-02-07 07:31	--------	d-----w-	c:\users\Keno\AppData\Roaming\RavensburgerTipToi
2012-02-07 07:31 . 2012-02-07 07:31	--------	d-----w-	c:\program files (x86)\Ravensburger tiptoi
2012-02-03 09:37 . 2012-02-03 09:37	--------	d-----w-	c:\program files\Microsoft IntelliPoint
2012-02-01 12:57 . 2012-02-01 12:57	--------	d-----w-	c:\programdata\CanonIJScan
2012-02-01 12:54 . 2012-02-01 12:54	--------	d-----w-	c:\program files (x86)\ArcSoft
2012-02-01 12:54 . 1995-08-01 03:44	212480	----a-w-	c:\windows\PCDLIB32.DLL
2012-02-01 12:53 . 2001-09-05 03:18	225280	------w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-02-01 12:53 . 2001-09-05 03:14	176128	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-02-01 12:53 . 2001-09-05 03:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-02-01 12:53 . 2001-09-05 03:13	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-02-01 12:52 . 2012-02-01 12:52	--------	d--h--w-	c:\windows\system32\CanonIJ Uninstaller Information
2012-02-01 12:51 . 2009-04-02 18:12	92672	----a-w-	c:\windows\system32\CNQ4808I.DLL
2012-02-01 12:51 . 2008-05-23 16:28	744960	----a-w-	c:\windows\system32\CNQ4808L.DLL
2012-02-01 12:51 . 2007-03-15 13:13	229888	----a-w-	c:\windows\system32\CNQ4808O.DLL
2012-02-01 12:51 . 2012-02-01 12:51	--------	d-----w-	c:\program files\CanonBJ
2012-02-01 12:51 . 2009-04-02 18:12	1354240	----a-w-	c:\windows\system32\CNQ4808C.DLL
2012-01-31 12:02 . 2012-02-15 13:19	--------	d-----r-	c:\users\Keno\Virtual Machines
2012-01-31 10:45 . 2012-01-31 10:46	--------	d-----w-	c:\program files\Windows XP Mode
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 04:10 . 2010-11-04 18:09	279656	------w-	c:\windows\system32\MpSigStub.exe
2011-12-14 18:30 . 2010-11-05 14:18	1248080	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-02 04:04 . 2010-12-22 13:35	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-12-02 04:04 . 2010-12-22 13:34	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-11-29 09:00 . 2010-11-05 14:19	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-29 09:00 . 2010-11-05 14:18	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-29 08:59 . 2010-12-22 13:34	1092400	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Keno\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Keno\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Keno\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MultiScreen"="c:\program files (x86)\MultiScreen\MultiScreen.exe" [2009-08-11 303104]
"dualmonitor"="c:\program files (x86)\Dual Monitor\DualMonitor.exe" [2011-09-01 317952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Nero MediaHome 4"="c:\program files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2009-06-23 4891944]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Recordpad"="c:\program files (x86)\NCH Swift Sound\Recordpad\recordpad.exe" [2011-08-02 1228804]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Keno\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Keno\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-9-2 24183152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
SELPHY Photo Print Launcher.lnk - c:\program files (x86)\Canon\SELPHY Photo Print\CIC_SPPhelper.exe [2010-4-20 794624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-06 136176]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-06 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mod7764;TV Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 SXDS10;soft Xpansion Dispatch Service;c:\program files (x86)\Common Files\soft Xpansion\sxds10.exe \Service [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vpcuxd;USB-Virtualisierungsstubdienst;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\Sleen1764.sys [2011-09-12 13:28 108256]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-12-06 214896]
S2 OpLclSrv;OKI Local Port Manager;c:\program files\Okidata\Common\Extend3\portmgrsrv.exe [2009-09-28 161280]
S2 PrintSuperVision Engine;PrintSuperVision Engine;c:\program files (x86)\PrintSuperVision\www\bin\PSVEngine.exe [2010-01-22 57344]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-06 15:24]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-06 15:24]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Keno\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Keno\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Keno\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Keno\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = ;192.168.*.*
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Keno\AppData\Roaming\Mozilla\Firefox\Profiles\r8we546a.default\
FF - prefs.js: browser.search.defaulturl - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-mumservice - c:\program files\Motorola\Software Update\mumservice.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-26  22:02:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-26 21:02
.
Vor Suchlauf: 16 Verzeichnis(se), 243.627.851.776 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 243.113.123.840 Bytes frei
.
- - End Of File - - 2440E93C9A6D2B1ED89384BA01C8F1F6

--- --- ---

cosinus · 26.02.2012, 22:30

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

50 Euro Virus. PC ist gesperrt. Bitte um Hilfe.

Plagegeister aller Art und deren Bekämpfung: 50 Euro Virus. PC ist gesperrt. Bitte um Hilfe.