Virus verwandelt Ordner externer Datenträger in Verknüpfungen!

Steffchen · 13.03.2012, 13:40

Hallo liebes Trojaner-Board-Team!
Ich habe das gleiche Problem wie schon viele vor mir hier. Ordner von externen Sachen lassen sich nicht mehr öffnen, da sie zu Verknüpfungen werden. Leider habe ich nicht schnell genug geschaltet und deswegen meinen iPod, einen USB-Stick und meine SD-Karte von der Kamera infiziert. Die ersten zwei Sachen kann ich formatieren, jedoch wäre es super wenn die Fotos von der Speicherkarte gerettet werden könnten! Vorerst möchte ich natürlich meinen Laptop säubern...

Also nach den Anweisungen, die hier im Forum stehen, habe ich Malware installiert und den Vollscan gemacht. Hat auch gut funktioniert, jedoch hat zwischendurch mein Avira Anti-Virus Programm noch etwas gefunden. Das hat mich etwas durcheinander gebracht. Hoffe aber ich habe alles richtig gemacht.

Der ESET-Online-Scanner hat leider nicht funktioniert. Beim Schritt "Komponenten herunterladen" kam immer eine Meldung mit "Proxy Konfiguration". Könnte das vielleicht daran liegen, dass ich gerade aus einem Hotel Internet (LAN-Kabel) beziehe?

Ich wäre sehr froh, wenn ihr trotzdem helfen könntet!

Hier kommt auf jeden Fall erstmal der Malware-Log (dies ist der allererste, hab das Programm heute erst installiert):

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.13.02

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
Broiler-bunny :: PUPSISPC [Administrator]

Schutz: Aktiviert

13.03.2012 10:46:24
mbam-log-2012-03-13 (10-46-24).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 374993
Laufzeit: 1 Stunde(n), 49 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 4
C:\Users\Broiler-bunny\AppData\Roaming\F36A9\lvvm.exe (Malware.Packer) -> 3996 -> Löschen bei Neustart.
C:\Users\Broiler-bunny\AppData\Roaming\Microsoft\8873\6B9.exe (Malware.Packer) -> 3776 -> Löschen bei Neustart.
C:\Users\Broiler-bunny\M-1-52-5782-8752-5245\winsvc.exe (Backdoor.IRCBot) -> 4268 -> Löschen bei Neustart.
C:\Users\Broiler-bunny\50-8270-5705-5150\winsvc.exe (Backdoor.IRCBot) -> 4508 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|6B9.exe (Malware.Packer) -> Daten: C:\Users\Broiler-bunny\AppData\Roaming\Microsoft\8873\6B9.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows Update (Backdoor.IRCBot) -> Daten: C:\Users\Broiler-bunny\M-1-52-5782-8752-5245\winsvc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Windows Update (Backdoor.IRCBot) -> Daten: C:\Users\Broiler-bunny\50-8270-5705-5150\winsvc.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|6B9.exe (Malware.Packer) -> Daten: "C:\Program Files (x86)\LP\8873\6B9.exe" -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.CycBot) -> Daten: C:\Users\Broiler-bunny\AppData\Roaming\F36A9\lvvm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Daten: http=127.0.0.1:53455 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Malware.Packer) -> Bösartig: (C:\Users\Broiler-bunny\AppData\Roaming\F36A9\lvvm.exe) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\Broiler-bunny\M-1-52-5782-8752-5245 (Trojan.Agent.Gen) -> Löschen bei Neustart.

Infizierte Dateien: 35
C:\Users\Broiler-bunny\AppData\Roaming\F36A9\lvvm.exe (Malware.Packer) -> Löschen bei Neustart.
C:\Users\Broiler-bunny\AppData\Roaming\Microsoft\8873\6B9.exe (Malware.Packer) -> Löschen bei Neustart.
C:\Users\Broiler-bunny\M-1-52-5782-8752-5245\winsvc.exe (Backdoor.IRCBot) -> Löschen bei Neustart.
C:\Users\Broiler-bunny\50-8270-5705-5150\winsvc.exe (Backdoor.IRCBot) -> Löschen bei Neustart.
C:\Program Files (x86)\LP\8873\6B9.exe (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3U90KZ5Z\bu[2].exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\85UT6FUP\gr[1].exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\946NAYL6\st[1].exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WO9ACWGT\st[1].exe (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\0551564.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\0836474.exe (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\1420722.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\1640507.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\1651703.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\3024262.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\3086581.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\3139503.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\3304144.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\3630423.exe (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\3983105.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\4744757.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\4986207.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\5243550.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\5403241.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\5901770.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\7090222.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\7729887.exe (Backdoor.IRCBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\9554856.exe (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Roaming\WINWORD.EXE (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Roaming\Microsoft\8873\AEF5.tmp (Malware.Packer) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\1476298.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\4028328.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\5282853.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\5856307.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Broiler-bunny\AppData\Local\Temp\9121830.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

cosinus · 13.03.2012, 18:37

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Steffchen · 14.03.2012, 01:35

Huhu, danke schon mal für die Antwort.

Ich habe vorher noch nie mit Malwarebytes gescannt, also es gibt auch keine Logs von früher.

cosinus · 14.03.2012, 15:17

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Steffchen · 15.03.2012, 01:24

Hallo, also wie gesagt funktioniert der ESET Scan leider nicht. Bei dem Schritt Komponenten herunterladen zeigt er mir an: "Can not get update. Is proxy configured?" Und ich dachte das liegt vllt daran, dass ich gerade im Hotel bin und dessen Internet nutze. Dafür musste ich ein paar Einstellungen ändern (IP-Adressen und DNS-Serveradresse automatisc beziehen). Entschuldigung wenn ich Stuss labere, war nur so eine Vermutung vom Laie^^

Liebe Grüße

cosinus · 15.03.2012, 04:41

Hab ich wohl überlesen

Bitte prüfen

Falsche Proxy Einstellungen entfernen

Klicke im Start-Menü unter "Einstellungen" auf "Systemsteuerung" -> "Internetoptionen".
Wähle die Karteikarte "Verbindungen->Lan-Einstellungen“ und überprüfe ob bei Proxyserver ein Häkchen steht,
wenn ja -> Entfernen, dann -> OK (sofern nicht richtige Eintragung)

Steffchen · 15.03.2012, 15:11

Oki, danke jetzt hat es natürlich geklappt. Aber er wollte mir erst den Log nicht öffnen. Ich hoffe dies ist nun der Richtige:

ESET

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ff3640c9bc475542b566e5cb54dbb5c8
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-15 12:20:54
# local_time=2012-03-15 01:20:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 1725515 1725515 0 0
# compatibility_mode=5121 16776573 100 82 75599246 84167854 0 0
# compatibility_mode=5892 16776638 100 95 130916937 169325812 0 0
# compatibility_mode=8192 67108863 100 0 165397 165397 0 0
# scanned=186914
# found=3
# cleaned=0
# scan_time=12150
C:\Users\Broiler-bunny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FCD8YH0D\iok[1].exe	a variant of Win32/Injector.LAG trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Broiler-bunny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T8TUGLQ0\fa[1].exe	a variant of Win32/Injector.LKE trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Broiler-bunny\AppData\Local\Temp\6382264.exe	a variant of Win32/Injector.LAG trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 15.03.2012, 22:47

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Steffchen · 16.03.2012, 02:37

Hier kommen die zwei Scans von OTL. Danke auf jeden Fall schon mal! Es geht voran. JUHUUUU!!! Grüße!

OTL.Txt

Code:

ATTFilter

OTL logfile created on: 16.03.2012 02:08:08 - Run 1
OTL by OldTimer - Version 3.2.37.1     Folder = C:\Users\Broiler-bunny\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 63,31% Memory free
8,11 Gb Paging File | 6,16 Gb Available in Paging File | 75,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 288,54 Gb Free Space | 63,97% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 5,27 Gb Free Space | 35,98% Space Free | Partition Type: NTFS
 
Computer Name: PUPSISPC | User Name: Broiler-bunny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Broiler-bunny\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
PRC - c:\PROGRA~2\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()
PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Programme\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Windows\SysWOW64\studnet\studnet.exe (Dossin-Brade GbR)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\18f2261a32e4aa98d770c405554bd8d5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\51bdab63dd9dbcddbfef9c82bffdbd59\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f183e57f94e56ac92ee99eed8e63943d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\59f9dfe0ea64752c07f5a59c283c163b\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f4fbd5c3aa0de64cce8f542b447a31a8\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d1bb7213f94f2bfa67b0b560785220\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\19567fed292e63e5f621a3d51a928a50\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e76687b391c0306e62f4b5d75ada1c7b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\fb2c19218882b1abff1153a58bbca023\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5e5d55f6c78559ec0497dadf9227291b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll ()
MOD - C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll ()
MOD - C:\Program Files (x86)\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\de\DataSafeOnline.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\de\SdbUI.resources.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe ()
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys ()
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys ()
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys ()
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys ()
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys ()
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys ()
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (mfebopk) -- C:\Windows\SysNative\drivers\mfebopk.sys ()
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys ()
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys ()
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53455
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53455
 
 
 
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53455
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: rikaichan-jpnames@polarcloud.com:2.01.101002
FF - prefs.js..extensions.enabledItems: rikaichan-jpen@polarcloud.com:2.01.101002
FF - prefs.js..extensions.enabledItems: rikaichan-jpde@polarcloud.com:2.01.101002
FF - prefs.js..extensions.enabledItems: mail@shopping-preise.de:1.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.01.04 17:31:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.01.04 17:31:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.11 10:51:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.15 14:59:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@shopping-preise.de: C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\extensions\mail@shopping-preise.de [2012.03.15 12:11:05 | 000,000,000 | ---D | M]
 
[2009.10.18 18:19:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Extensions
[2012.03.15 15:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions
[2010.11.04 01:18:06 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2009.10.19 16:26:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.01 20:54:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.18 12:51:54 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.12.06 18:45:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.12.06 18:43:58 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.03.15 12:11:05 | 000,000,000 | ---D | M] (Shopping-preise.de) -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\mail@shopping-preise.de
[2010.11.04 01:20:07 | 000,000,000 | ---D | M] (Rikaichan Japanese-German Dictionary File) -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\rikaichan-jpde@polarcloud.com
[2010.11.04 01:20:13 | 000,000,000 | ---D | M] (Rikaichan Japanese-English Dictionary File) -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\rikaichan-jpen@polarcloud.com
[2010.11.04 01:19:57 | 000,000,000 | ---D | M] (Rikaichan Japanese Names Dictionary File) -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\rikaichan-jpnames@polarcloud.com
[2012.03.09 12:04:14 | 000,000,961 | ---- | M] () -- C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\searchplugins\icqplugin-1.xml
[2011.03.05 18:09:34 | 000,000,961 | ---- | M] () -- C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\searchplugins\icqplugin-2.xml
[2011.05.11 10:51:36 | 000,000,961 | ---- | M] () -- C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\searchplugins\icqplugin-3.xml
[2010.12.07 21:06:45 | 000,001,069 | ---- | M] () -- C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\searchplugins\icqplugin.xml
[2011.06.10 15:04:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.11.02 17:24:52 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files (x86)\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2010.05.02 13:42:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.01.08 00:56:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.11 10:51:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.11 10:51:12 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.11 10:51:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.11 10:51:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.11 10:51:12 | 000,000,801 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [fsi] C:\Program Files (x86)\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000..\Run: [studNET-Autologin] C:\Windows\SysWOW64\studnet\studnet.exe (Dossin-Brade GbR)
O4 - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] c:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe ()
O4 - Startup: C:\Users\Broiler-bunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Broiler-bunny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files (x86)\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Broiler-bunny\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 163.139.230.165 163.139.230.164
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D25292B3-85B2-4904-90F7-DDE61E5AF444}: DhcpNameServer = 163.139.230.165 163.139.230.164
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Broiler-bunny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Broiler-bunny\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.15 14:59:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Esl
[2012.03.15 14:58:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.03.15 14:57:18 | 000,000,000 | ---D | C] -- C:\Users\Broiler-bunny\AppData\Local\Solid State Networks
[2012.03.15 12:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free PDF Converter
[2012.03.15 12:12:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FPDFC
[2012.03.15 12:10:57 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll
[2012.03.15 11:54:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExceltoPdfConverter
[2012.03.15 11:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExceltoPdfConverter
[2012.03.15 01:12:25 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Broiler-bunny\Desktop\esetsmartinstaller_enu(3).exe
[2012.03.13 13:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.13 10:45:00 | 000,000,000 | ---D | C] -- C:\Users\Broiler-bunny\AppData\Roaming\Malwarebytes
[2012.03.13 10:44:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.13 10:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.13 10:44:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.24 11:41:14 | 000,000,000 | ---D | C] -- C:\Users\Broiler-bunny\AppData\Roaming\Avira
[2012.02.24 11:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.02.24 11:39:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.02.24 11:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.16 02:02:57 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.16 02:02:57 | 000,628,742 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.16 02:02:57 | 000,595,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.16 02:02:57 | 000,126,454 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.16 02:02:57 | 000,104,070 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.16 02:01:00 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2012.03.16 01:56:54 | 000,001,799 | ---- | M] () -- C:\Users\Broiler-bunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series.lnk
[2012.03.16 01:56:35 | 000,028,363 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2012.03.16 01:55:33 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.16 01:55:33 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.16 01:55:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.16 01:55:22 | 4258,115,584 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.15 11:46:54 | 001,164,462 | ---- | M] () -- C:\Users\Broiler-bunny\Documents\Daigaku
[2012.03.15 11:27:37 | 000,132,320 | ---- | M] () -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.03.15 09:41:06 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8E49CD4F-3F0B-439F-A746-0363456D1BF6}.job
[2012.03.15 04:17:12 | 000,416,543 | ---- | M] () -- C:\Users\Broiler-bunny\Desktop\Application_termn_ausgefüllt_mit_foto2.pdf
[2012.03.15 01:12:31 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Broiler-bunny\Desktop\esetsmartinstaller_enu(3).exe
[2012.03.13 10:44:52 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.24 11:40:32 | 000,001,903 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.21 18:20:34 | 000,185,712 | ---- | M] () -- C:\Users\Broiler-bunny\Documents\Scan0006.jpg
 
========== Files Created - No Company Name ==========
 
[2012.03.15 12:17:58 | 000,416,543 | ---- | C] () -- C:\Users\Broiler-bunny\Desktop\Application_termn_ausgefüllt_mit_foto2.pdf
[2012.03.15 12:10:58 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.03.15 11:54:41 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2012.03.15 11:54:39 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2012.03.15 11:46:46 | 001,164,462 | ---- | C] () -- C:\Users\Broiler-bunny\Documents\Daigaku
[2012.03.13 10:44:52 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.13 10:44:47 | 000,023,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.24 11:40:32 | 000,001,903 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.02.24 11:39:56 | 000,132,320 | ---- | C] () -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.02.24 11:39:56 | 000,097,312 | ---- | C] () -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.02.24 11:39:56 | 000,027,760 | ---- | C] () -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.02.21 18:20:34 | 000,185,712 | ---- | C] () -- C:\Users\Broiler-bunny\Documents\Scan0006.jpg
[2012.01.04 17:24:17 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011.11.16 10:39:51 | 000,000,000 | ---- | C] () -- C:\Users\Broiler-bunny\AppData\Roaming\chrtmp
[2011.08.05 16:51:35 | 000,684,916 | ---- | C] () -- C:\Windows\unins000.exe
[2011.08.05 16:51:35 | 000,012,461 | ---- | C] () -- C:\Windows\unins000.dat
[2011.06.06 12:55:32 | 000,017,078 | ---- | C] () -- C:\Program Files (x86)\Liesmich.htm
[2011.06.06 12:55:32 | 000,016,758 | ---- | C] () -- C:\Program Files (x86)\ReadMe.htm
[2011.01.04 16:10:56 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.01.04 16:10:56 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.01.04 16:10:56 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.01.04 16:10:56 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.10.13 21:39:43 | 000,000,400 | ---- | C] () -- C:\Windows\NJCOM.INI
[2010.09.30 10:50:57 | 000,001,164 | ---- | C] () -- C:\Users\Broiler-bunny\AppData\Local\9A5FF4EA.il
[2010.09.30 10:50:57 | 000,000,280 | ---- | C] () -- C:\Users\Broiler-bunny\AppData\Local\IndexIE_9A5FF4EA.il
 
========== LOP Check ==========
 
[2011.08.28 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\.anki
[2010.10.20 16:42:48 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\.matplotlib
[2011.11.22 14:11:52 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\361F3
[2010.11.02 17:37:02 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Academic Software Zurich
[2010.02.07 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Autodesk
[2011.02.11 12:06:27 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\BitTorrent
[2010.12.18 12:51:53 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.13 12:52:06 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\F36A9
[2011.11.17 19:24:17 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\ICQ
[2010.09.19 13:27:22 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\IrfanView
[2010.05.12 19:30:44 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\JAM Software
[2010.10.13 21:46:28 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\NJStar
[2011.07.02 11:27:21 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Samsung
[2011.11.29 15:41:09 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\WordToPDF
[2011.11.22 14:27:04 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012.03.15 17:01:49 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.03.15 09:41:06 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8E49CD4F-3F0B-439F-A746-0363456D1BF6}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.28 16:51:11 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\.anki
[2010.10.20 16:42:48 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\.matplotlib
[2011.11.22 14:11:52 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\361F3
[2010.11.02 17:37:02 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Academic Software Zurich
[2011.11.13 11:32:21 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Adobe
[2011.11.14 17:58:12 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Apple Computer
[2009.10.16 09:43:21 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\ATI
[2010.02.07 12:30:12 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Autodesk
[2012.02.24 11:41:14 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Avira
[2011.02.11 12:06:27 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\BitTorrent
[2009.10.18 17:46:52 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Creative
[2009.11.08 20:17:52 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\CyberLink
[2009.10.16 09:44:20 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Dell
[2009.11.11 13:49:30 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\DivX
[2010.12.18 12:51:53 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.13 12:52:06 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\F36A9
[2012.01.11 17:58:41 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\HpUpdate
[2011.11.17 19:24:17 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\ICQ
[2009.10.16 09:41:29 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Identities
[2010.09.19 13:27:22 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\IrfanView
[2010.05.12 19:30:44 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\JAM Software
[2009.10.17 14:35:35 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Macromedia
[2012.03.13 10:45:00 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Media Center Programs
[2012.01.12 20:48:22 | 000,000,000 | --SD | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Microsoft
[2009.10.18 18:19:46 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Mozilla
[2010.10.13 21:46:28 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\NJStar
[2009.10.18 17:52:29 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Reallusion
[2009.12.14 23:40:10 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Roxio
[2011.07.02 11:27:21 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Samsung
[2012.03.16 02:07:09 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\Skype
[2012.03.16 01:57:18 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\skypePM
[2011.01.08 01:16:41 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\vlc
[2010.01.07 19:54:16 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\WinRAR
[2011.11.29 15:41:09 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\WordToPDF
 
< %APPDATA%\*.exe /s >
[2011.06.10 14:53:56 | 003,080,864 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Broiler-bunny\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] () MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.30 11:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=5EB9EF6EEC5D873E94992095A1719BF6 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_39c3f1ccf31998cb\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
[2009.04.30 11:21:29 | 000,022,584 | ---- | M] () MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.30 11:21:29 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=F988BB0690CD660318037908E9B8DBF7 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_393a5501d9fbf901\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] () MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] () MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] () MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\SysNative\netlogon.dll
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SysWOW64\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] () MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SysWOW64\scecli.dll
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] () MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\SysNative\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\SysWOW64\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=F3F5549E69AE8509342E67E4F972CA1C -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] () Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] () MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] () MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\61da130e21aad3387c2fa3ca1d469de3\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] () MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

Steffchen · 16.03.2012, 02:38

Extras.Txt

Code:

ATTFilter

OTL Extras logfile created on: 16.03.2012 02:08:08 - Run 1
OTL by OldTimer - Version 3.2.37.1     Folder = C:\Users\Broiler-bunny\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,96 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 63,31% Memory free
8,11 Gb Paging File | 6,16 Gb Available in Paging File | 75,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451,07 Gb Total Space | 288,54 Gb Free Space | 63,97% Space Free | Partition Type: NTFS
Drive D: | 14,65 Gb Total Space | 5,27 Gb Free Space | 35,98% Space Free | Partition Type: NTFS
 
Computer Name: PUPSISPC | User Name: Broiler-bunny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-1191413046-2978801066-2015430523-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C4D3B9A-44D7-485C-BBCB-C2E5E58BBC34}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{19C3C92B-C315-4E1B-B9B6-15A863712276}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2E152434-25AD-48BB-9509-AD8BC9B425B2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{3E6C4FA6-CA81-4109-8A28-FE6E1A47D7C2}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4CE552F9-9F33-47BB-B0A5-5F93189C0678}" = rport=138 | protocol=17 | dir=out | app=system | 
"{50830E1F-0DA2-451C-BAFB-8C97A056703E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{518022EF-D78B-4D1A-8526-CE905787602B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{79E4B1B2-5FC3-43BD-A68C-395AF6EC7DA2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{93B9CABC-B819-4D5A-B287-376E2133C4D7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B1C6A7CF-AEAF-4F8B-BB5C-498132CE241D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B3751B0A-178F-4C56-8B07-07C1D9DD555A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{EA625AC9-A6CA-4D19-85FE-0DFB9EAF8ADE}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D89540-20EE-4B8B-9E18-B6A3BE84ED00}" = protocol=17 | dir=in | app=c:\windows\temp\kd_installer.exe | 
"{0724FD04-489B-4CB0-BE2D-3B885118907A}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | 
"{0CB19254-CEB6-41EF-8D3D-7F708B0FB1DC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0EB0A390-FB87-4B54-9349-E958CB6ED161}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0EDD5A75-F058-4B2E-98D0-F0561180A8B1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{0F220846-71D1-49E3-8053-899B36451A4E}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{0F40DF2B-07DC-462E-9CD3-9FB7658EF95E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1CCC7634-F493-4EB5-A03A-32F347DED4D0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2590E439-BF13-47E7-B9B6-C7CACF5EEAD2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2D4ED168-82F1-4F98-B15E-4C1F6AECB8E9}" = protocol=17 | dir=in | app=c:\windows\temp\kd_installer.exe | 
"{2F476B7E-07C6-474A-987A-FCDA1CD2345C}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{3F183A4C-D440-4075-BDE8-D184869C2910}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{46A057AD-61BC-43F8-BF79-2C5AAAC64DDD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{4AF2478B-9AC1-4C4E-97F2-D5E97B3936A2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{54E6BC4D-7559-4A4C-B777-370AFEFB9736}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{57176A2B-8B4D-4080-A9C9-C4CD79B7C238}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{639978C7-D475-40C6-A8B4-3AAFD7329B92}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{658722E1-9557-4606-8F9F-8575536B7921}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{67190E95-5B23-44B2-AC8A-7ADB02777CFA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{68839EEF-7F8B-4EB5-B0FB-155204E9024E}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{6D59A997-B26C-44D4-B863-90B73D32C408}" = protocol=6 | dir=in | app=c:\windows\temp\kd_installer.exe | 
"{6D5DFEE6-EC83-4617-B7D4-EC2633534963}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{885CBB27-5E4C-495D-A778-1EFF6AF0D17F}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | 
"{894402E7-6E2E-44B2-BC8A-E5A9D5A87227}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{914FFABF-AEDF-43CC-8B8E-7570FF321538}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{934B5669-109B-4716-BF9A-B89F9901E2E8}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | 
"{955E0EE5-E7FB-41C7-8FBC-389FFB4A3A2E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{984380DD-9F94-446C-ADA6-E23F104C5706}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{9F8B9311-060F-48F4-BB13-841F5282F466}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{A4B1609A-287B-45BB-BC78-FBC20642B2A3}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{BAB8E571-CFC2-4916-BF3E-38B530FDDE07}" = protocol=6 | dir=in | app=c:\windows\temp\kd_installer.exe | 
"{CF6F1028-8357-4B5E-8943-B22C0F516A52}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe | 
"{D25CC972-EEA1-4872-A0E9-088ED22FAC40}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{DACCDB67-6A86-4826-A419-8B2BA78E9C66}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{E1DAB336-6C98-41F5-8474-8C81F447FBE7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{E7DED0DC-C872-480D-A7F8-86AD77D7D5CB}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{FA93B34A-DC07-49E1-A50E-2E471498E723}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | 
"{FF4BBE89-B8AB-4B54-B746-5D786FE82339}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{5759E649-E281-46C2-BB4B-50413623DCDF}" = iTunes
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{93B49FE1-0C81-479B-986A-D50DDA80E2C6}" = Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{B0BF4E84-0EE3-4E47-B90E-27B40348E022}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{E87F997C-3E93-6DAD-1AE6-619002BA9623}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Creative OA008" = Integrated Webcam Driver (1.04.01.0601)  
"EPSON Printer and Utilities" = EPSON Printer Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Dell Touchpad
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = ExceltoPdfConverter
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0CE69E03-1021-EB74-0836-C706CADC213A}" = Catalyst Control Center Localization Korean
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15F7FA6D-8FC5-08FD-2727-8AE6811A2A0D}" = CCC Help Russian
"{180BEABD-453E-4047-96B4-4F86EE605589}" = CCC Help Danish
"{181A0114-24D5-9E74-0138-4C8C27ED3EAC}" = Catalyst Control Center Graphics Light
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1E5196FA-47EF-F0C7-847B-960F3349E9B5}" = CCC Help Finnish
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2094F083-B28B-AFFD-4075-49E803BE17B7}" = CCC Help Italian
"{2116C03A-7111-9669-8009-9FD7F5AABA20}" = Catalyst Control Center Graphics Full New
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23467AA2-058A-1064-40C5-E0E0533C2D7D}" = Catalyst Control Center Localization French
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 23
"{26B29DE2-7759-F8BB-FB10-98142B343C8C}" = CCC Help Korean
"{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1" = shopping-preise.de - AddOn für Firefox
"{2FB28284-51D3-C991-3940-694B1B629F2B}" = Catalyst Control Center Localization German
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3945F4B5-0FAD-38E3-B39B-2F497550C847}" = CCC Help French
"{3F6107B9-D211-EBCC-EA41-BD2FAC156A23}" = Catalyst Control Center Localization Japanese
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{3FD8C713-B1D5-D973-5351-50A918C02749}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{5783F2D7-4001-0407-0002-0060B0CE6BBA}" = AutoCAD 2006 - Deutsch
"{586DD9D2-09B2-D1DB-AD2A-95194A771C49}" = CCC Help Dutch
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6C16A05F-C202-578A-108C-AFA4D9167CCC}" = Catalyst Control Center Localization Spanish
"{6C6D7326-770A-812B-B104-442F71A826F8}" = Catalyst Control Center Localization Russian
"{6EA1C352-4D16-5A9F-7751-D7AE08AA7F63}" = Catalyst Control Center Localization Chinese Traditional
"{72085899-3540-2F67-F5C7-46FF826A235F}" = CCC Help German
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{74622EDD-7879-3185-976D-A6098420D889}" = CCC Help Portuguese
"{7505BBE5-CB0C-5027-1228-15CC7C26C4C3}" = CCC Help English
"{76C4BA9A-BFA5-151D-8A39-AA0E74041F83}" = Catalyst Control Center Localization Danish
"{77A5C01F-E04C-9616-2E3D-D78CF889712B}" = Catalyst Control Center Graphics Full Existing
"{79D34E3B-8826-170B-8B3D-A9CD9C2D28F5}" = ccc-core-static
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CDF0744-7A0D-961B-3695-49756E822FC4}" = Catalyst Control Center Localization Swedish
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8247BD1D-C258-DBEE-3225-B9F0214763AB}" = CCC Help Japanese
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{92491D2C-D9E9-5FDD-64CD-82D5688872A9}" = Catalyst Control Center Localization Italian
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9EF77B2D-FF26-9237-BBAB-127110FD65CC}" = Catalyst Control Center Localization Portuguese
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A30EE8A6-6B9F-4973-B5ED-2A60B40576E4}_is1" = StudNET Login Client
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACB08AF2-DFE9-C179-8BC9-E3209F3EBC28}" = CCC Help Chinese Traditional
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB5F88FC-5D66-9316-0E48-E411941A8A74}" = Catalyst Control Center Graphics Previews Vista
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C17280C4-8BF2-946A-9C51-EEB2CD216D89}" = Catalyst Control Center Graphics Previews Common
"{C5D85C24-A56B-6954-77F1-B25A4B4E7B52}" = CCC Help Spanish
"{C8C5CE76-860E-B5FA-27EA-C52C74DDBD2D}" = Catalyst Control Center Localization Finnish
"{CDCFA0B9-06DA-C47E-2CF1-37C5F25DF753}" = Catalyst Control Center InstallProxy
"{D071B7C5-07A2-D000-05B8-2DE6A63249D9}" = Catalyst Control Center Localization Norwegian
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2D3882A-3624-2963-EA08-27589DBCEF8A}" = CCC Help Norwegian
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E481DB0E-52F2-4EE0-9BDA-9EE173FA6EA2}" = Catalyst Control Center - Branding
"{E8E8C42E-E817-C7DA-1A81-BFD8388B4014}" = CCC Help Swedish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EFD537AE-0530-8887-DC9C-433E113547D7}" = Catalyst Control Center Localization Chinese Standard
"{F081ED08-77AE-8019-D554-904EF4F88FC1}" = CCC Help Chinese Standard
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F133ACD4-CFCF-BADD-4AC5-9408E2E7FD74}" = Catalyst Control Center Localization Dutch
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FB56BF24-6AB9-AC55-5B7A-D3657D2F4A38}" = Skins
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Anki" = Anki
"Avira AntiVir Desktop" = Avira Free Antivirus
"BitTorrent" = BitTorrent
"Citavi" = Citavi 2.5
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free PDF Converter_is1" = Free PDF Converter
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photo Creations" = HP Photo Creations
"ICQToolbar" = ICQ Toolbar
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox (3.5.17)" = Mozilla Firefox (3.5.17)
"MSC" = McAfee SecurityCenter
"NJStar Communicator" = NJStar Communicator
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows
"ST6UNST #1" = BEWERBUNGSMASTER
"ST6UNST #2" = BEWERBUNGSMASTER (C:\Program Files (x86)\BEWERBUNGSMASTER\)
"TreeSize Free_is1" = TreeSize Free V2.4
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"WordToPDF_is1" = WordToPDF 2.4
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.02.2012 15:32:39 | Computer Name = PupsisPC | Source = EventSystem | ID = 4621
Description = 
 
Error - 04.02.2012 09:11:47 | Computer Name = PupsisPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.02.2012 06:08:06 | Computer Name = PupsisPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.02.2012 04:22:02 | Computer Name = PupsisPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.02.2012 04:43:31 | Computer Name = PupsisPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.02.2012 08:21:03 | Computer Name = PupsisPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.02.2012 10:48:26 | Computer Name = PupsisPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2012 08:26:56 | Computer Name = PupsisPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2012 12:21:11 | Computer Name = PupsisPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.02.2012 11:44:35 | Computer Name = PupsisPC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 14.03.2012 05:57:33 | Computer Name = PupsisPC | Source = HTTP | ID = 15016
Description = 
 
Error - 14.03.2012 06:04:23 | Computer Name = PupsisPC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 14.03.2012 20:06:04 | Computer Name = PupsisPC | Source = HTTP | ID = 15016
Description = 
 
Error - 15.03.2012 04:39:56 | Computer Name = PupsisPC | Source = HTTP | ID = 15016
Description = 
 
Error - 15.03.2012 04:52:13 | Computer Name = PupsisPC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 15.03.2012 09:58:55 | Computer Name = PupsisPC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 15.03.2012 09:58:55 | Computer Name = PupsisPC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.03.2012 09:58:55 | Computer Name = PupsisPC | Source = DCOM | ID = 10005
Description = 
 
Error - 15.03.2012 10:01:10 | Computer Name = PupsisPC | Source = HTTP | ID = 15016
Description = 
 
Error - 15.03.2012 20:55:31 | Computer Name = PupsisPC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >

cosinus · 16.03.2012, 16:54

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53455
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53455
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53455
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..extensions.enabledItems: mail@shopping-preise.de:1.1
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
[2009.10.19 16:26:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.01 20:54:06 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.18 12:51:54 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.09 12:04:14 | 000,000,961 | ---- | M] () -- C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\searchplugins\icqplugin-1.xml
[2011.03.05 18:09:34 | 000,000,961 | ---- | M] () -- C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\searchplugins\icqplugin-2.xml
[2011.05.11 10:51:36 | 000,000,961 | ---- | M] () -- C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\searchplugins\icqplugin-3.xml
[2010.12.07 21:06:45 | 000,001,069 | ---- | M] () -- C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\searchplugins\icqplugin.xml
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - Startup: C:\Users\Broiler-bunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2011.11.22 14:11:52 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\361F3
[2012.03.13 12:52:06 | 000,000,000 | ---D | M] -- C:\Users\Broiler-bunny\AppData\Roaming\F36A9
[2011.11.22 14:27:04 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\At1.job
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Steffchen · 18.03.2012, 03:37

Danke. Hat alles funktioniert. Hier der Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
No active process named Program Files was found!
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1191413046-2978801066-2015430523-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1191413046-2978801066-2015430523-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
HKEY_USERS\S-1-5-21-1191413046-2978801066-2015430523-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1191413046-2978801066-2015430523-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1191413046-2978801066-2015430523-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
HKU\S-1-5-21-1191413046-2978801066-2015430523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: mail@shopping-preise.de:1.1 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\mozilla\Firefox\Profiles\cz3mvs74.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\Mozilla\Firefox\Profiles\cz3mvs74.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\Users\Broiler-bunny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
C:\Users\Broiler-bunny\AppData\Roaming\361F3 folder moved successfully.
C:\Users\Broiler-bunny\AppData\Roaming\F36A9 folder moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Broiler-bunny
->Temp folder emptied: 176408657 bytes
->Temporary Internet Files folder emptied: 134171784 bytes
->Java cache emptied: 69859225 bytes
->FireFox cache emptied: 115674444 bytes
->Flash cache emptied: 3190053 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: TEMP
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 194270360 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 67960287 bytes
 
Total Files Cleaned = 726,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.37.1 log created on 03182012_032611

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!
File\Folder C:\Windows\temp\mcafee_vaDPCiSyGOfcxT4 not found!
File\Folder C:\Windows\temp\mcmsc_85l1igEoOgPxeR2 not found!
File\Folder C:\Windows\temp\mcmsc_dJ7XIwztUEQjpqZ not found!
File\Folder C:\Windows\temp\mcmsc_doCDFUUXp3XU4Pz not found!
File\Folder C:\Windows\temp\mcmsc_eQmLPQltjbt1H1Z not found!
File\Folder C:\Windows\temp\mcmsc_eRYR1uT5DZWw7zb not found!
File\Folder C:\Windows\temp\mcmsc_mGpxFqGtp7mhbDE not found!
File\Folder C:\Windows\temp\sqlite_faxtdj5pbcqsi8p not found!
File\Folder C:\Windows\temp\sqlite_sbYp4vzkLKp3rkH not found!
File\Folder C:\Windows\temp\sqlite_wSUycreA8XoNakn not found!
File\Folder C:\Windows\temp\sqlite_ZCt3oWuVGFXNBLH not found!
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LBYMQRBY\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OU9H4RQ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4R8O0F5P\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31CHNQVU\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus · 19.03.2012, 16:05

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Steffchen · 20.03.2012, 14:39

Hallöchen, hier kommt der Log vom TDSS. Hat anscheinend nichts gefunden. Wie geht es nun weiter? Danke an dieser Stelle nochmal!

Code:

ATTFilter

14:31:55.0239 2736	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
14:31:56.0877 2736	============================================================
14:31:56.0877 2736	Current date / time: 2012/03/20 14:31:56.0877
14:31:56.0877 2736	SystemInfo:
14:31:56.0877 2736	
14:31:56.0877 2736	OS Version: 6.0.6001 ServicePack: 1.0
14:31:56.0877 2736	Product type: Workstation
14:31:56.0877 2736	ComputerName: PUPSISPC
14:31:56.0877 2736	UserName: Broiler-bunny
14:31:56.0877 2736	Windows directory: C:\Windows
14:31:56.0877 2736	System windows directory: C:\Windows
14:31:56.0877 2736	Running under WOW64
14:31:56.0877 2736	Processor architecture: Intel x64
14:31:56.0877 2736	Number of processors: 2
14:31:56.0877 2736	Page size: 0x1000
14:31:56.0877 2736	Boot type: Normal boot
14:31:56.0877 2736	============================================================
14:31:58.0266 2736	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:31:58.0266 2736	\Device\Harddisk0\DR0:
14:31:58.0266 2736	MBR used
14:31:58.0266 2736	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
14:31:58.0266 2736	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
14:31:58.0344 2736	Initialize success
14:31:58.0344 2736	============================================================
14:34:41.0009 5508	============================================================
14:34:41.0009 5508	Scan started
14:34:41.0009 5508	Mode: Manual; SigCheck; TDLFS; 
14:34:41.0009 5508	============================================================
14:34:42.0086 5508	ACPI            (af3a1aa81f875169dd9e55b1320057d6) C:\Windows\system32\drivers\acpi.sys
14:34:42.0304 5508	ACPI - ok
14:34:42.0507 5508	adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
14:34:42.0600 5508	adp94xx - ok
14:34:42.0647 5508	adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
14:34:42.0710 5508	adpahci - ok
14:34:42.0725 5508	adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
14:34:42.0772 5508	adpu160m - ok
14:34:42.0803 5508	adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
14:34:42.0850 5508	adpu320 - ok
14:34:42.0928 5508	AFD             (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
14:34:43.0100 5508	AFD - ok
14:34:43.0443 5508	agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
14:34:43.0490 5508	agp440 - ok
14:34:43.0599 5508	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
14:34:43.0646 5508	aic78xx - ok
14:34:43.0677 5508	aliide          (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
14:34:43.0724 5508	aliide - ok
14:34:43.0739 5508	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
14:34:43.0786 5508	amdide - ok
14:34:43.0786 5508	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
14:34:43.0973 5508	AmdK8 - ok
14:34:44.0192 5508	arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
14:34:44.0254 5508	arc - ok
14:34:44.0270 5508	arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
14:34:44.0332 5508	arcsas - ok
14:34:44.0363 5508	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
14:34:44.0457 5508	AsyncMac - ok
14:34:44.0488 5508	atapi           (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
14:34:44.0504 5508	atapi - ok
14:34:44.0644 5508	atikmdag        (cef278088637401f07a0064b0b900a32) C:\Windows\system32\DRIVERS\atikmdag.sys
14:34:45.0065 5508	atikmdag - ok
14:34:45.0190 5508	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
14:34:45.0315 5508	avgntflt - ok
14:34:45.0642 5508	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
14:34:45.0674 5508	avipbb - ok
14:34:46.0001 5508	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
14:34:46.0064 5508	avkmgr - ok
14:34:46.0204 5508	blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
14:34:46.0298 5508	blbdrive - ok
14:34:46.0344 5508	bowser          (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
14:34:46.0422 5508	bowser - ok
14:34:46.0485 5508	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
14:34:46.0625 5508	BrFiltLo - ok
14:34:46.0641 5508	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
14:34:46.0734 5508	BrFiltUp - ok
14:34:46.0797 5508	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
14:34:47.0124 5508	Brserid - ok
14:34:47.0405 5508	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
14:34:47.0546 5508	BrSerWdm - ok
14:34:47.0624 5508	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
14:34:47.0733 5508	BrUsbMdm - ok
14:34:47.0733 5508	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
14:34:47.0826 5508	BrUsbSer - ok
14:34:47.0858 5508	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
14:34:47.0951 5508	BTHMODEM - ok
14:34:47.0982 5508	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
14:34:48.0045 5508	cdfs - ok
14:34:48.0092 5508	cdrom           (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
14:34:48.0185 5508	cdrom - ok
14:34:48.0232 5508	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
14:34:48.0310 5508	circlass - ok
14:34:48.0372 5508	CLFS            (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
14:34:48.0435 5508	CLFS - ok
14:34:48.0497 5508	CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
14:34:48.0591 5508	CmBatt - ok
14:34:48.0638 5508	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
14:34:48.0684 5508	cmdide - ok
14:34:48.0700 5508	Compbatt        (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\DRIVERS\compbatt.sys
14:34:48.0778 5508	Compbatt - ok
14:34:48.0794 5508	crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
14:34:48.0840 5508	crcdisk - ok
14:34:48.0903 5508	CtClsFlt        (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
14:34:48.0996 5508	CtClsFlt - ok
14:34:49.0059 5508	DfsC            (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
14:34:49.0152 5508	DfsC - ok
14:34:49.0199 5508	disk            (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
14:34:49.0246 5508	disk - ok
14:34:49.0293 5508	drmkaud         (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
14:34:49.0371 5508	drmkaud - ok
14:34:49.0418 5508	DXGKrnl         (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
14:34:49.0558 5508	DXGKrnl - ok
14:34:49.0589 5508	e1express       (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
14:34:49.0698 5508	e1express - ok
14:34:49.0745 5508	E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
14:34:49.0823 5508	E1G60 - ok
14:34:49.0870 5508	Ecache          (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
14:34:49.0917 5508	Ecache - ok
14:34:49.0964 5508	elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
14:34:50.0042 5508	elxstor - ok
14:34:50.0073 5508	ErrDev          (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
14:34:50.0166 5508	ErrDev - ok
14:34:50.0198 5508	exfat           (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
14:34:50.0276 5508	exfat - ok
14:34:50.0291 5508	fastfat         (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
14:34:50.0385 5508	fastfat - ok
14:34:50.0416 5508	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
14:34:50.0478 5508	fdc - ok
14:34:50.0494 5508	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
14:34:50.0541 5508	FileInfo - ok
14:34:50.0556 5508	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
14:34:50.0619 5508	Filetrace - ok
14:34:50.0619 5508	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:34:50.0681 5508	flpydisk - ok
14:34:50.0712 5508	FltMgr          (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
14:34:50.0744 5508	FltMgr - ok
14:34:50.0759 5508	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
14:34:50.0837 5508	Fs_Rec - ok
14:34:50.0868 5508	gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
14:34:50.0915 5508	gagp30kx - ok
14:34:50.0962 5508	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:34:50.0993 5508	GEARAspiWDM - ok
14:34:51.0040 5508	HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
14:34:51.0165 5508	HdAudAddService - ok
14:34:51.0196 5508	HDAudBus        (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:34:51.0336 5508	HDAudBus - ok
14:34:51.0352 5508	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
14:34:51.0477 5508	HidBth - ok
14:34:51.0492 5508	HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
14:34:51.0586 5508	HidIr - ok
14:34:51.0617 5508	HidUsb          (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
14:34:51.0680 5508	HidUsb - ok
14:34:51.0726 5508	HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
14:34:51.0758 5508	HpCISSs - ok
14:34:51.0804 5508	HTTP            (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
14:34:51.0929 5508	HTTP - ok
14:34:51.0960 5508	i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
14:34:52.0007 5508	i2omp - ok
14:34:52.0038 5508	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
14:34:52.0116 5508	i8042prt - ok
14:34:52.0163 5508	iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
14:34:52.0226 5508	iaStorV - ok
14:34:52.0241 5508	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
14:34:52.0288 5508	iirsp - ok
14:34:52.0335 5508	intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
14:34:52.0366 5508	intelide - ok
14:34:52.0382 5508	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
14:34:52.0460 5508	intelppm - ok
14:34:52.0506 5508	IpFilterDriver  (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:34:52.0584 5508	IpFilterDriver - ok
14:34:52.0616 5508	IpInIp - ok
14:34:52.0631 5508	IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
14:34:52.0694 5508	IPMIDRV - ok
14:34:52.0694 5508	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
14:34:52.0787 5508	IPNAT - ok
14:34:52.0818 5508	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
14:34:52.0896 5508	IRENUM - ok
14:34:52.0896 5508	isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
14:34:52.0943 5508	isapnp - ok
14:34:52.0974 5508	iScsiPrt        (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
14:34:53.0021 5508	iScsiPrt - ok
14:34:53.0037 5508	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
14:34:53.0068 5508	iteatapi - ok
14:34:53.0084 5508	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
14:34:53.0115 5508	iteraid - ok
14:34:53.0146 5508	k57nd60a        (eb5c7891b9e6e4a1a4428f2160b12b53) C:\Windows\system32\DRIVERS\k57nd60a.sys
14:34:53.0224 5508	k57nd60a - ok
14:34:53.0255 5508	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
14:34:53.0302 5508	kbdclass - ok
14:34:53.0302 5508	kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:34:53.0380 5508	kbdhid - ok
14:34:53.0427 5508	KSecDD          (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
14:34:53.0505 5508	KSecDD - ok
14:34:53.0536 5508	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
14:34:53.0645 5508	ksthunk - ok
14:34:53.0692 5508	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
14:34:53.0801 5508	lltdio - ok
14:34:53.0879 5508	LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
14:34:53.0942 5508	LSI_FC - ok
14:34:54.0004 5508	LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
14:34:54.0066 5508	LSI_SAS - ok
14:34:54.0082 5508	LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
14:34:54.0129 5508	LSI_SCSI - ok
14:34:54.0160 5508	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
14:34:54.0238 5508	luafv - ok
14:34:54.0316 5508	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
14:34:54.0316 5508	MBAMProtector - ok
14:34:54.0378 5508	megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
14:34:54.0410 5508	megasas - ok
14:34:54.0456 5508	MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
14:34:54.0519 5508	MegaSR - ok
14:34:54.0550 5508	mfeavfk         (4a1c21576fb7f96f4dbdea627ffda775) C:\Windows\system32\drivers\mfeavfk.sys
14:34:54.0597 5508	mfeavfk - ok
14:34:54.0628 5508	mfebopk         (dd7b52227da36f2718306c98e474b51b) C:\Windows\system32\drivers\mfebopk.sys
14:34:54.0659 5508	mfebopk - ok
14:34:54.0706 5508	mfehidk         (9e0ac52b3232ff8dc65fee1a9c2fe8d1) C:\Windows\system32\drivers\mfehidk.sys
14:34:54.0753 5508	mfehidk - ok
14:34:54.0784 5508	mferkdk         (624d717b11e5004f68442b5740f17f21) C:\Windows\system32\drivers\mferkdk.sys
14:34:54.0831 5508	mferkdk - ok
14:34:54.0940 5508	mfesmfk         (0cd9de7b96735f33f078c4ea044e8b34) C:\Windows\system32\drivers\mfesmfk.sys
14:34:54.0987 5508	mfesmfk - ok
14:34:55.0034 5508	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
14:34:55.0127 5508	Modem - ok
14:34:55.0158 5508	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
14:34:55.0252 5508	monitor - ok
14:34:55.0268 5508	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
14:34:55.0330 5508	mouclass - ok
14:34:55.0346 5508	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
14:34:55.0439 5508	mouhid - ok
14:34:55.0470 5508	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
14:34:55.0502 5508	MountMgr - ok
14:34:55.0533 5508	MPFP            (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
14:34:55.0548 5508	MPFP - ok
14:34:55.0564 5508	mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
14:34:55.0611 5508	mpio - ok
14:34:55.0642 5508	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
14:34:55.0704 5508	mpsdrv - ok
14:34:55.0720 5508	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
14:34:55.0751 5508	Mraid35x - ok
14:34:55.0767 5508	MRxDAV          (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
14:34:55.0845 5508	MRxDAV - ok
14:34:55.0892 5508	mrxsmb          (b698eb9acc7ecd4927d99d268918f912) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:34:55.0970 5508	mrxsmb - ok
14:34:56.0001 5508	mrxsmb10        (c3c8ad9591db473690a743b69de829f4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:34:56.0032 5508	mrxsmb10 - ok
14:34:56.0048 5508	mrxsmb20        (f9425d610712533107a264e2d5b2154b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:34:56.0094 5508	mrxsmb20 - ok
14:34:56.0126 5508	msahci          (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
14:34:56.0172 5508	msahci - ok
14:34:56.0188 5508	msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
14:34:56.0235 5508	msdsm - ok
14:34:56.0250 5508	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
14:34:56.0360 5508	Msfs - ok
14:34:56.0391 5508	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
14:34:56.0422 5508	msisadrv - ok
14:34:56.0469 5508	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
14:34:56.0547 5508	MSKSSRV - ok
14:34:56.0578 5508	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
14:34:56.0672 5508	MSPCLOCK - ok
14:34:56.0718 5508	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
14:34:56.0812 5508	MSPQM - ok
14:34:56.0859 5508	MsRPC           (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
14:34:56.0921 5508	MsRPC - ok
14:34:56.0952 5508	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
14:34:56.0984 5508	mssmbios - ok
14:34:57.0015 5508	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
14:34:57.0108 5508	MSTEE - ok
14:34:57.0140 5508	Mup             (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
14:34:57.0171 5508	Mup - ok
14:34:57.0202 5508	NativeWifiP     (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
14:34:57.0249 5508	NativeWifiP - ok
14:34:57.0311 5508	NDIS            (f9a3ae5c9f047d71a36a99f9abca7d02) C:\Windows\system32\drivers\ndis.sys
14:34:57.0389 5508	NDIS - ok
14:34:57.0436 5508	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
14:34:57.0514 5508	NdisTapi - ok
14:34:57.0545 5508	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
14:34:57.0654 5508	Ndisuio - ok
14:34:57.0701 5508	NdisWan         (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
14:34:57.0826 5508	NdisWan - ok
14:34:57.0888 5508	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
14:34:57.0998 5508	NDProxy - ok
14:34:58.0029 5508	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
14:34:58.0138 5508	NetBIOS - ok
14:34:58.0185 5508	netbt           (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
14:34:58.0247 5508	netbt - ok
14:34:58.0466 5508	NETw5v64        (f17eda58c8c5b1a4f873b322729168ff) C:\Windows\system32\DRIVERS\NETw5v64.sys
14:34:58.0840 5508	NETw5v64 - ok
14:34:58.0965 5508	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
14:34:59.0027 5508	nfrd960 - ok
14:34:59.0074 5508	Npfs            (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
14:34:59.0183 5508	Npfs - ok
14:34:59.0214 5508	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
14:34:59.0339 5508	nsiproxy - ok
14:34:59.0402 5508	Ntfs            (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
14:34:59.0604 5508	Ntfs - ok
14:34:59.0620 5508	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
14:34:59.0714 5508	Null - ok
14:34:59.0745 5508	nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
14:34:59.0776 5508	nvraid - ok
14:34:59.0792 5508	nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
14:34:59.0823 5508	nvstor - ok
14:34:59.0854 5508	nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
14:34:59.0885 5508	nv_agp - ok
14:34:59.0901 5508	NwlnkFlt - ok
14:34:59.0901 5508	NwlnkFwd - ok
14:34:59.0948 5508	OA008Ufd        (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA008Ufd.sys
14:35:00.0026 5508	OA008Ufd - ok
14:35:00.0041 5508	OA008Vid        (126885007e8f601861165fc77c93f1be) C:\Windows\system32\DRIVERS\OA008Vid.sys
14:35:00.0104 5508	OA008Vid - ok
14:35:00.0150 5508	ohci1394        (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
14:35:00.0197 5508	ohci1394 - ok
14:35:00.0244 5508	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
14:35:00.0338 5508	Parport - ok
14:35:00.0400 5508	partmgr         (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
14:35:00.0447 5508	partmgr - ok
14:35:00.0462 5508	pci             (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
14:35:00.0525 5508	pci - ok
14:35:00.0540 5508	pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
14:35:00.0587 5508	pciide - ok
14:35:00.0603 5508	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
14:35:00.0634 5508	pcmcia - ok
14:35:00.0681 5508	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
14:35:00.0821 5508	PEAUTH - ok
14:35:00.0884 5508	PptpMiniport    (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
14:35:00.0977 5508	PptpMiniport - ok
14:35:00.0993 5508	Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
14:35:01.0086 5508	Processor - ok
14:35:01.0118 5508	PSched          (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
14:35:01.0149 5508	PSched - ok
14:35:01.0196 5508	PxHlpa64        (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
14:35:01.0227 5508	PxHlpa64 - ok
14:35:01.0305 5508	ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
14:35:01.0445 5508	ql2300 - ok
14:35:01.0523 5508	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
14:35:01.0570 5508	ql40xx - ok
14:35:01.0601 5508	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
14:35:01.0664 5508	QWAVEdrv - ok
14:35:01.0835 5508	R300            (cef278088637401f07a0064b0b900a32) C:\Windows\system32\DRIVERS\atikmdag.sys
14:35:02.0038 5508	R300 - ok
14:35:02.0132 5508	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
14:35:02.0256 5508	RasAcd - ok
14:35:02.0288 5508	Rasl2tp         (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:35:02.0381 5508	Rasl2tp - ok
14:35:02.0412 5508	RasPppoe        (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
14:35:02.0459 5508	RasPppoe - ok
14:35:02.0490 5508	RasSstp         (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
14:35:02.0553 5508	RasSstp - ok
14:35:02.0600 5508	rdbss           (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
14:35:02.0678 5508	rdbss - ok
14:35:02.0693 5508	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:35:02.0756 5508	RDPCDD - ok
14:35:02.0802 5508	rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
14:35:02.0865 5508	rdpdr - ok
14:35:02.0865 5508	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
14:35:02.0943 5508	RDPENCDD - ok
14:35:02.0958 5508	RDPWD           (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
14:35:03.0036 5508	RDPWD - ok
14:35:03.0083 5508	rimmptsk        (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
14:35:03.0161 5508	rimmptsk - ok
14:35:03.0177 5508	rimsptsk        (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
14:35:03.0286 5508	rimsptsk - ok
14:35:03.0302 5508	rismxdp         (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
14:35:03.0380 5508	rismxdp - ok
14:35:03.0411 5508	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
14:35:03.0473 5508	rspndr - ok
14:35:03.0504 5508	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
14:35:03.0536 5508	sbp2port - ok
14:35:03.0582 5508	sdbus           (fb30126d3e617c86cd8e8643792ca3cf) C:\Windows\system32\DRIVERS\sdbus.sys
14:35:03.0660 5508	sdbus - ok
14:35:03.0692 5508	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:35:03.0785 5508	secdrv - ok
14:35:03.0832 5508	Serenum         (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
14:35:03.0926 5508	Serenum - ok
14:35:03.0957 5508	Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
14:35:04.0050 5508	Serial - ok
14:35:04.0066 5508	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
14:35:04.0128 5508	sermouse - ok
14:35:04.0175 5508	sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\DRIVERS\sffdisk.sys
14:35:04.0253 5508	sffdisk - ok
14:35:04.0269 5508	sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
14:35:04.0331 5508	sffp_mmc - ok
14:35:04.0362 5508	sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:35:04.0440 5508	sffp_sd - ok
14:35:04.0456 5508	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
14:35:04.0550 5508	sfloppy - ok
14:35:04.0581 5508	SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
14:35:04.0612 5508	SiSRaid2 - ok
14:35:04.0628 5508	SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
14:35:04.0659 5508	SiSRaid4 - ok
14:35:04.0706 5508	Smb             (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
14:35:04.0768 5508	Smb - ok
14:35:04.0815 5508	spldr           (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
14:35:04.0846 5508	spldr - ok
14:35:04.0924 5508	srv             (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
14:35:05.0049 5508	srv - ok
14:35:05.0111 5508	srv2            (6c72eea39e1c37b436a6d1532999f9ec) C:\Windows\system32\DRIVERS\srv2.sys
14:35:05.0283 5508	srv2 - ok
14:35:05.0345 5508	srvnet          (7f69bcf9e6fa3d93c82ee6b87812666d) C:\Windows\system32\DRIVERS\srvnet.sys
14:35:05.0408 5508	srvnet - ok
14:35:05.0486 5508	STHDA           (ba16447226abfd342e130d2f24f73d32) C:\Windows\system32\DRIVERS\stwrt64.sys
14:35:05.0595 5508	STHDA - ok
14:35:05.0626 5508	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
14:35:05.0673 5508	swenum - ok
14:35:05.0704 5508	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
14:35:05.0751 5508	Symc8xx - ok
14:35:05.0751 5508	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
14:35:05.0798 5508	Sym_hi - ok
14:35:05.0813 5508	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
14:35:05.0844 5508	Sym_u3 - ok
14:35:05.0891 5508	SynTP           (79a93ec9d224b1f43c0e2f023d61dca3) C:\Windows\system32\DRIVERS\SynTP.sys
14:35:05.0938 5508	SynTP - ok
14:35:06.0000 5508	Tcpip           (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
14:35:06.0156 5508	Tcpip - ok
14:35:06.0188 5508	Tcpip6          (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
14:35:06.0250 5508	Tcpip6 - ok
14:35:06.0281 5508	tcpipreg        (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
14:35:06.0390 5508	tcpipreg - ok
14:35:06.0422 5508	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
14:35:06.0515 5508	TDPIPE - ok
14:35:06.0515 5508	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
14:35:06.0609 5508	TDTCP - ok
14:35:06.0640 5508	tdx             (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
14:35:06.0734 5508	tdx - ok
14:35:06.0765 5508	TermDD          (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
14:35:06.0812 5508	TermDD - ok
14:35:06.0858 5508	TFsExDisk       (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
14:35:06.0890 5508	TFsExDisk - ok
14:35:06.0952 5508	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:35:07.0046 5508	tssecsrv - ok
14:35:07.0061 5508	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
14:35:07.0124 5508	tunmp - ok
14:35:07.0155 5508	tunnel          (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
14:35:07.0248 5508	tunnel - ok
14:35:07.0295 5508	uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
14:35:07.0342 5508	uagp35 - ok
14:35:07.0373 5508	udfs            (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
14:35:07.0482 5508	udfs - ok
14:35:07.0529 5508	uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
14:35:07.0576 5508	uliagpkx - ok
14:35:07.0607 5508	uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
14:35:07.0670 5508	uliahci - ok
14:35:07.0685 5508	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
14:35:07.0732 5508	UlSata - ok
14:35:07.0748 5508	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
14:35:07.0794 5508	ulsata2 - ok
14:35:07.0810 5508	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
14:35:07.0904 5508	umbus - ok
14:35:07.0966 5508	USBAAPL64       (9e58997a211c8c9ac9e6cffa53614a73) C:\Windows\system32\Drivers\usbaapl64.sys
14:35:08.0044 5508	USBAAPL64 - ok
14:35:08.0075 5508	usbccgp         (cee5090e3c2f23df52b732dc3cc16ad8) C:\Windows\system32\DRIVERS\usbccgp.sys
14:35:08.0153 5508	usbccgp - ok
14:35:08.0184 5508	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
14:35:08.0278 5508	usbcir - ok
14:35:08.0325 5508	usbehci         (3bb628ad6e7391e801ce4bda9a52bb1d) C:\Windows\system32\DRIVERS\usbehci.sys
14:35:08.0387 5508	usbehci - ok
14:35:08.0434 5508	usbhub          (d02090110a4d92b4b9a9a2e17729e997) C:\Windows\system32\DRIVERS\usbhub.sys
14:35:08.0496 5508	usbhub - ok
14:35:08.0528 5508	usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
14:35:08.0637 5508	usbohci - ok
14:35:08.0699 5508	usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
14:35:08.0762 5508	usbprint - ok
14:35:08.0808 5508	usbscan         (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
14:35:08.0902 5508	usbscan - ok
14:35:08.0949 5508	USBSTOR         (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:35:09.0027 5508	USBSTOR - ok
14:35:09.0058 5508	usbuhci         (d63b28cffbba74bc374b41a60543190c) C:\Windows\system32\DRIVERS\usbuhci.sys
14:35:09.0120 5508	usbuhci - ok
14:35:09.0167 5508	usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
14:35:09.0261 5508	usbvideo - ok
14:35:09.0308 5508	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
14:35:09.0386 5508	vga - ok
14:35:09.0432 5508	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
14:35:09.0495 5508	VgaSave - ok
14:35:09.0495 5508	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
14:35:09.0542 5508	viaide - ok
14:35:09.0557 5508	volmgr          (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
14:35:09.0588 5508	volmgr - ok
14:35:09.0620 5508	volmgrx         (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
14:35:09.0682 5508	volmgrx - ok
14:35:09.0713 5508	volsnap         (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
14:35:09.0791 5508	volsnap - ok
14:35:09.0822 5508	vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
14:35:09.0869 5508	vsmraid - ok
14:35:09.0900 5508	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
14:35:09.0994 5508	WacomPen - ok
14:35:10.0025 5508	Wanarp          (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
14:35:10.0103 5508	Wanarp - ok
14:35:10.0103 5508	Wanarpv6        (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
14:35:10.0150 5508	Wanarpv6 - ok
14:35:10.0166 5508	Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
14:35:10.0197 5508	Wd - ok
14:35:10.0244 5508	Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
14:35:10.0322 5508	Wdf01000 - ok
14:35:10.0400 5508	WmiAcpi         (7999dfb1c555efc0db69576f70027867) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:35:10.0431 5508	WmiAcpi - ok
14:35:10.0493 5508	WpdUsb          (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
14:35:10.0571 5508	WpdUsb - ok
14:35:10.0602 5508	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
14:35:10.0665 5508	ws2ifsl - ok
14:35:10.0727 5508	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:35:10.0790 5508	WUDFRd - ok
14:35:10.0836 5508	MBR (0x1B8)     (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
14:35:10.0977 5508	\Device\Harddisk0\DR0 - ok
14:35:11.0008 5508	Boot (0x1200)   (1c981d0e92186a444f16c0bd0130d3ea) \Device\Harddisk0\DR0\Partition0
14:35:11.0008 5508	\Device\Harddisk0\DR0\Partition0 - ok
14:35:11.0008 5508	Boot (0x1200)   (37d83141216d59fe463d2151c9f0288c) \Device\Harddisk0\DR0\Partition1
14:35:11.0024 5508	\Device\Harddisk0\DR0\Partition1 - ok
14:35:11.0024 5508	============================================================
14:35:11.0024 5508	Scan finished
14:35:11.0024 5508	============================================================
14:35:11.0039 4252	Detected object count: 0
14:35:11.0039 4252	Actual detected object count: 0

cosinus · 20.03.2012, 16:39

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Virus verwandelt Ordner externer Datenträger in Verknüpfungen!

Log-Analyse und Auswertung: Virus verwandelt Ordner externer Datenträger in Verknüpfungen!