Verschlüsselungstrojaner eingefangen: (Spyware.Zbot)(Trojan.FakeAlert)

Landauer · 29.07.2012, 16:43

Hallo erst mal.
Hab mir wohl einen recht bösartigen Virus eingefangen.
Beim normalen hochfahren erscheint ein Bild mit folgendem Text.
"Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert".
Schliesen des Bildes ist nicht möglich. Auch über Task-Manager ist nichts zu machen.
Im Abgesicherten Modus ist der Computer noch hoch zu fahren.
Habe nun genau die Anleitung befolgt und mit " Malwarebytes Anti-Malware " einen Suchlauf durchgeführt.
Hier also der Report:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.29.04

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Hans :: ARBEITSZIMMER [Administrator]

29.07.2012 12:39:09
mbam-log-2012-07-29 (12-39-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|H:\|I:\|J:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 496091
Laufzeit: 54 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\fcn (Rogue.Residue) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SyncCenter (Spyware.Zbot) -> Daten: C:\Users\Hans\AppData\Local\Microsoft\Windows\2571\SyncCenter.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\Users\Hans\AppData\Local\Microsoft\Windows\2571\SyncCenter.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hans\AppData\Local\Temp\derm32.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hans\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe (Adware.ADON) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Hans\Downloads\SoftonicDownloader_fuer_lamexp.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\System32\D3DX8ab.dll (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Kann mir da jemand Helfen?

Das wäre echt super.

Grüße aus dem sonnigen Landau

Landauer

Hallo nochmal.
Ich habe jetzt die anderen Aufgaben aus der Hilfe-Anleitungen durchgeführt und übersende euch jetzt in der Anlage die:

OTL.txt
Extras.txt
Gmer.txt

Der Computer funktioniert scheinbar jetzt schon wieder im normalen Modus aber es steht in der Anleitung dies zu tun.

Vielen Dank für weitere Hilfe.

LG Landauer

cosinus · 30.07.2012, 14:33

Code:

ATTFilter

C:\Users\Hans\Downloads\SoftonicDownloader_fuer_lamexp.exe (PUP.ToolbarDownloader)

Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.

Drücke bitte die

+ R Taste und kopiere folgenden Text in das Ausführen Fenster.

Code:

ATTFilter

"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"

Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:

ATTFilter

"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"

Poste nun den Inhalt der log.txt.

Landauer · 30.07.2012, 21:10

Hier der Inhalt des log.txt.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

LG Landauer

cosinus · 31.07.2012, 07:28

ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen

Landauer · 31.07.2012, 19:49

Hallo mal wieder.
So habe das jetzt genau so getan wie beschrieben.
Hier der log.txt:

LG Landauer

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=e2166ef34b6e5643a983b493493dab5f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-31 04:18:44
# local_time=2012-07-31 06:18:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 2442716 2442716 0 0
# compatibility_mode=5892 16776638 100 100 2446678 181278018 0 0
# compatibility_mode=8192 67108863 100 0 81052 81052 0 0
# scanned=301645
# found=1
# cleaned=0
# scan_time=6208
C:\Users\Hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8PX24QFC\a0184e917d84fff67c0506d39aa613a9[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I

cosinus · 01.08.2012, 19:06

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Landauer · 01.08.2012, 20:35

Hallo Cosinus.
Als erstes mal vielen Dank für Deine Mühe.
Hier das Ergebnis:

# AdwCleaner v1.800 - Logfile created 08/01/2012 at 21:32:04
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Business Service Pack 2 (32 bits)
# User : Hans - ARBEITSZIMMER
# Running from : C:\Users\Hans\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Users\Hans\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Hans\AppData\LocalLow\Conduit
Folder Found : C:\Users\Hans\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Hans\AppData\Roaming\AD ON Multimedia
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Program Files\Winamp Toolbar

***** [H. Navipromo] *****

File Found : C:\Users\Hans\AppData\Local\eqiwyes.dat
File Found : C:\Users\Hans\AppData\Local\eqiwyes_nav.dat
File Found : C:\Users\Hans\AppData\Local\eqiwyes_navps.dat
File Found : C:\Users\Hans\AppData\Local\oemwsau.dat
File Found : C:\Users\Hans\AppData\Local\oemwsau_navps.dat

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Wise Solutions

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [5543 octets] - [01/08/2012 21:32:04]

########## EOF - C:\AdwCleaner[R1].txt - [5671 octets] ##########

cosinus · 02.08.2012, 14:36

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Landauer · 05.08.2012, 09:35

Hallo, hier der Inhalt der Datei:

# AdwCleaner v1.800 - Logfile created 08/05/2012 at 10:28:33
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Business Service Pack 2 (32 bits)
# User : Hans - ARBEITSZIMMER
# Running from : C:\Users\Hans\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Registre - GUID] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [5672 octets] - [01/08/2012 21:32:04]
AdwCleaner[S1].txt - [276 octets] - [01/08/2012 21:37:12]
AdwCleaner[S3].txt - [655 octets] - [05/08/2012 10:28:33]

########## EOF - C:\AdwCleaner[S3].txt - [782 octets] ##########

Sieht doch gut aus. Oder?
Vielen Dank vorab.

LG Landauer

cosinus · 05.08.2012, 15:30

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Landauer · 05.08.2012, 16:01

Servus Arne.

Zu1.:
Ja der normale Modus geht wieder, uneingeschränkt.

Zu2.:
Auch im Startmenü scheint alles in Ordung zu sein.
Lediglich meine Sidebar mit Kallender u.s.w. ist verschwunden.
Aber das kann auch schon einige Tage vorher gewesen sein.

LG Landauer

cosinus · 05.08.2012, 16:45

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Landauer · 06.08.2012, 09:24

Hallo, hab dann mal alles so gemacht.
Hier der Inhalt des OTL.txt :OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 06.08.2012 10:01:18 - Run 2
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Hans\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,35% Memory free
4,24 Gb Paging File | 3,09 Gb Available in Paging File | 72,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 176,55 Gb Free Space | 59,23% Space Free | Partition Type: NTFS
 
Computer Name: ARBEITSZIMMER | User Name: Hans | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.06 09:58:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe
PRC - [2012.08.05 10:20:19 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
PRC - [2012.07.12 12:04:10 | 000,162,408 | ---- | M] (Geek Software GmbH) -- C:\Program Files\PDF24\pdf24.exe
PRC - [2012.07.03 08:52:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012.07.03 08:51:26 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.07.03 08:51:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.07.03 08:51:02 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 08:51:00 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.02.28 20:52:46 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.01.20 19:38:20 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2010.11.22 14:56:24 | 000,645,952 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010.11.22 14:54:58 | 001,483,072 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2010.03.18 12:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.12.15 13:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.23 19:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.12.16 16:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007.10.18 16:34:08 | 000,307,712 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\DisplayView Click\DTHtml.exe
PRC - [2007.10.18 16:32:10 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
PRC - [2007.10.18 16:31:30 | 000,110,592 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2007.06.20 10:56:00 | 004,493,312 | R--- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.06.01 10:21:30 | 001,209,904 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.01 10:21:08 | 000,153,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.05.11 16:49:20 | 001,070,648 | ---- | M] (BUFFALO INC.) -- C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
PRC - [2007.04.07 10:39:20 | 000,031,768 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoService.exe
PRC - [2007.04.07 10:39:18 | 001,621,016 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
PRC - [2007.02.09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\floater.exe
PRC - [2007.02.09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2006.11.02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.17 20:58:02 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_6e69d687\system.drawing.dll
MOD - [2012.06.17 20:57:54 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_8aa1c922\system.windows.forms.dll
MOD - [2012.06.16 22:03:39 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012.06.15 14:40:31 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.15 14:40:22 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.05.12 18:28:40 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012.05.12 18:28:34 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.12 18:18:02 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.12 18:17:25 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012.05.12 18:16:38 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.12 18:16:13 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.01.12 09:54:56 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_267b0f40\mscorlib.dll
MOD - [2012.01.12 09:54:50 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_762b493d\system.xml.dll
MOD - [2012.01.12 09:54:35 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_80a79c42\system.dll
MOD - [2012.01.12 09:54:13 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.01.12 09:54:07 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011.12.25 13:21:17 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2009.12.15 13:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.12.15 13:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.08.15 18:46:34 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.12.23 15:50:13 | 001,294,336 | ---- | M] () -- c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll
MOD - [2007.12.23 15:50:13 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2007.12.23 15:50:12 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007.12.23 15:50:12 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2007.12.23 15:50:09 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll
MOD - [2007.10.18 16:32:18 | 000,167,936 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\dthook.dll
MOD - [2007.10.18 16:32:12 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2007.10.18 16:31:26 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2007.10.04 13:36:40 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\drivers\vista.dll
MOD - [2007.02.09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\floater.exe
MOD - [2007.02.09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007.02.09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\winphook.dll
MOD - [2004.01.22 19:36:28 | 000,120,832 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.05 10:20:22 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 08:52:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.07.03 08:51:04 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.03 08:51:00 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.02.28 20:52:46 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.11.22 14:54:58 | 001,483,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.11.22 14:52:54 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.21 01:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.10.18 16:32:10 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe -- (DTSRVC)
SRV - [2007.04.07 10:39:20 | 000,031,768 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoService.exe -- (BMUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTGLM7X.sys -- (SetupNTGLM7X)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Pcouffin.sys -- (Pcouffin)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\NTACCESS.sys -- (NTACCESS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012.07.03 08:53:52 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.07.03 08:53:52 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.07.03 08:53:50 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.07.03 08:53:49 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.07.03 08:53:48 | 000,112,032 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012.07.03 08:53:47 | 000,091,968 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011.12.09 16:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2011.05.21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.05.10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011.01.25 17:28:10 | 000,138,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.10.07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2007.12.23 15:12:39 | 000,020,520 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2007.12.23 15:12:39 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2007.07.11 16:51:48 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007.07.11 11:45:00 | 000,021,632 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007.07.11 11:40:18 | 000,012,416 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2007.04.30 07:42:00 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.04.23 15:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt)
DRV - [2007.04.23 15:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007.04.23 15:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007.04.23 15:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2006.11.16 17:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.05.18 09:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006.05.18 09:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2005.09.22 01:42:35 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2005.06.13 11:03:12 | 000,060,768 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w800bus.sys -- (w800bus)
DRV - [2003.05.15 12:29:42 | 000,038,656 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZD1201U.sys -- (ZD1201U)
DRV - [2001.04.09 04:03:56 | 000,017,784 | ---- | M] (Syncrosoft Hard- und Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NSynas32.sys -- (Nsynas32)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1170374253-1635101604-3509178642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1170374253-1635101604-3509178642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKU\S-1-5-21-1170374253-1635101604-3509178642-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle
IE - HKU\S-1-5-21-1170374253-1635101604-3509178642-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1170374253-1635101604-3509178642-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1170374253-1635101604-3509178642-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1170374253-1635101604-3509178642-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{C4F28D69-4D51-431B-98E2-3F397D6C76A6}: C:\Users\Hans\AppData\Local\{C4F28D69-4D51-431B-98E2-3F397D6C76A6} [2011.04.03 12:03:41 | 000,000,000 | ---D | M]
 
[2009.04.18 13:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\Extensions
[2009.04.18 13:19:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hans\AppData\Roaming\mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa79}
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (&DisplayView Surf) - {B9F633F6-EA44-45F4-91EB-FABFC65A0634} - C:\Program Files\Portrait Displays\DisplayView Surf\sybil.dll (Portrait Displays, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1170374253-1635101604-3509178642-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-1170374253-1635101604-3509178642-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-1170374253-1635101604-3509178642-1000\..\Toolbar\WebBrowser: (&DisplayView Surf) - {B9F633F6-EA44-45F4-91EB-FABFC65A0634} - C:\Program Files\Portrait Displays\DisplayView Surf\sybil.dll (Portrait Displays, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DT FUS] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1170374253-1635101604-3509178642-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1170374253-1635101604-3509178642-1005..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [scan_after_setup] c:\program files\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-18..\RunOnce: [scan_after_setup] c:\program files\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
O4 - Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe (BUFFALO INC.)
O4 - Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NewShortcut4.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe (Memeo)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1170374253-1635101604-3509178642-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{978CAE36-495A-4550-A8D1-EB88C264B0BD}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d8f408d-ee04-11de-8a37-0019dbcc8925}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe
O33 - MountPoints2\{c6cec781-dbe0-11dc-acb2-0019dbcc8925}\Shell\AutoRun\command - "" = "E:\Install FreeAgent Tools.exe" /run
O33 - MountPoints2\{ee259a18-e6a0-11dc-84c0-0019dbcc8925}\Shell\AutoRun\command - "" = E:\Launch.exe
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "startup" - 0
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.ac3acm - C:\Windows\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\Windows\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.06 09:58:37 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe
[2012.08.06 09:37:22 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD
[2012.08.05 16:10:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012.08.05 10:53:56 | 000,000,000 | ---D | C] -- C:\Users\Hans\Documents\Fliegen
[2012.07.30 18:04:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.07.29 12:37:16 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\Malwarebytes
[2012.07.29 12:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.29 12:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.29 12:36:58 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.29 12:36:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.28 11:55:34 | 000,000,000 | ---D | C] -- C:\Users\Hans\AppData\Roaming\hellomoto
[2012.07.27 13:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.07.21 17:35:47 | 000,000,000 | ---D | C] -- C:\Users\Hans\Desktop\CD für Lucy
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.06 09:58:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Hans\Desktop\OTL.exe
[2012.08.06 09:36:50 | 000,004,048 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 09:36:50 | 000,004,048 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.06 09:36:50 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.06 09:36:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 22:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 22:18:38 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 17:23:10 | 000,000,088 | ---- | M] () -- C:\Users\Hans\Desktop\Neues Textdokument.cmd
[2012.08.02 11:22:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.08.01 21:31:52 | 000,614,881 | ---- | M] () -- C:\Users\Hans\Desktop\adwcleaner.exe
[2012.07.31 16:03:12 | 000,000,867 | ---- | M] () -- C:\Users\Hans\Desktop\iexplore.exe - Verknüpfung.lnk
[2012.07.30 09:55:10 | 000,001,784 | ---- | M] () -- C:\Users\Hans\Desktop\MaxPunkte.lnk
[2012.07.30 09:07:18 | 000,302,592 | ---- | M] () -- C:\Users\Hans\Desktop\6zj5f2cm.exe
[2012.07.29 19:02:31 | 000,000,000 | ---- | M] () -- C:\Users\Hans\defogger_reenable
[2012.07.29 17:49:32 | 000,050,477 | ---- | M] () -- C:\Users\Hans\Desktop\Defogger.exe
[2012.07.29 16:35:03 | 000,002,032 | ---- | M] () -- C:\Users\Hans\AppData\Local\d3d9caps.dat
[2012.07.29 12:36:59 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 14:07:43 | 000,002,623 | ---- | M] () -- C:\Users\Hans\Desktop\Microsoft Word.lnk
[2012.07.27 13:11:12 | 000,001,653 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.27 13:11:12 | 000,001,638 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.07.23 17:42:20 | 000,594,938 | ---- | M] () -- C:\Users\Hans\Desktop\Hausburg.pdf
[2012.07.23 13:50:08 | 000,674,120 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.23 13:50:08 | 000,634,000 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.23 13:50:08 | 000,145,716 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.23 13:50:08 | 000,119,668 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.21 13:52:13 | 000,373,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.20 17:37:38 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2012.07.20 17:37:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.07.20 12:38:45 | 000,254,856 | ---- | M] () -- C:\Users\Hans\Documents\Aufwandsentschädigung
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.05 17:13:21 | 000,000,088 | ---- | C] () -- C:\Users\Hans\Desktop\Neues Textdokument.cmd
[2012.08.01 21:31:42 | 000,614,881 | ---- | C] () -- C:\Users\Hans\Desktop\adwcleaner.exe
[2012.07.31 16:03:12 | 000,000,867 | ---- | C] () -- C:\Users\Hans\Desktop\iexplore.exe - Verknüpfung.lnk
[2012.07.30 09:49:17 | 000,495,616 | ---- | C] () -- C:\Windows\System32\D3DX8ab.dll
[2012.07.30 09:07:17 | 000,302,592 | ---- | C] () -- C:\Users\Hans\Desktop\6zj5f2cm.exe
[2012.07.29 19:02:31 | 000,000,000 | ---- | C] () -- C:\Users\Hans\defogger_reenable
[2012.07.29 17:49:32 | 000,050,477 | ---- | C] () -- C:\Users\Hans\Desktop\Defogger.exe
[2012.07.29 12:36:59 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.27 13:11:12 | 000,001,653 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.27 13:11:12 | 000,001,638 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.07.23 17:42:19 | 000,594,938 | ---- | C] () -- C:\Users\Hans\Desktop\Hausburg.pdf
[2012.07.20 17:37:38 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_netaapl_01009.Wdf
[2012.07.20 17:37:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.07.20 17:36:55 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012.07.20 12:38:45 | 000,254,856 | ---- | C] () -- C:\Users\Hans\Documents\Aufwandsentschädigung
[2012.06.28 15:59:44 | 000,000,288 | ---- | C] () -- C:\Users\Hans\AppData\Roaming\.backup.dm
[2012.03.05 11:43:19 | 000,001,539 | ---- | C] () -- C:\Users\Hans\.recently-used.xbel
[2012.02.08 21:13:46 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2012.02.08 21:13:46 | 000,020,992 | ---- | C] () -- C:\Windows\System32\srmApeInfo.dll
[2012.02.08 19:03:05 | 000,002,224 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2011.12.25 13:25:26 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011.12.25 13:25:26 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011.12.25 13:25:26 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011.12.25 13:25:26 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011.12.25 13:25:26 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011.12.25 13:25:26 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011.12.25 13:25:26 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011.12.25 13:25:26 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011.12.25 13:25:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011.12.25 13:25:26 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011.12.25 13:25:26 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011.12.25 13:25:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011.12.25 13:25:26 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011.12.25 13:25:26 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011.12.25 13:25:26 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011.12.25 13:25:26 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011.12.25 13:25:26 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011.12.25 13:25:25 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011.12.25 13:25:25 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011.11.25 23:22:25 | 000,000,000 | ---- | C] () -- C:\Users\Hans\AppData\Local\{70DD9177-86F5-4D72-8F12-A8D1C4D30D3E}
[2011.09.18 16:51:29 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2011.08.05 14:17:32 | 000,000,267 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.07.15 18:51:18 | 000,182,272 | ---- | C] () -- C:\Windows\patchw32.dll
[2011.04.16 13:56:38 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.04.14 21:13:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Logs
[2011.04.14 21:13:10 | 000,000,268 | RH-- | C] () -- C:\Users\Hans\AppData\Roaming\Libraries
[2011.04.14 21:13:10 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2011.04.14 21:02:15 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Light Machine
[2011.04.14 21:02:15 | 000,000,268 | RH-- | C] () -- C:\Users\Hans\AppData\Roaming\LaunchAgents
[2011.04.14 21:02:15 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011.04.03 12:03:42 | 000,000,120 | ---- | C] () -- C:\Users\Hans\AppData\Local\Kyuroheraf.dat
[2011.04.03 12:03:42 | 000,000,000 | ---- | C] () -- C:\Users\Hans\AppData\Local\Rrotaxesakoril.bin
[2011.03.03 21:07:34 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009.08.02 18:23:03 | 000,000,600 | ---- | C] () -- C:\Users\Hans\AppData\Roaming\winscp.rnd
[2009.03.26 14:50:35 | 000,000,089 | ---- | C] () -- C:\Users\Hans\AppData\Local\meioa.bat
[2009.02.03 22:19:46 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2007.12.23 15:50:18 | 000,000,092 | ---- | C] () -- C:\Users\Hans\AppData\Local\fusioncache.dat
[2007.10.21 19:23:04 | 000,147,968 | ---- | C] () -- C:\Users\Hans\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.20 21:59:07 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.10.20 21:15:20 | 000,002,032 | ---- | C] () -- C:\Users\Hans\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2010.01.04 07:27:34 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Amazon
[2009.04.18 13:19:32 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Broad Intelligence
[2012.01.09 16:16:11 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Canon
[2007.10.21 10:22:48 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\CD-LabelPrint
[2008.01.06 20:32:51 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Cornelsen
[2009.01.31 13:48:04 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\CoSoSys
[2011.09.18 16:57:18 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\DisplayTune
[2012.02.24 07:11:09 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Elig
[2012.02.08 20:21:46 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\foobar2000
[2012.04.16 13:35:35 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\FRITZ!
[2012.04.16 13:27:17 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2009.03.26 14:51:18 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Games-Attack
[2012.01.17 15:37:36 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\GetRightToGo
[2012.03.05 11:43:19 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\gtk-2.0
[2012.07.28 11:55:45 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\hellomoto
[2008.08.02 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Leadertech
[2007.12.25 11:49:20 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\LG Electronics
[2011.10.11 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\LogoMaker
[2011.09.03 10:33:19 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\MAGIX
[2011.07.29 12:46:53 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Mp3tag
[2011.04.03 17:37:01 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\NCH Swift Sound
[2011.04.23 17:26:49 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Nikon
[2011.02.24 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Nvu
[2011.03.28 18:00:20 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\OpenOffice.org
[2007.11.16 19:55:58 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\pdfMachine
[2011.04.03 17:59:04 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\PixelPlanet
[2012.02.08 20:31:38 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Systweak
[2009.04.01 22:10:57 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Teleca
[2012.02.11 10:29:34 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\TuneUp Software
[2011.04.03 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\UDC Profiles
[2009.05.19 16:51:25 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\uTorrent
[2011.12.23 19:33:48 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Zyoh
[2010.06.12 17:19:05 | 000,001,690 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2012.08.05 22:32:17 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.04.19 07:55:58 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Adobe
[2007.10.26 16:56:13 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Ahead
[2010.01.04 07:27:34 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Amazon
[2012.04.03 20:50:48 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Apple Computer
[2011.03.21 20:02:35 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\ArcSoft
[2012.07.03 10:05:35 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Avira
[2008.01.12 19:48:56 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\AVS4YOU
[2009.04.18 13:19:32 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Broad Intelligence
[2012.01.09 16:16:11 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Canon
[2007.10.21 10:22:48 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\CD-LabelPrint
[2008.01.06 20:32:51 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Cornelsen
[2009.01.31 13:48:04 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\CoSoSys
[2011.08.06 14:22:18 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\CyberLink
[2011.09.18 16:57:18 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\DisplayTune
[2011.12.23 13:52:06 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\DivX
[2012.02.24 07:11:09 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Elig
[2012.02.08 20:21:46 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\foobar2000
[2012.04.16 13:35:35 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\FRITZ!
[2012.04.16 13:27:17 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\FRITZ!fax für FRITZ!Box
[2009.03.26 14:51:18 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Games-Attack
[2012.01.17 15:37:36 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\GetRightToGo
[2007.10.24 18:48:35 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Google
[2012.03.05 11:43:19 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\gtk-2.0
[2012.07.28 11:55:45 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\hellomoto
[2007.10.20 21:15:23 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Identities
[2007.10.20 22:19:35 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\InstallShield
[2008.08.02 14:11:34 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Leadertech
[2007.12.25 11:49:20 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\LG Electronics
[2011.10.11 18:12:49 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\LogoMaker
[2007.10.21 09:39:28 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Macromedia
[2011.09.03 10:33:19 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\MAGIX
[2012.07.29 12:37:16 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Malwarebytes
[2012.03.01 00:03:55 | 000,000,000 | --SD | M] -- C:\Users\Hans\AppData\Roaming\Microsoft
[2009.04.18 13:19:40 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Mozilla
[2011.07.29 12:46:53 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Mp3tag
[2012.01.17 15:56:47 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\NCH Software
[2011.04.03 17:37:01 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\NCH Swift Sound
[2011.04.23 17:26:49 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Nikon
[2011.02.24 20:59:36 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Nvu
[2011.03.28 18:00:20 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\OpenOffice.org
[2007.11.16 19:55:58 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\pdfMachine
[2011.04.03 17:59:04 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\PixelPlanet
[2009.11.06 19:22:51 | 000,000,000 | RH-D | M] -- C:\Users\Hans\AppData\Roaming\SecuROM
[2009.04.01 21:14:58 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Sony Ericsson
[2012.02.08 20:31:38 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Systweak
[2009.04.01 22:10:57 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Teleca
[2012.02.11 10:29:34 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\TuneUp Software
[2011.04.03 18:51:33 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\UDC Profiles
[2009.05.19 16:51:25 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\uTorrent
[2012.04.18 12:46:32 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\vlc
[2011.12.23 19:33:48 | 000,000,000 | ---D | M] -- C:\Users\Hans\AppData\Roaming\Zyoh
 
< %APPDATA%\*.exe /s >
[2009.03.26 14:51:18 | 004,086,216 | ---- | M] () -- C:\Users\Hans\AppData\Roaming\Games-Attack\flash\GA.exe
[2011.04.14 21:17:45 | 000,335,872 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
[2008.08.25 21:54:06 | 000,004,286 | R--- | M] () -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{5D7BB203-9E62-4DD2-A71D-4CD967C874E8}\ARPPRODUCTICON.exe
[2008.08.25 21:54:06 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{5D7BB203-9E62-4DD2-A71D-4CD967C874E8}\NewShortcut1_89C8069289F44CCD9945351244925847.exe
[2008.08.25 21:54:06 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{5D7BB203-9E62-4DD2-A71D-4CD967C874E8}\NewShortcut2_6CD9DF7760004B98AD308333FDB79F08.exe
[2008.08.25 21:54:06 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{5D7BB203-9E62-4DD2-A71D-4CD967C874E8}\NewShortcut3_4D404C9637A34419A1381966D0AE8E03.exe
[2008.08.25 21:54:06 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{5D7BB203-9E62-4DD2-A71D-4CD967C874E8}\NewShortcut4_6CD9DF7760004B98AD308333FDB79F08.exe
[2008.08.25 21:54:06 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{5D7BB203-9E62-4DD2-A71D-4CD967C874E8}\NewShortcut6_6CD9DF7760004B98AD308333FDB79F08.exe
[2012.03.09 12:59:08 | 000,053,248 | R--- | M] (Flexera Software, Inc.) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}\ARPPRODUCTICON.exe
[2011.04.14 21:16:19 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2011.04.14 21:18:38 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Hans\AppData\Roaming\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
[2007.08.29 16:36:00 | 000,110,592 | ---- | M] () -- C:\Users\Hans\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.13 15:14:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.13 15:14:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.13 15:14:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2011.01.07 18:24:30 | 000,036,352 | ---- | M] (Panasonic Corporation) MD5=9B460B97D30E883312816BBA1B10C539 -- C:\Program Files\Panasonic\PHOTOfunSTUDIO 6.1 HD Lite\Core\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.10.20 21:30:00 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.10.20 21:30:00 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.08.06 10:05:42 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.08.06 10:05:42 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.08.06 10:05:42 | 000,580,608 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msfeeds.dll
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A1063995

< End of report >

--- --- ---

cosinus · 06.08.2012, 15:36

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d8f408d-ee04-11de-8a37-0019dbcc8925}\Shell\AutoRun\command - "" = E:\Toshiba\more4you.exe
O33 - MountPoints2\{c6cec781-dbe0-11dc-acb2-0019dbcc8925}\Shell\AutoRun\command - "" = "E:\Install FreeAgent Tools.exe" /run
O33 - MountPoints2\{ee259a18-e6a0-11dc-84c0-0019dbcc8925}\Shell\AutoRun\command - "" = E:\Launch.exe
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A1063995
:Files
C:\Users\Hans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Landauer · 07.08.2012, 16:33

Hallo Arne.
Hab das gestern noch versucht, mit dem OTL fix.
Beim fixen kam dann eine Meldung ich soll einen Datenträger in Laufwerk E einlegen.
Diese Meldung kam dann immer wieder. Beim Rechner ging dann erst mal nichts mehr Vorwärts noch rückwärts und alle Icons auf dem Desktop wareb weg.
Nach einer Weile hab ich mich dann für einen Kaltstart entschieden.
Nach dem dritten Kaltstart kam er dann wieder zurück ins Leben.

Ich wollte das heute nochmal machen, kann aber die OTL.exe nicht mehr starten.
Hab die OTL.exe frisch heruntergeladen..... lässt sich auch nicht starten.?!

Wie auch immer, er läuft wieder und das ist mir erst mal das Wichtigste.

LG Landauer

31.07.2012, 07:28	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verschlüsselungstrojaner eingefangen: (Spyware.Zbot)(Trojan.FakeAlert) ESET hast du wahrscheinlich falsch gemacht, da gab es extra einen dicken Hinweis zu Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen __________________ Logfiles bitte immer in CODE-Tags posten

05.08.2012, 15:30	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verschlüsselungstrojaner eingefangen: (Spyware.Zbot)(Trojan.FakeAlert) Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Verschlüsselungstrojaner eingefangen: (Spyware.Zbot)(Trojan.FakeAlert)

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungstrojaner eingefangen: (Spyware.Zbot)(Trojan.FakeAlert)