Trojaner-Board - Achtung! Ihr Computer wurde gesperrt (Win Vista)

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Achtung! Ihr Computer wurde gesperrt (Win Vista) (https://www.trojaner-board.de/109067-achtung-computer-wurde-gesperrt-win-vista.html)

Achtung! Ihr Computer wurde gesperrt (Win Vista)

Sehr geehrtes Trojaner-Board Team,

vielen Dank, dass es Euch gibt!

Ich habe ein WinVista system mit 32 Bit, und habe mir wie viele Vorposter eingefangen, der meinen PC im nicht abgesicherten Modus sperrt.

Es erscheint eine Meldung, die vorgibt vom Microsoft Security Center zu kommen mit dem sinngemäßen Inhalt: 100 € innerhalb von 24 h zahlen oder alle persönlichen Daten werden gelöscht etc.

Ich habe einen Vollscan mit Malewarebytes durchgeführt (Dauer 1-2 Stunden).

Füre jede Art von Hilfe was ich jetzt tuen soll wäre ich sehr dankbar.

Den Inhalt des Logs habe ich unten in einen Tag gepackt, und starte den PC jetzt neu, weil Maleware das zum Entfernen der gefundenen Objekte so haben möchte.

Code:

  Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 12

HKCR\Typelib\{A8954909-1F0F-41A5-A7FA-3B376D69E226} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} (Search.Hijacker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\VirRLWarning.WarningBHO (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\VirRLWarning.WarningBHO.1 (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\e405.e405mgr (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\VirRL2009 (Rogue.AntiVirusLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A81EBFD7-0FA3-41EC-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 5

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.VUPX.ON1) -> Daten: C:\Users\Besitzer\AppData\Local\Temp\0.8061556931858074.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securewebinfo.com (Trojan.Zlob) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.safetyincludes.com (Trojan.Zlob) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securemanaging.com (Trojan.Zlob) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|start (Trojan.Zlob) -> Daten: C:\Program Files\Applications\iebtm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 13

HKCU\SOFTWARE\Microsoft\Internet Explorer|SearchURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q={searchTerms}) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/ie6.html) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q=%s) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer|SearchURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q={searchTerms}) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/ie6.html) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q=%s) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 1

C:\Windows\System32\675873 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 13

C:\Users\Besitzer\AppData\Local\Temp\0.8061556931858074.exe (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3632b8e3-3b5c011c (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\IUSR_NMPR\Desktop\VirusResponse Lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Besitzer\Favorites\Antivirus Scan.url (Rogue.Link) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Besitzer\Documents\My Documents.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Log ist unvollständig, der Kopf fehlt. Logs immer vollständig posten!

Oh, tut mir Leid, habe ich gar nicht gemerkt.

Ich habe zwischenzeitlich geguckt, ob der PC im normalen Modus wieder läuft.

Das tut er anscheinend ganz normal. Muss ich deswegen den Scan nochmal starten?

Code:

 Malwarebytes Anti-Malware (Test) 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.04.02
 

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 8.0.6001.19170

Besitzer :: BESITZER-PC [Administrator]
 

Schutz: Deaktiviert
 

04.02.2012 14:52:10

mbam-log-2012-02-04 (14-52-10).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 513943

Laufzeit: 1 Stunde(n), 42 Minute(n), 39 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 12

HKCR\Typelib\{A8954909-1F0F-41A5-A7FA-3B376D69E226} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\Interface\{967A494A-6AEC-4555-9CAF-FA6EB00ACF91} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} (Search.Hijacker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\VirRLWarning.WarningBHO (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\VirRLWarning.WarningBHO.1 (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\e405.e405mgr (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\VirRL2009 (Rogue.AntiVirusLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCR\CLSID\{A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A81EBFD7-0FA3-41EC-B60D-6DAE78B4D31A} (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 5

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|vasja (Trojan.VUPX.ON1) -> Daten: C:\Users\Besitzer\AppData\Local\Temp\0.8061556931858074.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securewebinfo.com (Trojan.Zlob) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.safetyincludes.com (Trojan.Zlob) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow|*.securemanaging.com (Trojan.Zlob) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|start (Trojan.Zlob) -> Daten: C:\Program Files\Applications\iebtm.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 13

HKCU\SOFTWARE\Microsoft\Internet Explorer|SearchURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q={searchTerms}) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/ie6.html) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q=%s) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer|SearchURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|SearchMigratedDefaultURL (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q={searchTerms}) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/ie6.html) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w| (Hijack.SearchPage) -> Bösartig: (hxxp://windiwsfsearch.com/search?q=%s) Gut: (hxxp://www.Google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
 

Infizierte Verzeichnisse: 1

C:\Windows\System32\675873 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateien: 13

C:\Users\Besitzer\AppData\Local\Temp\0.8061556931858074.exe (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\3632b8e3-3b5c011c (Trojan.VUPX.ON1) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\IUSR_NMPR\Desktop\VirusResponse Lab 2009 2.1.lnk (Rogue.AntiVirusLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Besitzer\Favorites\Antivirus Scan.url (Rogue.Link) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Besitzer\Documents\My Documents.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\Microsoft\Windows\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\ProgramData\Microsoft\Windows\Start Menu\Online Spyware Test.url (Trojan.Zlob) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo Arne,

danke für die weitere Hilfe. Hier das Log.

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=474780e7505edf448ccc6a0ab651a3b8

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-07 12:17:39

# local_time=2012-02-07 01:17:39 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=3584 16777215 100 0 0 0 0 0

# compatibility_mode=5892 16776573 100 100 154832 166093473 0 0

# compatibility_mode=8192 67108863 100 0 3910 3910 0 0

# scanned=315977

# found=12

# cleaned=0

# scan_time=13114

C:\Program Files\Uniblue\RegistryBooster 2010\Launcher.exe        a variant of Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\Uniblue\RegistryBooster 2010\registrybooster.exe        Win32/RegistryBooster application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Besitzer\AppData\Local\Opera\Opera\profile\cache4\temporary_download\Facemoods.exe        probably a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Besitzer\AppData\Local\Temp\ICReinstall\Facemoods.exe        probably a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\27209327-47ce5d18        probably a variant of Java/Exploit.CVE-2011-3544.AK trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Besitzer\Downloads\eMule\Temp\014.part        a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Besitzer\Downloads\eMule\Temp\022.part        a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Besitzer\Downloads\eMule\Temp\028.part        a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Besitzer\Downloads\eMule\Temp\031.part        a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Besitzer\Downloads\eMule\Temp\034.part        a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Besitzer\Downloads\eMule\Temp\039.part        a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Besitzer\Downloads\eMule\Temp\046.part        a variant of WMA/TrojanDownloader.GetCodec.gen trojan (unable to clean)        00000000000000000000000000000000        I

Zitat:

C:\Program Files\Uniblue\RegistryBooster 2010\Launcher.exe

Finger weg von Registry-Cleanern!!

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr startet.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Funktioniert der normale Modus wieder? Wenn ja: Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 08.02.2012 18:01:29 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Besitzer\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19170)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 54,15% Memory free

6,71 Gb Paging File | 5,14 Gb Available in Paging File | 76,51% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 458,27 Gb Total Space | 48,58 Gb Free Space | 10,60% Space Free | Partition Type: NTFS

Drive D: | 7,49 Gb Total Space | 1,00 Gb Free Space | 13,38% Space Free | Partition Type: NTFS

Drive E: | 465,76 Gb Total Space | 420,07 Gb Free Space | 90,19% Space Free | Partition Type: NTFS

Drive G: | 3,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive H: | 74,52 Gb Total Space | 23,38 Gb Free Space | 31,38% Space Free | Partition Type: NTFS

 

Computer Name: BESITZER-PC | User Name: Besitzer | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.02.08 17:57:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Besitzer\Downloads\OTL.exe

PRC - [2012.02.02 10:24:42 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe

PRC - [2012.01.25 18:49:52 | 000,949,104 | ---- | M] (Opera Software) -- C:\Programme\Opera\opera.exe

PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.01.05 15:27:31 | 000,419,624 | ---- | M] (Valve Corporation) -- C:\Programme\Common Files\Steam\SteamService.exe

PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.12.16 20:02:35 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe

PRC - [2011.11.11 20:51:26 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\Steam.exe

PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009.12.22 18:43:45 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.03.09 05:19:16 | 000,054,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\jureg.exe

PRC - [2008.12.04 13:24:30 | 000,665,424 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe

PRC - [2008.10.28 23:01:22 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe

PRC - [2008.10.28 23:00:40 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Player\vmware-authd.exe

PRC - [2008.10.28 23:00:08 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe

PRC - [2008.10.24 13:33:00 | 001,251,720 | ---- | M] () -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2008.10.08 10:10:00 | 000,394,856 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE

PRC - [2008.09.30 15:51:58 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin

PRC - [2008.09.30 15:49:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe

PRC - [2008.09.27 00:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFBE.EXE

PRC - [2008.06.10 19:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe

PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.19 08:33:27 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe

PRC - [2008.01.15 10:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007.10.19 12:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

PRC - [2007.10.19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVCOMSER\LVComSer.exe

PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007.05.29 16:19:08 | 000,198,240 | ---- | M] () -- c:\hp\HPEZBTN\HPBtnSrv.exe

PRC - [2007.04.18 16:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

PRC - [2007.02.10 04:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2007.02.10 04:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

PRC - [2007.01.09 15:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe

PRC - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2007.01.04 18:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe

PRC - [2006.09.03 10:32:28 | 000,208,896 | ---- | M] () -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

PRC - [2005.03.08 11:46:00 | 000,651,264 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\StCenter.exe

PRC - [2005.03.04 10:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.01.14 14:53:36 | 001,511,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\HPAdvisor\f727af852ac72afb83a7c51fc6d83216\HPAdvisor.ni.exe

MOD - [2012.01.14 14:53:31 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll

MOD - [2012.01.14 14:53:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll

MOD - [2012.01.05 15:27:28 | 014,410,024 | ---- | M] () -- C:\Programme\Steam\bin\libcef.dll

MOD - [2012.01.05 15:27:14 | 000,194,344 | ---- | M] () -- C:\Programme\Steam\bin\chromehtml.dll

MOD - [2012.01.05 15:27:13 | 000,155,432 | ---- | M] () -- C:\Programme\Steam\bin\avformat-52.dll

MOD - [2012.01.05 15:27:13 | 000,091,432 | ---- | M] () -- C:\Programme\Steam\bin\avutil-50.dll

MOD - [2012.01.05 15:27:12 | 000,914,216 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-52.dll

MOD - [2011.10.13 16:56:02 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\8056d047225d4a9c2e4c6b096563d93d\UIAutomationTypes.ni.dll

MOD - [2011.10.13 15:59:23 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll

MOD - [2011.10.13 15:58:39 | 000,338,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SystemStatus\2978900797f76c3eb4088ee4d4476224\SystemStatus.ni.dll

MOD - [2011.10.13 15:58:38 | 000,022,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\RemotingClient\017c1b1f5d669fa74a6ed0a8d694eaaa\RemotingClient.ni.dll

MOD - [2011.10.13 15:58:35 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingServer\cd3b5fd7e08aed4e0e1ecd31427133b0\MessagingServer.ni.dll

MOD - [2011.10.13 15:58:35 | 000,055,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingMessages\1e85cab1b4739e504064dec7d9e273c8\MessagingMessages.ni.dll

MOD - [2011.10.13 15:58:35 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingInterface\27b7334560c8b098e5ae12db6fd4f86a\MessagingInterface.ni.dll

MOD - [2011.10.13 15:58:34 | 000,059,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MessagingClients\072a39aba91486f3bd912925141465e2\MessagingClients.ni.dll

MOD - [2011.10.13 15:58:32 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Content\e15bf096f987e63379ae59e34a0d6502\Content.ni.dll

MOD - [2011.10.13 15:58:32 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CeeWrtier\7c0dcd11d8a241e3f6051863f6afe497\CeeWrtier.ni.dll

MOD - [2011.10.13 15:58:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll

MOD - [2011.10.13 15:31:41 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll

MOD - [2011.10.13 15:31:25 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll

MOD - [2011.10.13 15:31:17 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll

MOD - [2011.10.13 15:31:09 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll

MOD - [2011.10.13 15:30:58 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c472b6ac873a7ff2ebc5bb9eb0f9ce0\PresentationFramework.Classic.ni.dll

MOD - [2011.10.13 15:30:56 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll

MOD - [2011.10.13 15:30:39 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll

MOD - [2011.10.13 15:30:27 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll

MOD - [2011.10.13 15:30:24 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll

MOD - [2011.10.13 15:29:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll

MOD - [2011.06.19 14:24:21 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

MOD - [2010.11.09 04:08:50 | 000,351,800 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

MOD - [2010.11.09 04:08:48 | 001,502,264 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

MOD - [2009.11.03 15:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009.08.05 11:26:14 | 000,061,440 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll

MOD - [2009.08.05 11:26:12 | 000,131,072 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll

MOD - [2009.08.05 11:25:50 | 000,028,672 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

MOD - [2009.03.30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.02.25 02:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll

MOD - [2008.12.03 14:05:26 | 000,135,168 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll

MOD - [2008.11.26 10:56:02 | 000,057,344 | ---- | M] () -- C:\Programme\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll

MOD - [2008.07.29 13:55:14 | 000,969,728 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll

MOD - [2007.11.06 23:20:02 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll

MOD - [2007.10.19 12:17:40 | 000,068,120 | ---- | M] () -- C:\Programme\Common Files\logishrd\LVCOMSER\LVCSPS.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.01.05 15:27:31 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009.08.24 18:01:08 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv)

SRV - [2008.10.28 23:01:22 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2008.10.28 23:00:40 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)

SRV - [2008.10.28 23:00:08 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)

SRV - [2008.10.24 13:33:00 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2008.10.02 18:25:42 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)

SRV - [2008.06.10 19:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2008.01.29 16:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.10.19 12:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007.10.19 12:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2007.10.19 12:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)

SRV - [2007.05.29 16:19:08 | 000,198,240 | ---- | M] () [Auto | Running] -- c:\hp\HPEZBTN\HPBtnSrv.exe -- (HPBtnSrv)

SRV - [2007.01.13 17:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)

SRV - [2007.01.12 13:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)

SRV - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)

SRV - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)

SRV - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2007.01.09 15:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2007.01.04 18:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)

SRV - [2006.09.11 16:02:44 | 000,544,256 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)

SRV - [2006.09.11 16:01:04 | 000,167,936 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)

SRV - [2006.09.11 15:56:32 | 000,075,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)

SRV - [2006.09.11 15:56:20 | 000,188,416 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)

SRV - [2006.09.03 10:32:28 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)

SRV - [2006.08.31 23:47:56 | 000,026,624 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)

SRV - [2006.05.10 09:13:52 | 000,029,696 | R--- | M] (Intel(R) Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)

SRV - [2005.03.04 10:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)

SRV - [2005.03.04 10:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Common Files\AVM\De_serv.exe -- (de_serv)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009.10.02 16:27:25 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2009.10.02 16:27:24 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2009.08.22 19:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)

DRV - [2009.08.18 16:09:20 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009.08.16 23:57:00 | 009,545,152 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009.08.07 23:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.sys -- (SANDRA)

DRV - [2009.08.03 18:07:12 | 000,038,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)

DRV - [2009.08.03 18:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2009.08.03 18:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2009.08.03 18:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2009.08.03 18:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2009.08.03 18:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2008.10.28 23:01:34 | 000,054,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)

DRV - [2008.10.28 23:01:32 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV - [2008.10.28 23:01:32 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)

DRV - [2008.10.28 23:01:30 | 000,857,392 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)

DRV - [2008.10.28 23:01:28 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)

DRV - [2008.10.28 17:03:28 | 000,031,280 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV - [2008.10.28 17:03:28 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)

DRV - [2008.10.28 17:03:28 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV - [2008.10.02 18:24:48 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)

DRV - [2008.02.26 08:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)

DRV - [2008.02.14 02:51:52 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080508.002\IDSvix86.sys -- (IDSvix86)

DRV - [2007.11.30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2007.11.30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)

DRV - [2007.11.30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2007.10.19 12:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007.10.12 03:00:54 | 003,647,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC)

DRV - [2007.10.12 03:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007.10.12 03:00:20 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)

DRV - [2007.10.12 03:00:08 | 002,091,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2007.10.12 02:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2007.10.12 00:56:22 | 000,490,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)

DRV - [2007.10.11 17:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007.10.11 17:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007.04.14 01:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2007.04.13 14:22:56 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

DRV - [2005.12.12 18:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

DRV - [2005.02.22 01:00:00 | 000,015,104 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.Google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.Google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.Google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/

IE - HKLM\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.Google.com/

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.Google.com/

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.Google.com/

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.Google.com/

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Max DE Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"

FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=gppc"

FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {53b7f561-e49d-4a38-bc38-0f2642cee09c}:3.9.0.3

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1

FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.0: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.02.14 19:49:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 18:26:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.12.16 20:03:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.16 20:02:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.25 01:15:17 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.08 18:26:17 | 000,000,000 | ---D | M]

 

[2009.01.01 20:58:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Extensions

[2012.02.07 19:04:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions

[2012.02.07 19:03:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.06.04 14:38:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.02.07 19:03:17 | 000,000,000 | ---D | M] (Max DE Community Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{53b7f561-e49d-4a38-bc38-0f2642cee09c}

[2010.08.01 22:28:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2011.07.26 23:19:27 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\ffxtlbr@Facemoods.com

[2009.12.22 12:23:56 | 000,000,915 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\conduit.xml

[2012.02.06 21:42:35 | 000,000,955 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\icqplugin.xml

[2008.10.19 01:35:57 | 000,000,276 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\search.xml

[2012.02.06 21:42:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.05.26 22:04:57 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}

[2010.12.06 22:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010.06.08 18:26:17 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3

[2009.02.18 17:58:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

[2009.03.26 13:19:22 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2010.12.06 22:55:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.12.16 20:03:10 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2010.12.06 22:55:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009.12.22 04:57:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2009.12.22 04:57:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.07.26 23:22:43 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2009.12.22 04:57:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2009.12.22 04:57:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2009.12.22 04:57:54 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: facemoods (Enabled)

CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

CHR - default_search_provider: suggest_url = 

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: WPI Application Detector (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: Google-Suche = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Facemoods = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: Google Mail = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)

O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)

O2 - BHO: (Reg Error: Value error.) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)

O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Max DE Toolbar) - {53B7F561-E49D-4A38-BC38-0F2642CEE09C} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (P2P Max Toolbar) - {72AE8426-3B8D-4EAD-B191-8D0AD1C62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe (facemoods.com)

O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Programme\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [SunJavaUpdateReg] C:\Windows\System32\jureg.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION)

O4 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)

O4 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..Trusted Domains: fritz.box ([]* in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{137BBA82-2AF6-4D84-97A7-305ED9505D73}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43684FD5-120A-471B-89C1-9EAF2B4C2D17}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77FCAB2C-53E6-4596-9C3B-78D24F359C8E}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Besitzer\Pictures\Ford-Mustang-934.jpg

O24 - Desktop BackupWallPaper: C:\Users\Besitzer\Pictures\Ford-Mustang-934.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.11.06 23:27:19 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011.09.26 10:56:31 | 000,000,000 | ---D | M] - G:\AutoPlay -- [ CDFS ]

O32 - AutoRun File - [2008.10.17 20:30:51 | 001,046,016 | R--- | M] () - G:\autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2011.02.15 13:28:38 | 000,000,081 | R--- | M] () - G:\autorun.inf -- [ CDFS ]

O32 - AutoRun File - [2012.01.13 16:21:39 | 000,000,000 | ---D | M] - H:\AutomationML -- [ NTFS ]

O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2008.10.17 20:30:51 | 001,046,016 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: 00PCTFW - hkey= - key= -  File not found

MsConfig - StartUpReg: CCUTRAYICON - hkey= - key= -  File not found

MsConfig - StartUpReg: Comrade.exe - hkey= - key= - C:\Programme\GameSpy\Comrade\Comrade.exe (IGN Entertainment Inc.)

MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)

MsConfig - StartUpReg: KBD - hkey= - key= - C:\hp\KBD\KbdStub.exe ()

MsConfig - StartUpReg: LogitechCommunicationsManager - hkey= - key= - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

MsConfig - StartUpReg: OsdMaestro - hkey= - key= - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)

MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig - StartUpReg: Steam - hkey= - key= - c:\program files\steam\steam.exe (Valve Corporation)

MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

MsConfig - StartUpReg: Symantec PIF AlertEng - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

MsConfig - StartUpReg: VirRL2009 - hkey= - key= -  File not found

MsConfig - StartUpReg: VMware hqtray - hkey= - key= - C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)

MsConfig - StartUpReg: wblogon - hkey= - key= -  File not found

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 0

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)

Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: VIDC.I420 - C:\Windows\System32\LVCodec2.dll (Logitech Inc.)

Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.06 21:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.02.04 14:49:34 | 000,000,000 | ---D | C] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes

[2012.02.04 14:49:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.02.04 14:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.02.04 14:49:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.02.04 14:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.08 17:46:50 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79E110A4-E473-4187-AE82-7C74B6077D8B}.job

[2012.02.08 17:43:36 | 000,062,716 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012.02.08 17:43:36 | 000,062,716 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012.02.08 17:43:27 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.02.08 17:43:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.08 17:43:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.08 17:43:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.07 22:30:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.02.07 17:28:05 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Besitzer.job

[2012.02.05 23:05:15 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBesitzer.job

[2012.02.04 18:24:30 | 000,002,032 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat

[2012.02.04 14:49:31 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.04 14:46:51 | 000,224,768 | ---- | M] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.04 11:25:00 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2012.01.26 15:25:43 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012.01.23 22:59:16 | 000,000,588 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - Besitzer.job

[2012.01.13 14:35:37 | 000,813,202 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.01.13 14:35:37 | 000,684,398 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.01.13 14:35:37 | 000,191,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.01.13 14:35:37 | 000,159,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[2 C:\*.tmp files -> C:\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.04 14:49:31 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2010.06.08 18:25:39 | 000,023,664 | ---- | C] () -- C:\Windows\hpqins15.dat

[2010.02.26 17:14:19 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI

[2010.01.05 21:41:41 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat

[2010.01.05 21:41:41 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat

[2010.01.05 21:41:41 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat

[2010.01.05 21:41:41 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat

[2010.01.05 21:41:41 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat

[2010.01.05 21:41:41 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat

[2010.01.05 21:41:41 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat

[2010.01.05 21:41:41 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat

[2010.01.05 21:41:41 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat

[2010.01.05 21:41:41 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat

[2010.01.05 21:41:41 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat

[2010.01.05 21:41:41 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat

[2010.01.05 21:41:41 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat

[2010.01.05 21:41:41 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat

[2010.01.05 21:41:41 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat

[2010.01.05 21:41:41 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat

[2010.01.05 21:41:41 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat

[2010.01.05 21:41:41 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat

[2010.01.05 21:41:41 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2009.12.18 16:30:17 | 000,000,192 | ---- | C] () -- C:\ProgramData\sandra.ldb

[2009.12.18 16:30:01 | 012,206,080 | ---- | C] () -- C:\ProgramData\sandra.mda

[2009.10.29 19:16:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.10.29 19:16:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.10.23 10:53:21 | 000,062,716 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009.10.23 10:53:19 | 000,062,716 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009.08.05 14:26:23 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.07.10 23:02:16 | 000,161,767 | ---- | C] () -- C:\Windows\hpqins00.dat

[2009.06.06 18:58:34 | 000,002,032 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d9caps.dat

[2009.02.12 01:23:25 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2009.02.12 01:23:24 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2009.02.03 16:44:00 | 000,055,856 | ---- | C] () -- C:\Windows\System32\vnetinst.dll

[2008.12.28 14:55:17 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2008.11.14 11:43:20 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2008.10.27 11:42:08 | 000,000,376 | ---- | C] () -- C:\Windows\mozregistry.dat

[2008.10.19 20:37:52 | 000,000,096 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\fusioncache.dat

[2008.10.19 16:10:40 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2008.10.19 16:10:39 | 000,022,328 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\PnkBstrK.sys

[2008.10.19 16:09:49 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2008.10.19 16:09:43 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2008.10.19 16:09:42 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe

[2008.10.19 13:57:10 | 000,000,182 | ---- | C] () -- C:\Windows\wininit.ini

[2008.10.18 21:18:59 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini

[2008.10.18 21:17:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2008.10.18 21:15:11 | 000,003,942 | ---- | C] () -- C:\Windows\mozver.dat

[2008.09.29 13:33:28 | 000,160,424 | ---- | C] () -- C:\Windows\hpoins15.dat

[2008.09.29 13:33:28 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat

[2008.04.22 09:02:55 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2008.02.18 19:31:20 | 000,224,768 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.02.09 09:31:15 | 000,000,012 | ---- | C] () -- C:\Windows\dirsaver.ini

[2008.01.31 18:23:25 | 000,000,552 | ---- | C] () -- C:\Users\Besitzer\AppData\Local\d3d8caps.dat

[2008.01.31 16:42:21 | 000,000,100 | ---- | C] () -- C:\Users\Besitzer\AppData\Roaming\wklnhst.dat

[2007.11.07 07:31:13 | 000,813,202 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2007.11.07 07:31:13 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2007.11.07 07:31:13 | 000,191,688 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2007.11.07 07:31:13 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007.11.06 23:20:37 | 000,114,973 | ---- | C] () -- C:\Windows\hpqins13.dat

[2007.11.06 23:09:12 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe

[2007.11.06 23:06:29 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll

[2007.11.06 23:06:29 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll

[2007.10.11 17:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2007.07.19 16:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006.12.13 23:01:36 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006.12.13 23:01:36 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 000,361,416 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,684,398 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,159,558 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006.06.23 10:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

 
 ========== LOP Check ==========

 

[2011.03.15 23:37:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ChessBase

[2010.03.16 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Epson

[2010.04.01 01:01:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\FRITZ!

[2008.11.29 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ

[2011.10.02 04:59:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mount&Blade

[2011.09.21 18:27:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mount&Blade With Fire and Sword

[2008.03.16 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\muvee Technologies

[2008.10.24 17:28:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org

[2008.10.18 19:57:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Opera

[2009.12.22 19:24:20 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\shockvoice

[2008.01.31 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Template

[2011.04.16 17:28:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\The Creative Assembly

[2010.01.24 19:32:25 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client

[2010.01.18 16:00:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft

[2009.10.02 20:21:16 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Uniblue

[2008.04.14 16:20:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinBatch

[2012.02.07 22:31:24 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.02.08 17:46:50 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{79E110A4-E473-4187-AE82-7C74B6077D8B}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.12.22 23:45:55 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Adobe

[2010.05.22 12:14:14 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Apple Computer

[2011.03.15 23:37:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ChessBase

[2010.05.12 15:41:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\DivX

[2011.06.02 01:29:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\dvdcss

[2010.03.16 14:35:58 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Epson

[2010.04.01 01:01:45 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\FRITZ!

[2008.02.08 18:51:36 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Google

[2009.10.25 14:04:19 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Hewlett-Packard

[2008.09.29 13:49:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\HP

[2010.07.07 22:17:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\HPAppData

[2008.11.29 20:34:03 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\ICQ

[2008.01.28 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Identities

[2008.10.18 22:08:04 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\InstallShield

[2008.02.08 18:51:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Macromedia

[2012.02.04 14:49:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Malwarebytes

[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Media Center Programs

[2011.12.22 23:45:55 | 000,000,000 | --SD | M] -- C:\Users\Besitzer\AppData\Roaming\Microsoft

[2011.10.02 04:59:37 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mount&Blade

[2011.09.21 18:27:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mount&Blade With Fire and Sword

[2009.01.01 20:58:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Mozilla

[2008.03.16 18:00:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\muvee Technologies

[2008.10.24 17:28:11 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\OpenOffice.org

[2008.10.18 19:57:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Opera

[2011.12.20 00:55:48 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Real

[2008.03.16 14:03:26 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Roxio

[2009.12.22 19:24:20 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\shockvoice

[2011.01.08 15:58:12 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Skype

[2009.06.17 18:02:00 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Sun

[2008.10.18 21:17:21 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Talkback

[2012.02.03 21:33:38 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\teamspeak2

[2008.01.31 16:43:05 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Template

[2011.04.16 17:28:31 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\The Creative Assembly

[2010.01.24 19:32:25 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\TS3Client

[2010.01.18 16:00:22 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ubisoft

[2009.10.02 20:21:16 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Uniblue

[2009.06.22 15:37:24 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Ventrilo

[2008.11.14 21:27:28 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\vlc

[2010.02.26 17:31:52 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\VMware

[2008.04.14 16:20:29 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinBatch

[2008.03.07 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\WinRAR

[2010.05.12 15:34:23 | 000,000,000 | ---D | M] -- C:\Users\Besitzer\AppData\Roaming\Yahoo!

 
 < %APPDATA%\*.exe /s >

[2011.06.19 14:23:35 | 003,082,400 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2008.04.17 10:26:20 | 000,010,134 | R--- | M] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe

[2008.04.04 18:19:04 | 000,010,134 | R--- | M] () -- C:\Users\Besitzer\AppData\Roaming\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe

[2010.07.10 22:48:04 | 000,673,610 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe

[2010.03.13 15:58:06 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Real\Update\setup3.10\setup.exe

[2010.05.28 19:22:19 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Real\Update\setup3.11\setup.exe

[2011.01.25 23:16:31 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Real\Update\setup3.13\setup.exe

[2011.11.18 19:21:35 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Besitzer\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.02.23 12:17:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2008.02.23 12:17:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2008.02.23 12:17:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2007.11.07 07:39:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2007.11.07 07:39:24 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Files - Unicode (All) ==========

[2009.12.21 23:23:09 | 001,389,056 | ---- | M] ()(C:\Users\Besitzer\Desktop\Pr?si 22.12.2009 Version 5.0.ppt) -- C:\Users\Besitzer\Desktop\Pr�si 22.12.2009 Version 5.0.ppt

[2009.12.21 23:23:09 | 001,389,056 | ---- | C] ()(C:\Users\Besitzer\Desktop\Pr?si 22.12.2009 Version 5.0.ppt) -- C:\Users\Besitzer\Desktop\Pr�si 22.12.2009 Version 5.0.ppt

[2009.12.19 20:10:37 | 000,024,576 | ---- | M] ()(C:\Users\Besitzer\Desktop\Zu beachten f?r Dokumentation und vor allem f?r die Pr?si.doc) -- C:\Users\Besitzer\Desktop\Zu beachten f�r Dokumentation und vor allem f�r die Pr�si.doc

[2009.12.19 20:10:37 | 000,024,576 | ---- | C] ()(C:\Users\Besitzer\Desktop\Zu beachten f?r Dokumentation und vor allem f?r die Pr?si.doc) -- C:\Users\Besitzer\Desktop\Zu beachten f�r Dokumentation und vor allem f�r die Pr�si.doc

[2009.11.18 16:14:05 | 000,041,984 | ---- | M] ()(C:\Users\Besitzer\Desktop\Konzept f?r Vorbereitungsblock.doc) -- C:\Users\Besitzer\Desktop\Konzept f�r Vorbereitungsblock.doc

[2009.11.18 16:14:04 | 000,041,984 | ---- | C] ()(C:\Users\Besitzer\Desktop\Konzept f?r Vorbereitungsblock.doc) -- C:\Users\Besitzer\Desktop\Konzept f�r Vorbereitungsblock.doc

[2009.06.11 19:38:12 | 000,611,840 | ---- | M] ()(C:\Users\Besitzer\Documents\EVB_Pr?si_martin_Samir.ppt) -- C:\Users\Besitzer\Documents\EVB_Pr�si_martin_Samir.ppt

[2009.06.11 19:38:10 | 000,611,840 | ---- | C] ()(C:\Users\Besitzer\Documents\EVB_Pr?si_martin_Samir.ppt) -- C:\Users\Besitzer\Documents\EVB_Pr�si_martin_Samir.ppt

[2009.06.01 15:51:43 | 000,026,749 | ---- | M] ()(C:\Users\Besitzer\Documents\F?rderung von Teamkompetenz_Samir.pdf) -- C:\Users\Besitzer\Documents\F�rderung von Teamkompetenz_Samir.pdf

[2009.06.01 15:51:43 | 000,026,749 | ---- | C] ()(C:\Users\Besitzer\Documents\F?rderung von Teamkompetenz_Samir.pdf) -- C:\Users\Besitzer\Documents\F�rderung von Teamkompetenz_Samir.pdf

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:825D5945

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C31F31E6
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=74&bd=Pavilion&pf=desktop

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/

IE - HKLM\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.Google.com/

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.Google.com/

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.Google.com/

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.Google.com/

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=gppc

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.Google.com/

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\SearchURL\w, = http://www.Google.com/

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="

FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Max DE Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"

FF - prefs.js..browser.startup.homepage: "http://start.facemoods.com/?a=gppc"

FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.3.0

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.60

[2012.02.07 19:03:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.06.04 14:38:09 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2012.02.07 19:03:17 | 000,000,000 | ---D | M] (Max DE Community Toolbar) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{53b7f561-e49d-4a38-bc38-0f2642cee09c}

[2010.08.01 22:28:31 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}

[2011.07.26 23:19:27 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\ffxtlbr@Facemoods.com

[2009.12.22 12:23:56 | 000,000,915 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\conduit.xml

[2012.02.06 21:42:35 | 000,000,955 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\icqplugin.xml

[2008.10.19 01:35:57 | 000,000,276 | ---- | M] () -- C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\search.xml

2009.05.26 22:04:57 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Programme\Mozilla Firefox\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}

[2011.07.26 23:22:43 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

CHR - default_search_provider: search_url = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4

CHR - Extension: Facemoods = C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)

O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll (facemoods.com BHO)

O2 - BHO: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)

O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)

O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)

O2 - BHO: (Reg Error: Value error.) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll File not found

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Max DE Toolbar) - {53b7f561-e49d-4a38-bc38-0f2642cee09c} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (P2P Max Toolbar) - {72ae8426-3b8d-4ead-b191-8d0ad1c62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)

O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll (facemoods.com)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH)

O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Max DE Toolbar) - {53B7F561-E49D-4A38-BC38-0F2642CEE09C} - C:\Programme\Max_DE\tbMax_.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (P2P Max Toolbar) - {72AE8426-3B8D-4EAD-B191-8D0AD1C62158} - C:\Programme\P2P_Max\tbP2P1.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSof1.dll (Conduit Ltd.)

O4 - HKLM..\Run: []  File not found        

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007.11.06 23:27:19 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2012.01.13 16:21:39 | 000,000,000 | ---D | M] - H:\AutomationML -- [ NTFS ]

O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun.exe -- [2008.10.17 20:30:51 | 001,046,016 | R--- | M] ()

MsConfig - StartUpReg: 00PCTFW - hkey= - key= -  File not found

MsConfig - StartUpReg: CCUTRAYICON - hkey= - key= -  File not found

MsConfig - StartUpReg: VirRL2009 - hkey= - key= -  File not found

MsConfig - StartUpReg: wblogon - hkey= - key= -  File not found

MsConfig - State: "startup" - 2

MsConfig - State: "services" - 0

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:825D5945

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:C31F31E6

:Files

C:\Users\Besitzer\AppData\Roaming\Uniblue

C:\Program Files\Uniblue

C:\Users\Besitzer\AppData\Local\Opera\Opera\profile\cache4\temporary_download\Facemoods.exe

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

C:\Users\Besitzer\Downloads\eMule

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Vielen Dank für die Hilfe!!

Nach ein paar Minuten hat Windows OTL "beendet" mit "Programm reagiert nicht". Nach dem Reboot kam folgender Text:

Code:

Files\Folders moved on Reboot...

File move failed. c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll scheduled to be moved on reboot.

File move failed. c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll scheduled to be moved on reboot.

File move failed. G:\autorun.exe scheduled to be moved on reboot.
 

Registry entries deleted on Reboot...

Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ scheduled to be deleted on reboot.

Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ .

Wiederhol den Fix bitte

Vielen lieben Dank, es scheint alles geklappt zu haben!!

Code:

 All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKLM\Software\Microsoft\Internet Explorer\SearchURL\w\\| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{53b7f561-e49d-4a38-bc38-0f2642cee09c} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.

File C:\Programme\Max_DE\tbMax_.dll not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{72ae8426-3b8d-4ead-b191-8d0ad1c62158} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.

File C:\Programme\P2P_Max\tbP2P1.dll not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.

File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.

HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!

HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!

HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!

HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKU\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\SearchURL\w\\| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.

Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{53b7f561-e49d-4a38-bc38-0f2642cee09c} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.

File C:\Programme\Max_DE\tbMax_.dll not found.

Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{72ae8426-3b8d-4ead-b191-8d0ad1c62158} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.

File C:\Programme\P2P_Max\tbP2P1.dll not found.

Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.

Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.

File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.

Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.

Prefs.js: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" removed from CommunityToolbar.SearchFromAddressBarSavedUrl

Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename

Prefs.js: "Max DE Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2055800&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl

Prefs.js: "Facemoods Search" removed from browser.search.selectedEngine

Prefs.js: "hxxp://start.facemoods.com/?a=gppc" removed from browser.startup.homepage

Prefs.js: ffxtlbr@Facemoods.com:1.3.0 removed from extensions.enabledItems

Prefs.js: smartwebprinting@hp.com:4.60 removed from extensions.enabledItems

C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.

C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.

C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.

C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.

Folder C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\ not found.

Folder C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.

Folder C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ not found.

Folder C:\Users\Besitzer\AppData\Roaming\mozilla\Firefox\Profiles\vndjk3ta.default\extensions\ffxtlbr@Facemoods.com\ not found.

File C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\conduit.xml not found.

File C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\icqplugin.xml not found.

File C:\Users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\searchplugins\search.xml not found.

File C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml not found.

Unable to fix default_search_provider items.

File C:\Users\Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0 not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.

Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ scheduled to be deleted on reboot.

Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ .

File c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA}\ not found.

File C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.

File C:\Programme\Max_DE\tbMax_.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ not found.

File C:\Programme\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.

File C:\Programme\P2P_Max\tbP2P1.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.

File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.

File C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.

File c:\Programme\Google\GoogleToolbar2.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE1A344F-9FF5-4024-949B-52205E6DB2D0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ not found.

File C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{53b7f561-e49d-4a38-bc38-0f2642cee09c} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53b7f561-e49d-4a38-bc38-0f2642cee09c}\ not found.

File C:\Programme\Max_DE\tbMax_.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{72ae8426-3b8d-4ead-b191-8d0ad1c62158} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72ae8426-3b8d-4ead-b191-8d0ad1c62158}\ not found.

File C:\Programme\P2P_Max\tbP2P1.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.

File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\ not found.

File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90222687-F593-4738-B738-FBEE9C7B26DF} not found.

Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90222687-F593-4738-B738-FBEE9C7B26DF}\ .

File c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.

File C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found.

File C:\Programme\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

File C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll not found.

Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

File c:\Programme\Google\GoogleToolbar2.dll not found.

Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{53B7F561-E49D-4A38-BC38-0F2642CEE09C} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53B7F561-E49D-4A38-BC38-0F2642CEE09C}\ not found.

File C:\Programme\Max_DE\tbMax_.dll not found.

Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{72AE8426-3B8D-4EAD-B191-8D0AD1C62158} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72AE8426-3B8D-4EAD-B191-8D0AD1C62158}\ not found.

File C:\Programme\P2P_Max\tbP2P1.dll not found.

Registry value HKEY_USERS\S-1-5-21-2479714738-3551449272-3275862119-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}\ not found.

File C:\Programme\Softonic_Deutsch\tbSof1.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

File C:\autoexec.bat not found.

File  not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4eb92544-9cda-11dc-9b2d-806e6f6e6963}\ not found.

File move failed. G:\autorun.exe scheduled to be moved on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\00PCTFW\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\CCUTRAYICON\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\VirRL2009\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\wblogon\ not found.

Unable to delete ADS C:\ProgramData\TEMP:825D5945 .

Unable to delete ADS C:\ProgramData\TEMP:C31F31E6 .

========== FILES ==========

File\Folder C:\Users\Besitzer\AppData\Roaming\Uniblue not found.

File\Folder C:\Program Files\Uniblue not found.

File\Folder C:\Users\Besitzer\AppData\Local\Opera\Opera\profile\cache4\temporary_download\Facemoods.exe not found.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.

C:\Users\Besitzer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.

File\Folder C:\Users\Besitzer\Downloads\eMule not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Besitzer

->Temp folder emptied: 700095 bytes

->Temporary Internet Files folder emptied: 33521 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 25346440 bytes

->Google Chrome cache emptied: 0 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 1047 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: IUSR_NMPR

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 314406457 bytes

RecycleBin emptied: 8205124326 bytes

 

Total Files Cleaned = 8.150,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 02112012_154715
 

Files\Folders moved on Reboot...

File move failed. G:\autorun.exe scheduled to be moved on reboot.

File move failed. C:\Windows\temp\nmsmc_DQLWinService.log scheduled to be moved on reboot.

File\Folder C:\Windows\temp\TMP0000006853BEF54980C6EEAF not found!

File\Folder C:\Windows\temp\TMP000000691218B65509F332A8 not found!

File\Folder C:\Windows\temp\TMP0000006EBAAD5C4C8E77FEED not found!
 

Registry entries deleted on Reboot...

Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ scheduled to be deleted on reboot.

Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ .

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Ich kann auf alle persönlichen Dokumente, Programme, etc. zugreifen.

Das Ergebenis vom TDSS-Killer lautet wie folgt:

Code:

21:39:36.0838 5224        TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52

21:39:38.0840 5224        ============================================================

21:39:38.0840 5224        Current date / time: 2012/02/13 21:39:38.0840

21:39:38.0840 5224        SystemInfo:

21:39:38.0840 5224        

21:39:38.0840 5224        OS Version: 6.0.6002 ServicePack: 2.0

21:39:38.0840 5224        Product type: Workstation

21:39:38.0840 5224        ComputerName: BESITZER-PC

21:39:38.0840 5224        UserName: Besitzer

21:39:38.0841 5224        Windows directory: C:\Windows

21:39:38.0841 5224        System windows directory: C:\Windows

21:39:38.0841 5224        Processor architecture: Intel x86

21:39:38.0841 5224        Number of processors: 4

21:39:38.0841 5224        Page size: 0x1000

21:39:38.0841 5224        Boot type: Normal boot

21:39:38.0841 5224        ============================================================

21:39:40.0250 5224        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:39:40.0275 5224        Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

21:39:40.0278 5224        Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

21:39:40.0691 5224        \Device\Harddisk0\DR0:

21:39:40.0692 5224        MBR used

21:39:40.0692 5224        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x39488EB0

21:39:40.0692 5224        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x39488EEF, BlocksNum 0xEFBD52

21:39:40.0692 5224        \Device\Harddisk1\DR1:

21:39:40.0692 5224        MBR used

21:39:40.0692 5224        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02

21:39:40.0692 5224        \Device\Harddisk2\DR2:

21:39:40.0692 5224        MBR used

21:39:40.0708 5224        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x950A5C1

21:39:40.0879 5224        Initialize success

21:39:40.0879 5224        ============================================================

21:40:23.0049 6108        ============================================================

21:40:23.0049 6108        Scan started

21:40:23.0049 6108        Mode: Manual; SigCheck; TDLFS; 

21:40:23.0049 6108        ============================================================

21:40:23.0469 6108        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

21:40:23.0562 6108        ACPI - ok

21:40:23.0633 6108        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

21:40:23.0662 6108        adp94xx - ok

21:40:23.0717 6108        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

21:40:23.0731 6108        adpahci - ok

21:40:23.0750 6108        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

21:40:23.0760 6108        adpu160m - ok

21:40:23.0780 6108        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

21:40:23.0792 6108        adpu320 - ok

21:40:23.0862 6108        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

21:40:23.0931 6108        AFD - ok

21:40:23.0980 6108        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

21:40:23.0990 6108        agp440 - ok

21:40:24.0020 6108        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

21:40:24.0029 6108        aic78xx - ok

21:40:24.0066 6108        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

21:40:24.0075 6108        aliide - ok

21:40:24.0089 6108        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

21:40:24.0099 6108        amdagp - ok

21:40:24.0117 6108        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

21:40:24.0125 6108        amdide - ok

21:40:24.0139 6108        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

21:40:24.0300 6108        AmdK7 - ok

21:40:24.0326 6108        AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

21:40:24.0386 6108        AmdK8 - ok

21:40:24.0450 6108        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

21:40:24.0459 6108        arc - ok

21:40:24.0481 6108        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

21:40:24.0490 6108        arcsas - ok

21:40:24.0538 6108        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

21:40:24.0661 6108        AsyncMac - ok

21:40:24.0694 6108        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

21:40:24.0701 6108        atapi - ok

21:40:24.0781 6108        atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys

21:40:24.0822 6108        atksgt - ok

21:40:24.0879 6108        AVMUNET         (077b3692f4376d1539755761feef659a) C:\Windows\system32\DRIVERS\avmunet.sys

21:40:24.0962 6108        AVMUNET - ok

21:40:25.0018 6108        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

21:40:25.0072 6108        Beep - ok

21:40:25.0086 6108        blbdrive - ok

21:40:25.0139 6108        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

21:40:25.0195 6108        bowser - ok

21:40:25.0233 6108        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

21:40:25.0318 6108        BrFiltLo - ok

21:40:25.0345 6108        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

21:40:25.0392 6108        BrFiltUp - ok

21:40:25.0432 6108        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

21:40:25.0513 6108        Brserid - ok

21:40:25.0567 6108        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

21:40:25.0656 6108        BrSerWdm - ok

21:40:25.0684 6108        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

21:40:25.0755 6108        BrUsbMdm - ok

21:40:25.0777 6108        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

21:40:25.0840 6108        BrUsbSer - ok

21:40:25.0875 6108        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

21:40:25.0958 6108        BTHMODEM - ok

21:40:26.0022 6108        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

21:40:26.0080 6108        cdfs - ok

21:40:26.0124 6108        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

21:40:26.0187 6108        cdrom - ok

21:40:26.0238 6108        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

21:40:26.0281 6108        circlass - ok

21:40:26.0436 6108        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

21:40:26.0470 6108        CLFS - ok

21:40:26.0516 6108        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

21:40:26.0524 6108        cmdide - ok

21:40:26.0540 6108        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

21:40:26.0549 6108        Compbatt - ok

21:40:26.0572 6108        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

21:40:26.0580 6108        crcdisk - ok

21:40:26.0601 6108        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

21:40:26.0662 6108        Crusoe - ok

21:40:26.0750 6108        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

21:40:26.0814 6108        DfsC - ok

21:40:26.0878 6108        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

21:40:26.0887 6108        disk - ok

21:40:27.0016 6108        Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

21:40:27.0116 6108        Dot4 - ok

21:40:27.0158 6108        Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

21:40:27.0181 6108        Dot4Print - ok

21:40:27.0216 6108        dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

21:40:27.0238 6108        dot4usb - ok

21:40:27.0287 6108        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

21:40:27.0325 6108        drmkaud - ok

21:40:27.0387 6108        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

21:40:27.0460 6108        DXGKrnl - ok

21:40:27.0552 6108        e1express       (04944f4fc4f0477185f5d26ae0ddb90e) C:\Windows\system32\DRIVERS\e1e6032.sys

21:40:27.0566 6108        e1express - ok

21:40:27.0621 6108        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

21:40:27.0687 6108        E1G60 - ok

21:40:27.0754 6108        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

21:40:27.0764 6108        Ecache - ok

21:40:27.0798 6108        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

21:40:27.0813 6108        elxstor - ok

21:40:27.0860 6108        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

21:40:27.0915 6108        exfat - ok

21:40:27.0968 6108        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

21:40:28.0013 6108        fastfat - ok

21:40:28.0054 6108        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

21:40:28.0122 6108        fdc - ok

21:40:28.0169 6108        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

21:40:28.0177 6108        FileInfo - ok

21:40:28.0216 6108        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

21:40:28.0275 6108        Filetrace - ok

21:40:28.0308 6108        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

21:40:28.0379 6108        flpydisk - ok

21:40:28.0459 6108        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

21:40:28.0480 6108        FltMgr - ok

21:40:28.0516 6108        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

21:40:28.0555 6108        Fs_Rec - ok

21:40:28.0588 6108        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

21:40:28.0597 6108        gagp30kx - ok

21:40:28.0659 6108        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

21:40:28.0678 6108        GEARAspiWDM - ok

21:40:28.0751 6108        hcmon           (dffc465c0a31dd2a86c4dd0a552aded8) C:\Windows\system32\drivers\hcmon.sys

21:40:28.0760 6108        hcmon - ok

21:40:28.0790 6108        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

21:40:28.0834 6108        HdAudAddService - ok

21:40:28.0874 6108        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:40:28.0930 6108        HDAudBus - ok

21:40:28.0972 6108        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

21:40:29.0040 6108        HidBth - ok

21:40:29.0084 6108        HidIr           (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys

21:40:29.0102 6108        HidIr - ok

21:40:29.0130 6108        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

21:40:29.0155 6108        HidUsb - ok

21:40:29.0184 6108        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

21:40:29.0201 6108        HpCISSs - ok

21:40:29.0253 6108        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

21:40:29.0350 6108        HTTP - ok

21:40:29.0397 6108        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

21:40:29.0420 6108        i2omp - ok

21:40:29.0454 6108        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

21:40:29.0472 6108        i8042prt - ok

21:40:29.0535 6108        ialm            (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys

21:40:29.0666 6108        ialm - ok

21:40:29.0759 6108        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

21:40:29.0780 6108        iaStorV - ok

21:40:29.0901 6108        IDSvix86        (f49b22e2cc15de6e752fc8cb24eb7069) C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080508.002\IDSvix86.sys

21:40:29.0929 6108        IDSvix86 - ok

21:40:29.0948 6108        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

21:40:29.0957 6108        iirsp - ok

21:40:30.0037 6108        IntcAzAudAddService (edc37b918e583a5a813c53d4f5588255) C:\Windows\system32\drivers\RTKVHDA.sys

21:40:30.0114 6108        IntcAzAudAddService - ok

21:40:30.0156 6108        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys

21:40:30.0164 6108        intelide - ok

21:40:30.0198 6108        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

21:40:30.0244 6108        intelppm - ok

21:40:30.0287 6108        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:40:30.0333 6108        IpFilterDriver - ok

21:40:30.0343 6108        IpInIp - ok

21:40:30.0374 6108        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

21:40:30.0435 6108        IPMIDRV - ok

21:40:30.0467 6108        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

21:40:30.0511 6108        IPNAT - ok

21:40:30.0574 6108        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

21:40:30.0644 6108        IRENUM - ok

21:40:30.0757 6108        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

21:40:30.0766 6108        isapnp - ok

21:40:30.0801 6108        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

21:40:30.0812 6108        iScsiPrt - ok

21:40:30.0833 6108        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

21:40:30.0854 6108        iteatapi - ok

21:40:30.0881 6108        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

21:40:30.0892 6108        iteraid - ok

21:40:30.0902 6108        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

21:40:30.0911 6108        kbdclass - ok

21:40:30.0944 6108        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

21:40:30.0980 6108        kbdhid - ok

21:40:31.0030 6108        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys

21:40:31.0050 6108        KSecDD - ok

21:40:31.0136 6108        lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys

21:40:31.0146 6108        lirsgt - ok

21:40:31.0181 6108        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

21:40:31.0231 6108        lltdio - ok

21:40:31.0268 6108        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

21:40:31.0289 6108        LSI_FC - ok

21:40:31.0312 6108        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

21:40:31.0322 6108        LSI_SAS - ok

21:40:31.0342 6108        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

21:40:31.0352 6108        LSI_SCSI - ok

21:40:31.0382 6108        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

21:40:31.0405 6108        luafv - ok

21:40:31.0477 6108        LVcKap          (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys

21:40:31.0554 6108        LVcKap - ok

21:40:31.0714 6108        LVMVDrv         (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys

21:40:31.0814 6108        LVMVDrv - ok

21:40:31.0991 6108        lvpopflt        (e1158b0cb852db0573922c92e6e564de) C:\Windows\system32\DRIVERS\lvpopflt.sys

21:40:32.0074 6108        lvpopflt - ok

21:40:32.0108 6108        LVPr2Mon        (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys

21:40:32.0142 6108        LVPr2Mon - ok

21:40:32.0227 6108        LVRS            (26dc8ebcce7d0e49680af6fca7b7aa38) C:\Windows\system32\DRIVERS\lvrs.sys

21:40:32.0334 6108        LVRS - ok

21:40:32.0378 6108        lvselsus        (3e0c7b317f2564ca8fc87b90e1d16e66) C:\Windows\system32\DRIVERS\lvselsus.sys

21:40:32.0413 6108        lvselsus - ok

21:40:32.0482 6108        LVUSBSta        (be5e104be263921d6842c555db6a5c23) C:\Windows\system32\drivers\LVUSBSta.sys

21:40:32.0515 6108        LVUSBSta - ok

21:40:32.0639 6108        LVUVC           (eacd1eb2d82ed2adc753afeee1d4d660) C:\Windows\system32\DRIVERS\lvuvc.sys

21:40:32.0825 6108        LVUVC - ok

21:40:32.0924 6108        MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys

21:40:32.0933 6108        MBAMProtector - ok

21:40:32.0969 6108        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

21:40:32.0978 6108        megasas - ok

21:40:33.0009 6108        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

21:40:33.0051 6108        Modem - ok

21:40:33.0098 6108        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

21:40:33.0131 6108        monitor - ok

21:40:33.0160 6108        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

21:40:33.0175 6108        mouclass - ok

21:40:33.0190 6108        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

21:40:33.0240 6108        mouhid - ok

21:40:33.0285 6108        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

21:40:33.0295 6108        MountMgr - ok

21:40:33.0319 6108        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

21:40:33.0331 6108        mpio - ok

21:40:33.0342 6108        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

21:40:33.0384 6108        mpsdrv - ok

21:40:33.0418 6108        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

21:40:33.0427 6108        Mraid35x - ok

21:40:33.0446 6108        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

21:40:33.0506 6108        MRxDAV - ok

21:40:33.0553 6108        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:40:33.0618 6108        mrxsmb - ok

21:40:33.0684 6108        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:40:33.0722 6108        mrxsmb10 - ok

21:40:33.0757 6108        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:40:33.0793 6108        mrxsmb20 - ok

21:40:33.0826 6108        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

21:40:33.0835 6108        msahci - ok

21:40:33.0846 6108        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

21:40:33.0856 6108        msdsm - ok

21:40:33.0894 6108        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

21:40:33.0944 6108        Msfs - ok

21:40:34.0001 6108        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

21:40:34.0009 6108        msisadrv - ok

21:40:34.0046 6108        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

21:40:34.0094 6108        MSKSSRV - ok

21:40:34.0150 6108        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

21:40:34.0199 6108        MSPCLOCK - ok

21:40:34.0244 6108        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

21:40:34.0269 6108        MSPQM - ok

21:40:34.0303 6108        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

21:40:34.0314 6108        MsRPC - ok

21:40:34.0327 6108        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

21:40:34.0339 6108        mssmbios - ok

21:40:34.0376 6108        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

21:40:34.0406 6108        MSTEE - ok

21:40:34.0459 6108        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

21:40:34.0468 6108        Mup - ok

21:40:34.0519 6108        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

21:40:34.0547 6108        NativeWifiP - ok

21:40:34.0600 6108        NAVENG - ok

21:40:34.0607 6108        NAVEX15 - ok

21:40:34.0645 6108        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

21:40:34.0690 6108        NDIS - ok

21:40:34.0763 6108        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

21:40:34.0801 6108        NdisTapi - ok

21:40:35.0075 6108        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

21:40:35.0099 6108        Ndisuio - ok

21:40:35.0134 6108        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

21:40:35.0173 6108        NdisWan - ok

21:40:35.0222 6108        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

21:40:35.0261 6108        NDProxy - ok

21:40:35.0305 6108        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

21:40:35.0328 6108        NetBIOS - ok

21:40:35.0490 6108        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

21:40:35.0535 6108        netbt - ok

21:40:35.0647 6108        netr73          (271ac1312ef1dde187793183abbfa8d0) C:\Windows\system32\DRIVERS\netr73.sys

21:40:35.0716 6108        netr73 - ok

21:40:35.0750 6108        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

21:40:35.0759 6108        nfrd960 - ok

21:40:35.0898 6108        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

21:40:35.0930 6108        Npfs - ok

21:40:36.0006 6108        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

21:40:36.0037 6108        nsiproxy - ok

21:40:36.0158 6108        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

21:40:36.0204 6108        Ntfs - ok

21:40:36.0251 6108        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

21:40:36.0330 6108        ntrigdigi - ok

21:40:36.0369 6108        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

21:40:36.0411 6108        Null - ok

21:40:36.0720 6108        nvlddmkm        (c14e3c26a348e359b89b4a02279d76c4) C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:40:37.0145 6108        nvlddmkm - ok

21:40:37.0175 6108        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

21:40:37.0209 6108        nvraid - ok

21:40:37.0247 6108        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

21:40:37.0255 6108        nvstor - ok

21:40:37.0279 6108        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

21:40:37.0289 6108        nv_agp - ok

21:40:37.0298 6108        NwlnkFlt - ok

21:40:37.0306 6108        NwlnkFwd - ok

21:40:37.0383 6108        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

21:40:37.0400 6108        ohci1394 - ok

21:40:37.0417 6108        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

21:40:37.0476 6108        Parport - ok

21:40:37.0516 6108        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

21:40:37.0524 6108        partmgr - ok

21:40:37.0786 6108        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

21:40:37.0851 6108        Parvdm - ok

21:40:37.0891 6108        PCDSRVC{D5068648-4046B656-06000000}_0 - ok

21:40:37.0929 6108        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

21:40:37.0940 6108        pci - ok

21:40:37.0964 6108        pciide          (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys

21:40:37.0972 6108        pciide - ok

21:40:38.0052 6108        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

21:40:38.0065 6108        pcmcia - ok

21:40:38.0108 6108        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

21:40:38.0170 6108        PEAUTH - ok

21:40:38.0220 6108        PID_0928        (3551190e9cf1eb4c0971bdef4269ca25) C:\Windows\system32\DRIVERS\LV561AV.SYS

21:40:38.0246 6108        PID_0928 - ok

21:40:38.0314 6108        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

21:40:38.0359 6108        PptpMiniport - ok

21:40:38.0392 6108        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

21:40:38.0454 6108        Processor - ok

21:40:38.0518 6108        Ps2             (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys

21:40:38.0569 6108        Ps2 - ok

21:40:38.0631 6108        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

21:40:38.0680 6108        PSched - ok

21:40:38.0723 6108        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys

21:40:38.0732 6108        PxHelp20 - ok

21:40:38.0772 6108        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

21:40:38.0816 6108        ql2300 - ok

21:40:38.0842 6108        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

21:40:38.0853 6108        ql40xx - ok

21:40:38.0883 6108        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

21:40:38.0942 6108        QWAVEdrv - ok

21:40:38.0974 6108        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

21:40:39.0020 6108        RasAcd - ok

21:40:39.0066 6108        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:40:39.0115 6108        Rasl2tp - ok

21:40:39.0143 6108        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

21:40:39.0183 6108        RasPppoe - ok

21:40:39.0219 6108        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

21:40:39.0253 6108        RasSstp - ok

21:40:39.0299 6108        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

21:40:39.0319 6108        rdbss - ok

21:40:39.0350 6108        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:40:39.0396 6108        RDPCDD - ok

21:40:39.0449 6108        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

21:40:39.0509 6108        rdpdr - ok

21:40:39.0539 6108        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

21:40:39.0589 6108        RDPENCDD - ok

21:40:39.0648 6108        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

21:40:39.0685 6108        RDPWD - ok

21:40:39.0935 6108        RivaTuner32     (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys

21:40:39.0967 6108        RivaTuner32 ( UnsignedFile.Multi.Generic ) - warning

21:40:39.0967 6108        RivaTuner32 - detected UnsignedFile.Multi.Generic (1)

21:40:40.0007 6108        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

21:40:40.0031 6108        rspndr - ok

21:40:40.0125 6108        SANDRA          (230fd3749904ca045ea5ec0aa14006e9) C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\Sandra.sys

21:40:40.0134 6108        SANDRA - ok

21:40:40.0150 6108        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

21:40:40.0161 6108        sbp2port - ok

21:40:40.0175 6108        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

21:40:40.0237 6108        secdrv - ok

21:40:40.0365 6108        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

21:40:40.0433 6108        Serenum - ok

21:40:40.0466 6108        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

21:40:40.0511 6108        Serial - ok

21:40:40.0543 6108        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

21:40:40.0595 6108        sermouse - ok

21:40:40.0632 6108        sffdisk         (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

21:40:40.0668 6108        sffdisk - ok

21:40:40.0699 6108        sffp_mmc        (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

21:40:40.0753 6108        sffp_mmc - ok

21:40:40.0779 6108        sffp_sd         (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

21:40:40.0829 6108        sffp_sd - ok

21:40:40.0864 6108        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

21:40:40.0932 6108        sfloppy - ok

21:40:41.0067 6108        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

21:40:41.0076 6108        sisagp - ok

21:40:41.0093 6108        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

21:40:41.0102 6108        SiSRaid2 - ok

21:40:41.0123 6108        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

21:40:41.0133 6108        SiSRaid4 - ok

21:40:41.0163 6108        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

21:40:41.0241 6108        Smb - ok

21:40:41.0369 6108        SPBBCDrv        (cdea9a0a0e547fef4c44ccae35a9b09c) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

21:40:41.0389 6108        SPBBCDrv - ok

21:40:41.0421 6108        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

21:40:41.0429 6108        spldr - ok

21:40:41.0510 6108        SRTSP           (655773f2f1a3730c6cf20280a49f4ee1) C:\Windows\system32\Drivers\SRTSP.SYS

21:40:41.0525 6108        SRTSP - ok

21:40:41.0545 6108        SRTSPL          (2a0aaf370d4c6574a34ae2f4a0709cae) C:\Windows\system32\Drivers\SRTSPL.SYS

21:40:41.0560 6108        SRTSPL - ok

21:40:41.0589 6108        SRTSPX          (3104bdceace2d5710776dd05e6a286c1) C:\Windows\system32\Drivers\SRTSPX.SYS

21:40:41.0597 6108        SRTSPX - ok

21:40:41.0623 6108        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

21:40:41.0676 6108        srv - ok

21:40:41.0708 6108        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

21:40:41.0751 6108        srv2 - ok

21:40:41.0797 6108        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

21:40:41.0831 6108        srvnet - ok

21:40:41.0891 6108        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

21:40:41.0899 6108        swenum - ok

21:40:41.0930 6108        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

21:40:41.0938 6108        Symc8xx - ok

21:40:41.0967 6108        SYMDNS          (51b57cda977170ac608d839dbfa1d3ee) C:\Windows\System32\Drivers\SYMDNS.SYS

21:40:41.0975 6108        SYMDNS - ok

21:40:42.0006 6108        SymEvent        (06b95820df51502099a8a15c93e87986) C:\Windows\system32\Drivers\SYMEVENT.SYS

21:40:42.0017 6108        SymEvent - ok

21:40:42.0046 6108        SYMFW           (a131d8360b01044517aa44529e2137d6) C:\Windows\System32\Drivers\SYMFW.SYS

21:40:42.0057 6108        SYMFW - ok

21:40:42.0087 6108        SYMIDS          (2b77868f02dae02103380b824431b798) C:\Windows\System32\Drivers\SYMIDS.SYS

21:40:42.0095 6108        SYMIDS - ok

21:40:42.0112 6108        SYMNDISV        (7d3addfe63e5227bd2dbd5692bafb688) C:\Windows\System32\Drivers\SYMNDISV.SYS

21:40:42.0120 6108        SYMNDISV - ok

21:40:42.0150 6108        SYMREDRV        (394b2368212114d538316812af60fddd) C:\Windows\System32\Drivers\SYMREDRV.SYS

21:40:42.0158 6108        SYMREDRV - ok

21:40:42.0175 6108        SYMTDI          (d46676bb414c7531bdffe637a33f5033) C:\Windows\System32\Drivers\SYMTDI.SYS

21:40:42.0187 6108        SYMTDI - ok

21:40:42.0206 6108        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

21:40:42.0215 6108        Sym_hi - ok

21:40:42.0233 6108        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

21:40:42.0242 6108        Sym_u3 - ok

21:40:42.0305 6108        Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys

21:40:42.0350 6108        Tcpip - ok

21:40:42.0391 6108        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys

21:40:42.0416 6108        Tcpip6 - ok

21:40:42.0461 6108        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

21:40:42.0490 6108        tcpipreg - ok

21:40:42.0538 6108        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

21:40:42.0580 6108        TDPIPE - ok

21:40:42.0605 6108        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

21:40:42.0642 6108        TDTCP - ok

21:40:42.0692 6108        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

21:40:42.0734 6108        tdx - ok

21:40:42.0777 6108        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

21:40:42.0786 6108        TermDD - ok

21:40:42.0828 6108        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:40:42.0851 6108        tssecsrv - ok

21:40:42.0906 6108        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

21:40:42.0959 6108        tunmp - ok

21:40:43.0019 6108        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

21:40:43.0049 6108        tunnel - ok

21:40:43.0112 6108        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

21:40:43.0122 6108        uagp35 - ok

21:40:43.0187 6108        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

21:40:43.0208 6108        udfs - ok

21:40:43.0262 6108        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

21:40:43.0271 6108        uliagpkx - ok

21:40:43.0310 6108        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

21:40:43.0322 6108        uliahci - ok

21:40:43.0352 6108        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

21:40:43.0363 6108        UlSata - ok

21:40:43.0387 6108        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

21:40:43.0397 6108        ulsata2 - ok

21:40:43.0444 6108        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

21:40:43.0492 6108        umbus - ok

21:40:43.0577 6108        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys

21:40:43.0620 6108        usbaudio - ok

21:40:43.0650 6108        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

21:40:43.0694 6108        usbccgp - ok

21:40:43.0736 6108        usbcir          (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys

21:40:43.0759 6108        usbcir - ok

21:40:43.0807 6108        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

21:40:43.0844 6108        usbehci - ok

21:40:43.0893 6108        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

21:40:43.0935 6108        usbhub - ok

21:40:43.0970 6108        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

21:40:44.0028 6108        usbohci - ok

21:40:44.0081 6108        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

21:40:44.0103 6108        usbprint - ok

21:40:44.0165 6108        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

21:40:44.0183 6108        usbscan - ok

21:40:44.0216 6108        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:40:44.0254 6108        USBSTOR - ok

21:40:44.0297 6108        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

21:40:44.0337 6108        usbuhci - ok

21:40:44.0390 6108        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

21:40:44.0435 6108        vga - ok

21:40:44.0480 6108        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

21:40:44.0502 6108        VgaSave - ok

21:40:44.0540 6108        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

21:40:44.0550 6108        viaagp - ok

21:40:44.0577 6108        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

21:40:44.0632 6108        ViaC7 - ok

21:40:44.0660 6108        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

21:40:44.0668 6108        viaide - ok

21:40:44.0738 6108        vmci            (a131387e5bfdfc27debda8428ea14173) C:\Windows\system32\Drivers\vmci.sys

21:40:44.0747 6108        vmci - ok

21:40:44.0781 6108        vmkbd           (9450172735eca807d3ae92bbc04dcb5c) C:\Windows\system32\drivers\VMkbd.sys

21:40:44.0789 6108        vmkbd - ok

21:40:44.0826 6108        VMnetAdapter    (898706a05d20b706848a440961c52436) C:\Windows\system32\DRIVERS\vmnetadapter.sys

21:40:44.0834 6108        VMnetAdapter - ok

21:40:44.0851 6108        VMnetBridge     (5692cbd2a25e04c62707bfc311884b65) C:\Windows\system32\DRIVERS\vmnetbridge.sys

21:40:44.0860 6108        VMnetBridge - ok

21:40:44.0894 6108        VMnetuserif     (7cccbc8a9be8766a32a8d26f52f9f31c) C:\Windows\system32\drivers\vmnetuserif.sys

21:40:44.0902 6108        VMnetuserif - ok

21:40:44.0949 6108        vmusb           (25017db6451b002158db425961a82b7b) C:\Windows\system32\Drivers\vmusb.sys

21:40:44.0957 6108        vmusb - ok

21:40:45.0031 6108        vmx86           (3e039755695e7a80fd0f40685ad0f73b) C:\Windows\system32\Drivers\vmx86.sys

21:40:45.0066 6108        vmx86 - ok

21:40:45.0112 6108        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

21:40:45.0120 6108        volmgr - ok

21:40:45.0157 6108        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

21:40:45.0171 6108        volmgrx - ok

21:40:45.0201 6108        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

21:40:45.0213 6108        volsnap - ok

21:40:45.0243 6108        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

21:40:45.0253 6108        vsmraid - ok

21:40:45.0324 6108        vstor2-ws60     (70652ddbb219083acda28ca0cb0d6663) C:\Program Files\VMware\VMware Player\vstor2-ws60.sys

21:40:45.0332 6108        vstor2-ws60 - ok

21:40:45.0368 6108        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

21:40:45.0423 6108        WacomPen - ok

21:40:45.0465 6108        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:40:45.0505 6108        Wanarp - ok

21:40:45.0507 6108        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

21:40:45.0525 6108        Wanarpv6 - ok

21:40:45.0556 6108        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

21:40:45.0565 6108        Wd - ok

21:40:45.0625 6108        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

21:40:45.0645 6108        Wdf01000 - ok

21:40:45.0701 6108        WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

21:40:45.0740 6108        WmiAcpi - ok

21:40:45.0787 6108        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

21:40:45.0811 6108        ws2ifsl - ok

21:40:45.0850 6108        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:40:45.0912 6108        WUDFRd - ok

21:40:45.0953 6108        MBR (0x1B8)     (8913823ff508ccf109db74b636c301da) \Device\Harddisk0\DR0

21:40:46.0273 6108        \Device\Harddisk0\DR0 - ok

21:40:46.0274 6108        MBR (0x1B8)     (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk1\DR1

21:40:46.0342 6108        \Device\Harddisk1\DR1 - ok

21:40:46.0343 6108        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

21:40:46.0846 6108        \Device\Harddisk2\DR2 - ok

21:40:46.0846 6108        Boot (0x1200)   (42c7dcc75e4c0af6b9a390f616a4edd2) \Device\Harddisk0\DR0\Partition0

21:40:46.0847 6108        \Device\Harddisk0\DR0\Partition0 - ok

21:40:46.0848 6108        Boot (0x1200)   (a15d50532b97af183d0b51272bebf9c5) \Device\Harddisk0\DR0\Partition1

21:40:46.0849 6108        \Device\Harddisk0\DR0\Partition1 - ok

21:40:46.0850 6108        Boot (0x1200)   (160f47f4d3004a4d86d9dfd80b20f147) \Device\Harddisk1\DR1\Partition0

21:40:46.0851 6108        \Device\Harddisk1\DR1\Partition0 - ok

21:40:46.0852 6108        Boot (0x1200)   (ced0df781c18df549d8ccddcb9db49a1) \Device\Harddisk2\DR2\Partition0

21:40:46.0854 6108        \Device\Harddisk2\DR2\Partition0 - ok

21:40:46.0854 6108        ============================================================

21:40:46.0854 6108        Scan finished

21:40:46.0854 6108        ============================================================

21:40:46.0856 3632        Detected object count: 1

21:40:46.0856 3632        Actual detected object count: 1

21:41:14.0319 3632        RivaTuner32 ( UnsignedFile.Multi.Generic ) - skipped by user

21:41:14.0319 3632        RivaTuner32 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Danke nochmal, dass ein Kompetenzler sich so lange um meine persönlichen PC Probleme kümmert!!

[code]
Combofix Logfile:

Code:

ComboFix 12-02-13.01 - Besitzer 14.02.2012  19:55:39.1.4 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3326.1973 [GMT 1:00]

ausgeführt von:: c:\users\Besitzer\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\facemoods.com

c:\program files\facemoods.com\facemoods\1.4.17.10\facemoods.crx

c:\program files\facemoods.com\facemoods\1.4.17.10\facemoods.png

c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsApp.dll

c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsEng.dll

c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe

c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe

c:\programdata\Microsoft\Windows\Start Menu\Programs\VirusResponse Lab 2009 2.1

c:\programdata\Microsoft\Windows\Start Menu\Programs\VirusResponse Lab 2009 2.1\VirusResponse Lab 2009 2.1.lnk

c:\programdata\xml5ACF.tmp

c:\programdata\xmlC564.tmp

c:\programdata\xmlC67E.tmp

c:\windows\bwUnin-8.1.1.50-8876480SL.exe

c:\windows\IsUn0407.exe

c:\windows\system32\AutoRun.inf

c:\windows\system32\jucheck.exe

c:\windows\system32\jusched.exe

E:\install.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-14 bis 2012-02-14  ))))))))))))))))))))))))))))))

.

.

2012-02-14 19:11 . 2012-02-14 19:12        --------        d-----w-        c:\users\Besitzer\AppData\Local\temp

2012-02-14 19:11 . 2012-02-14 19:11        --------        d-----w-        c:\users\IUSR_NMPR\AppData\Local\temp

2012-02-14 19:11 . 2012-02-14 19:11        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-14 19:11 . 2012-02-14 19:11        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2012-02-14 11:03 . 2012-01-06 04:19        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{7F426421-57C5-455B-A95A-A9361EEF3919}\mpengine.dll

2012-02-09 18:48 . 2012-02-09 18:48        --------        d-----w-        C:\_OTL

2012-02-06 20:33 . 2012-02-06 20:33        --------        d-----w-        c:\program files\ESET

2012-02-04 13:49 . 2012-02-04 13:49        --------        d-----w-        c:\users\Besitzer\AppData\Roaming\Malwarebytes

2012-02-04 13:49 . 2012-02-04 13:49        --------        d-----w-        c:\programdata\Malwarebytes

2012-02-04 13:49 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-02-04 13:49 . 2012-02-04 13:49        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-01-31 09:55 . 2011-11-17 06:48        440192        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-01-31 09:55 . 2011-11-16 16:23        278528        ----a-w-        c:\windows\system32\schannel.dll

2012-01-31 09:55 . 2011-11-16 16:23        377344        ----a-w-        c:\windows\system32\winhttp.dll

2012-01-31 09:55 . 2011-11-16 16:23        72704        ----a-w-        c:\windows\system32\secur32.dll

2012-01-31 09:55 . 2011-11-16 16:21        1259008        ----a-w-        c:\windows\system32\lsasrv.dll

2012-01-31 09:55 . 2011-11-16 14:12        9728        ----a-w-        c:\windows\system32\lsass.exe

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-26 23:21 . 2009-10-02 23:28        237072        ------w-        c:\windows\system32\MpSigStub.exe

2011-11-25 15:59 . 2012-01-12 14:47        376320        ----a-w-        c:\windows\system32\winsrv.dll

2011-11-23 13:37 . 2011-12-14 20:26        2043904        ----a-w-        c:\windows\system32\win32k.sys

2011-11-18 20:23 . 2012-01-12 14:47        1205064        ----a-w-        c:\windows\system32\ntdll.dll

2011-11-18 17:47 . 2012-01-12 14:47        66560        ----a-w-        c:\windows\system32\packager.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]

"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-08 68856]

"Steam"="c:\program files\Steam\Steam.exe" [2011-11-11 1242448]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-03-09 54680]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-12-04 665424]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-09 161336]

"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-16 296056]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

FRITZ!DSL Startcenter.lnk - c:\program files\FRITZ!DSL\StCenter.exe [2008-10-18 651264]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-8 394856]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]

2007-06-29 13:03        36864        ----a-w-        c:\program files\GameSpy\Comrade\Comrade.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

2009-03-01 10:59        172792        ----a-w-        c:\program files\ICQ6.5\ICQ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2006-12-08 16:16        65536        ----a-w-        c:\hp\KBD\KbdStub.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2007-10-25 14:33        563984        ----a-w-        c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2007-10-25 14:37        2178832        ----a-w-        c:\program files\Logitech\QuickCam\Quickcam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]

2007-02-15 11:59        118784        ----a-w-        c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2007-03-16 17:30        25268264        ----a-w-        c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-11-11 19:51        1242448        ----a-w-        c:\program files\Steam\Steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-02-08 17:49        68856        ----a-w-        c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]

2008-01-29 15:38        583048        ----a-w-        c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]

2008-10-28 22:00        64048        ----a-w-        c:\program files\VMware\VMware Player\hqtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - COMHOST

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-04 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-08 21:19]

.

2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 03:08]

.

2012-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-03 03:08]

.

2012-02-05 c:\windows\Tasks\HPCeeScheduleForBesitzer.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-11-06 15:55]

.

2012-01-23 c:\windows\Tasks\Norton Internet Security - Systemprüfung ausführen - Besitzer.job

- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-13 18:09]

.

2012-02-11 c:\windows\Tasks\Norton Security Scan for Besitzer.job

- c:\progra~1\NORTON~3\Engine\351~1.8\Nss.exe [2011-12-09 23:02]

.

2012-02-14 c:\windows\Tasks\User_Feed_Synchronization-{79E110A4-E473-4187-AE82-7C74B6077D8B}.job

- c:\windows\system32\msfeedssync.exe [2011-12-14 04:44]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

uSearchMigratedDefaultURL = 

uDefault_Search_URL = 

mStart Page = 

mSearchMigratedDefaultURL = 

mSearch Bar = 

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = 

mSearchURL = hxxp://www.Google.com/

LSP: c:\program files\VMware\VMware Player\vsocklib.dll

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\vndjk3ta.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\programdata\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe

AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe

AddRemove-FRITZ!DSL - c:\windows\IsUn0407.exe

AddRemove-{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1 - c:\program files\Uniblue\RegistryBooster 2010\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2012-02-14 20:11

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{D5068648-4046B656-06000000}_0]

"ImagePath"="\??\c:\pcdr5\pcdsrvc.pkms"

.

Zeit der Fertigstellung: 2012-02-14  20:21:09

ComboFix-quarantined-files.txt  2012-02-14 19:21

.

Vor Suchlauf: 11 Verzeichnis(se), 53.755.846.656 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 54.121.807.872 Bytes frei

.

- - End Of File - - 0C443AB08E600A4494D7F913AEA16415

--- --- ---