Trojaner-Board - Ordner sind nur noch Verknüpfungen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Ordner sind nur noch Verknüpfungen (https://www.trojaner-board.de/113245-ordner-nur-noch-verknuepfungen.html)

Ordner sind nur noch Verknüpfungen

Hallo,
auch ich habe ein Problem, bin aber leider nicht sehr versiert,was Problembehebungen am PC angeht, daher erhoffe ich mir hier Hilfe.

Problem ist folgendes: Seit vier Tagen nach normalem Herunterfahren des Laptops sind der internet-explorer sowie verschiedene Programme nur noch Verknüpfungen. Fehlermeldung: "Das Element ...exe auf das sich die Verknüpfung bezieht wurde verändert oder verschoben"..

Nach Lesen in diesem Forum habe ich mit "Malwarebytes" mal einen Suchlauf gestartet. Die Logdatei hänge ich an.

Allerdings sind die Programme immer noch nur Verknüpfungen und ich komme einfach nicht weiter. Im Voraus vielen Dank. :confused:
Susanne

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

So, jetzt habe ich das ESET durchlaufen lassen und hier die log-Datei:

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=78ad5e2e09c9364490e6ee3c3b0e2d81

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-07 04:00:31

# local_time=2012-04-07 06:00:31 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=1792 16777215 100 0 193300 193300 0 0

# compatibility_mode=5893 16776574 100 94 268994 85439040 0 0

# compatibility_mode=8192 67108863 100 0 1014 1014 0 0

# scanned=176863

# found=6

# cleaned=0

# scan_time=6582

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll        a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe        probably a variant of Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll        Win32/Toolbar.Babylon application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files\FoxTabPDFCreator\message.exe        a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I

Und die Log-Datei von Malware sieht wie folgt aus:

Code:

 Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.04.06.04
 

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

1 :: RAPHAEL-PC [Administrator]
 

07.04.2012 18:05:07

mbam-log-2012-04-07 (19-31-24).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 412384

Laufzeit: 1 Stunde(n), 1 Minute(n), 59 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 9

HKCR\CLSID\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Keine Aktion durchgeführt.

HKCR\TypeLib\{DFB4667B-5304-4CD5-B494-2742ACD99212} (Adware.ToolBar) -> Keine Aktion durchgeführt.

HKCR\CLSID\{7914D9F0-DD27-4260-9BC1-AE01834B77CA} (Adware.ToolBar) -> Keine Aktion durchgeführt.

HKCR\ToolBand.XTTBPos00.1 (Adware.ToolBar) -> Keine Aktion durchgeführt.

HKCR\ToolBand.XTTBPos00 (Adware.ToolBar) -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7914D9F0-DD27-4260-9BC1-AE01834B77CA} (Adware.ToolBar) -> Keine Aktion durchgeführt.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7914D9F0-DD27-4260-9BC1-AE01834B77CA} (Adware.ToolBar) -> Keine Aktion durchgeführt.

HKCR\XTTB00001.XTTB00001.1 (Adware.ToolBar) -> Keine Aktion durchgeführt.

HKCR\XTTB00001.XTTB00001 (Adware.ToolBar) -> Keine Aktion durchgeführt.
 

Infizierte Registrierungswerte: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Daten:  -> Keine Aktion durchgeführt.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} (Adware.ToolBar) -> Daten:  -> Keine Aktion durchgeführt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)

So, das waren die beiden Log-Dateien mit der Bitte um Hilfe.
Danke wieder im Voraus :abklatsch:

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Das habe ich jetzt auch gemacht, aber leider hat es nicht geholfen. :heulen:

Hier die Log-Datei:

Code:

 Unhide by Lawrence Abrams (Grinler)

hxxp://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Unhide.exe can be found at this link:

  hxxp://www.bleepingcomputer.com/forums/topic405109.html
 

Program started at: 04/08/2012 07:56:25 AM

Windows Version: Windows 7
 

Please be patient while your files are made visible again.
 

Processing the C:\ drive

Finished processing the C:\ drive. 209615 files processed.
 

Processing the D:\ drive

Finished processing the D:\ drive. 8129 files processed.
 

The C:\Users\1\AppData\Local\Temp\smtmp\ folder does not exist!!

Unhide cannot restore your missing shortcuts!!

Please see this topic in order to learn how to restore default

Start Menu shortcuts: hxxp://www.bleepingcomputer.com/forums/topic405109.html
 

Searching for Windows Registry changes made by FakeHDD rogues.

 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

No registry changes detected.
 

Restarting Explorer.exe in order to apply changes.
 

Program finished at: 04/08/2012 08:00:33 AM

Execution time: 0 hours(s), 4 minute(s), and 7 seconds(s)

Und nun??? :confused:

Gruß, Susanne

Vermisst du denn irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Oder meintest du: auf einem USB-Stick oder einer externen Platte sind die Ordner nur noch Verküpfungen?

Stimmt, vielleicht habe ich mich auch missverständlich ausgedrückt. Also, wenn ich auf dem Desktop den Verknüpfungs-Button eines Programms öffne, dann kommt die Meldung: "Das Element, auf das sich die Verknüpfung bezieht usw"..

Auch beim blauen e für den internet-explorer in der Taskleiste ist es dasselbe Problem.

Auch lassen sich diese Programme (z. B. Spiele, Office, internet-explorer) über Start-Programme nicht mehr öffnen. Auch dort stellt sich das Ganze nur noch als Verknüpfung dar. Die Verknüpfungen zeigen auch kein Bild mehr sondern nur dieses weiße Blatt... :lmaa:

Hoffe, das war einigermaßen verständlich.:crazy:

PS. Am besten schmeiß ich den Laptop einfach in die Tonne...:headbang:

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

erledigt. Hier das Ergebnis:

Code:

 OTL logfile created on: 4/8/2012 6:21:01 PM - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\1\Downloads

 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2.87 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 69.03% Memory free

5.73 Gb Paging File | 4.59 Gb Available in Paging File | 80.08% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 424.66 Gb Total Space | 390.65 Gb Free Space | 91.99% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 20.41 Gb Free Space | 51.03% Space Free | Partition Type: NTFS

 

Computer Name: RAPHAEL-PC | User Name: 1 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012/04/08 18:19:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\1\Downloads\OTL.exe

PRC - [2011/12/23 13:07:20 | 000,881,144 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.Messengers.exe

PRC - [2011/12/23 13:07:20 | 000,445,416 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.exe

PRC - [2011/12/15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011/12/15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/12/15 14:59:40 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011/12/15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/12/15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/06/15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/05/18 10:45:00 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/04/23 16:53:10 | 001,423,904 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2006/10/23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe

PRC - [2006/09/26 02:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1333650196\ee\aolsoftware.exe

 

 
 ========== Modules (No Company Name) ==========

Gruß, Susanne

Also das Log ist unvollstöndig

Sorry, hier nochmal:

OTL Logfile:

Code:

OTL logfile created on: 4/9/2012 7:10:45 AM - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\1\Downloads

 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2.87 Gb Total Physical Memory | 1.63 Gb Available Physical Memory | 57.04% Memory free

5.73 Gb Paging File | 4.30 Gb Available in Paging File | 75.06% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 424.66 Gb Total Space | 391.46 Gb Free Space | 92.18% Space Free | Partition Type: NTFS

Drive D: | 40.00 Gb Total Space | 20.41 Gb Free Space | 51.03% Space Free | Partition Type: NTFS

 

Computer Name: RAPHAEL-PC | User Name: 1 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012/04/08 18:19:02 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\1\Downloads\OTL.exe

PRC - [2011/12/23 13:07:20 | 000,881,144 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.Messengers.exe

PRC - [2011/12/23 13:07:20 | 000,445,416 | ---- | M] (Iminent) -- C:\Program Files\Iminent\Iminent.exe

PRC - [2011/12/15 15:00:00 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011/12/15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2011/12/15 14:59:40 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011/12/15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/12/15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE

PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/06/15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/05/18 10:45:00 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/04/23 16:53:10 | 001,423,904 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe

PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/07/14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2006/10/23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe

PRC - [2006/09/26 02:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\aol\1333650196\ee\aolsoftware.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012/04/07 09:32:35 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\d3ab00af09cebaa9eeef352712b6f6bf\WindowsFormsIntegration.ni.dll

MOD - [2012/04/07 09:31:15 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\caa7dd69e03dada6747085a5f2d4fb0c\PresentationFramework.Aero.ni.dll

MOD - [2012/04/07 09:30:51 | 014,322,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\9e58e5346c3d0c341258f7c276a99121\PresentationFramework.ni.dll

MOD - [2012/04/07 09:25:06 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74f3fc09a810d9b704a80ee8c18d9d04\PresentationCore.ni.dll

MOD - [2012/04/07 09:24:55 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3c0fbe23fa37ca50fea3dbe200b40f7a\WindowsBase.ni.dll

MOD - [2012/04/07 09:24:45 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\b1a619266964bede98b18ef83eb1c559\System.Core.ni.dll

MOD - [2012/04/06 21:13:16 | 001,072,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1fe7db1174c0c3269ce34d949e201ad0\System.IdentityModel.ni.dll

MOD - [2012/04/06 21:13:15 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\86d34fbd2a7c582105eb53cbbd55c29e\System.Runtime.Serialization.ni.dll

MOD - [2012/04/06 21:13:13 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9de488bf62eebca425759ea94d9a70e8\SMDiagnostics.ni.dll

MOD - [2012/04/06 21:13:11 | 017,400,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\5a355674c42773b646b5238853a2015d\System.ServiceModel.ni.dll

MOD - [2012/04/06 21:12:35 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\69cfb623bd8b1bc7dbad276f82019dcb\System.Configuration.Install.ni.dll

MOD - [2012/04/06 21:12:11 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ee24fe21a061801bb923bdc23c96388d\System.Web.Services.ni.dll

MOD - [2012/04/06 21:12:08 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7e94064464380c8a5d7315c8b5d312aa\System.EnterpriseServices.ni.dll

MOD - [2012/04/06 21:12:07 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\935ac020241e59cab3287d5eb38c592d\System.Data.ni.dll

MOD - [2012/04/06 21:12:07 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c744f0f95227e75796b8689801740d4b\System.Transactions.ni.dll

MOD - [2012/04/06 21:12:02 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\064483cd86ddba6c78dd32732f6fd351\System.Web.ni.dll

MOD - [2012/04/06 21:11:47 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f92c882fd4e7005c005e208daa04c28d\System.Windows.Forms.ni.dll

MOD - [2012/04/06 21:11:31 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll

MOD - [2012/04/06 21:10:51 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll

MOD - [2012/04/06 21:10:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4be2653d1c9804d2ff6e6b66d22764e1\System.Configuration.ni.dll

MOD - [2012/04/06 21:10:33 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll

MOD - [2012/04/06 21:10:25 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll

MOD - [2011/12/23 13:07:28 | 000,910,840 | ---- | M] () -- C:\Program Files\Iminent\System.Data.SQLite.dll

MOD - [2011/12/23 13:07:26 | 000,204,280 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Workflow.dll

MOD - [2011/12/23 13:07:26 | 000,067,576 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Windows.dll

MOD - [2011/12/23 13:07:22 | 006,273,016 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Mediator.ActivePlayers.dll

MOD - [2011/12/23 13:07:22 | 001,524,728 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Services.dll

MOD - [2011/12/23 13:07:22 | 000,587,256 | ---- | M] () -- C:\Program Files\Iminent\Iminent.Booster.UI.dll

MOD - [2011/12/23 13:04:48 | 000,005,632 | ---- | M] () -- C:\Program Files\Iminent\de\Iminent.Booster.UI.resources.dll

MOD - [2010/05/18 08:49:42 | 000,487,424 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel.resources\3.0.0.0_de_b77a5c561934e089\System.ServiceModel.resources.dll

MOD - [2010/05/18 08:49:42 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll

MOD - [2010/05/18 08:49:42 | 000,005,120 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics.resources\3.0.0.0_de_b77a5c561934e089\SMDiagnostics.resources.dll

MOD - [2010/05/18 08:49:31 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll

MOD - [2010/05/18 08:49:26 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010/05/18 08:49:26 | 000,208,896 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll

MOD - [2009/06/10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MOD - [2009/06/10 23:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)

SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)

SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem) Google Update-Dienst (gupdatem)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate) Google Update Service (gupdate)

SRV - File not found [Auto | Stopped] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)

SRV - [2011/12/15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/12/15 14:59:40 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)

SRV - [2011/12/15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011/06/15 14:21:18 | 000,119,296 | ---- | M] () [On_Demand | Stopped] -- C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{6339663B-F26F-4FE3-B813-0E1DEC4ED976}\Installer\InstallerService.exe -- (Installer Service)

SRV - [2011/04/27 16:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2006/10/23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe -- (AOL ACS)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\1\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - [2012/04/05 20:29:11 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011/12/15 16:00:00 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011/12/15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011/04/27 16:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/04/18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/12/02 12:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)

DRV - [2010/12/02 12:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)

DRV - [2010/12/02 12:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)

DRV - [2010/12/02 12:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)

DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/05/24 15:46:34 | 000,193,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2010/03/04 17:53:08 | 000,067,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)

DRV - [2010/03/02 13:24:58 | 001,006,624 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)

DRV - [2010/02/27 05:01:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

DRV - [2010/02/03 19:06:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)

DRV - [2009/09/18 04:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)

DRV - [2009/07/14 01:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)

DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/07/14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2006/11/30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=hxxp://www.t-online.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=hxxp://www.t-online.de

IE - HKLM\..\URLSearchHook: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - No CLSID value found

IE - HKLM\..\SearchScopes,DefaultScope = {47E77625-08E9-4EFF-911F-C907A0CB9D92}

IE - HKLM\..\SearchScopes\{47E77625-08E9-4EFF-911F-C907A0CB9D92}: "URL" = hxxp://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}

IE - HKLM\..\SearchScopes\{669E80F5-6961-40A7-8EA0-278304916F46}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKLM\..\SearchScopes\{A094BB5E-A51A-4618-8792-DF13770462FB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=hxxp://www.t-online.de

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110000&tt=050412_30b&babsrc=HP_ss&mntrId=947725b800000000000074f06d0acfa9

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110000&tt=050412_30b&babsrc=SP_ss&mntrId=947725b800000000000074f06d0acfa9

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{3E1290B3-17F7-4E47-8CBB-EFA81E938478}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{4E02A3BC-752D-4C27-90E2-471ED009561B}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE404

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{E066E1BA-DC47-4D2D-99F1-176DA84E52DE}: "URL" = hxxp://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_Prot"

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=110000&tt=050412_30b&babsrc=KW_ss&mntrId=947725b800000000000074f06d0acfa9&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll File not found

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/05 22:07:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2012/04/05 22:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\mozilla\Extensions

[2012/04/06 15:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions

[2012/04/05 22:08:43 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

[2012/04/06 15:48:10 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com

[2012/04/06 16:05:46 | 000,002,270 | ---- | M] () -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\0w6fh3ay.default\searchplugins\SearchTheWeb.xml

[2012/04/05 22:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/04/05 22:08:36 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com

[2012/03/13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/03/13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012/04/06 15:47:41 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2012/03/13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/03/13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010/03/10 17:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2012/03/13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011/12/23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml

[2012/03/13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012/03/13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (XTTBPos00 Class) - {7914D9F0-DD27-4260-9BC1-AE01834B77CA} - C:\Program Files\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll (Deutsche Telekom AG)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found

O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll File not found

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O3 - HKLM\..\Toolbar: (T-Online Toolbar 2.0) - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll (Deutsche Telekom AG)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O3 - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1333650196\ee\aolsoftware.exe (America Online, Inc.)

O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)

O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-624593965-2576039730-854600147-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Program Files\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()

O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O15 - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{010B9879-A692-401A-AE4C-02616152CCA3}: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^Users^Raphael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Alarm.lnk -  - File not found

MsConfig - StartUpReg: Nokia FastStart - hkey= - key= - C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe (Nokia)

MsConfig - StartUpReg: NokiaMServer - hkey= - key= -  File not found

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {BC44F053-C22D-4BEF-B9FB-3CD538460A65} - T-Online Toolbar

ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{FD1C598E-2292-4FEE-A62E-D9E7214B1C61} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/04/08 13:06:02 | 000,000,000 | ---D | C] -- C:\7c98a69f12a8cb291aa47f6af8

[2012/04/08 04:50:18 | 000,000,000 | ---D | C] -- C:\Users\1\Desktop\Homanit

[2012/04/07 15:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/04/07 04:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012/04/06 16:41:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/04/06 16:40:59 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/04/06 16:40:59 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\temp

[2012/04/06 16:28:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/04/06 16:28:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/04/06 16:28:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/04/06 16:27:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012/04/06 16:22:51 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/04/06 15:53:02 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Malwarebytes

[2012/04/06 15:52:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/06 15:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/04/06 15:52:52 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/04/06 15:52:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/04/06 15:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator

[2012/04/06 15:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\GPLGS

[2012/04/06 15:47:45 | 000,000,000 | ---D | C] -- C:\Program1

[2012/04/06 15:47:42 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabPDFCreator

[2012/04/05 22:09:03 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Iminent

[2012/04/05 22:08:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent

[2012/04/05 22:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\IMinent Toolbar

[2012/04/05 22:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent

[2012/04/05 22:08:13 | 000,000,000 | ---D | C] -- C:\Program Files\Iminent

[2012/04/05 22:07:10 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Mozilla

[2012/04/05 22:07:10 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\Mozilla

[2012/04/05 22:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared

[2012/04/05 22:04:17 | 000,825,312 | ---- | C] (Iminent) -- C:\Users\1\Desktop\IminentSetup_2-KFRPtAWP-1_.exe

[2012/04/05 20:25:33 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\AOL

[2012/04/05 20:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia

[2012/04/05 20:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft

[2012/04/05 20:25:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL

[2012/04/05 20:24:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint

[2012/04/05 20:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint

[2012/04/05 20:24:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AOL Downloads

[2012/04/05 20:24:23 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\AOL

[2012/04/05 20:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\AOL

[2012/04/05 20:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare

[2012/04/05 20:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.0 VR

[2012/04/05 20:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL

[2012/04/05 20:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aol

[2012/04/05 20:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar

[2012/04/05 20:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads

[2012/04/05 20:12:34 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Babylon

[2012/04/05 20:12:34 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\Babylon

[2012/04/05 20:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012/04/05 20:04:50 | 000,000,000 | ---D | C] -- C:\Medion

[2012/04/05 20:03:28 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\XTTB00001

[2012/04/05 19:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\T-Online

[2012/04/05 19:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer

[2012/04/05 10:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2012/04/05 10:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2012/04/04 13:49:19 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\Microsoft Corporation

[2012/04/04 12:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files

[2012/04/03 18:18:05 | 000,000,000 | ---D | C] -- C:\Intel

[2012/04/03 15:52:39 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\MigWiz

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/04/09 07:12:25 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/09 07:12:25 | 000,009,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/09 07:09:30 | 000,704,694 | ---- | M] () -- C:\Windows\System32\perfh00C.dat

[2012/04/09 07:09:30 | 000,703,718 | ---- | M] () -- C:\Windows\System32\perfh00A.dat

[2012/04/09 07:09:30 | 000,701,456 | ---- | M] () -- C:\Windows\System32\perfh013.dat

[2012/04/09 07:09:30 | 000,699,990 | ---- | M] () -- C:\Windows\System32\perfh015.dat

[2012/04/09 07:09:30 | 000,699,372 | ---- | M] () -- C:\Windows\System32\perfh010.dat

[2012/04/09 07:09:30 | 000,689,606 | ---- | M] () -- C:\Windows\System32\prfh0816.dat

[2012/04/09 07:09:30 | 000,664,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012/04/09 07:09:30 | 000,626,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/04/09 07:09:30 | 000,620,466 | ---- | M] () -- C:\Windows\System32\perfh01F.dat

[2012/04/09 07:09:30 | 000,562,034 | ---- | M] () -- C:\Windows\System32\perfh008.dat

[2012/04/09 07:09:30 | 000,141,356 | ---- | M] () -- C:\Windows\System32\perfc00A.dat

[2012/04/09 07:09:30 | 000,139,134 | ---- | M] () -- C:\Windows\System32\perfc015.dat

[2012/04/09 07:09:30 | 000,138,046 | ---- | M] () -- C:\Windows\System32\prfc0816.dat

[2012/04/09 07:09:30 | 000,137,234 | ---- | M] () -- C:\Windows\System32\perfc013.dat

[2012/04/09 07:09:30 | 000,134,434 | ---- | M] () -- C:\Windows\System32\perfc00C.dat

[2012/04/09 07:09:30 | 000,134,300 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012/04/09 07:09:30 | 000,131,438 | ---- | M] () -- C:\Windows\System32\perfc010.dat

[2012/04/09 07:09:30 | 000,125,820 | ---- | M] () -- C:\Windows\System32\perfc01F.dat

[2012/04/09 07:09:30 | 000,110,682 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/04/09 07:09:30 | 000,093,730 | ---- | M] () -- C:\Windows\System32\perfc008.dat

[2012/04/09 07:04:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/09 07:04:49 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/07 04:22:20 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/04/06 17:05:16 | 000,000,134 | ---- | M] () -- C:\Users\1\Desktop\Internet Explorer-Problembehebung.url

[2012/04/06 15:52:57 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/06 15:47:50 | 000,001,743 | ---- | M] () -- C:\user.js

[2012/04/05 22:08:35 | 000,000,596 | ---- | M] () -- C:\Windows\System32\InstallUtil.InstallLog

[2012/04/05 22:07:04 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/04/05 22:06:04 | 000,825,312 | ---- | M] (Iminent) -- C:\Users\1\Desktop\IminentSetup_2-KFRPtAWP-1_.exe

[2012/04/05 20:57:39 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk

[2012/04/05 20:29:11 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2012/04/05 20:25:31 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\AOL 9.0 VR.lnk

[2012/04/05 20:20:42 | 000,000,335 | ---- | M] () -- C:\Windows\nsreg.dat

[2012/04/05 14:21:28 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml

[2012/04/05 14:21:28 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml

[2012/04/05 10:29:20 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

[2012/04/04 11:22:13 | 000,000,002 | ---- | M] () -- C:\$UpgDrv$

[2012/04/03 16:17:01 | 000,297,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/04/03 09:04:52 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2012/04/01 11:32:25 | 000,061,630 | ---- | M] () -- C:\Users\1\Desktop\Eros.jpg

[2012/03/23 23:20:34 | 000,026,817 | ---- | M] () -- C:\Users\1\Desktop\536791_324771840917012_100001525950660_908530_1758825167_n.jpg

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/04/07 04:22:20 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012/04/06 16:28:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/04/06 16:28:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/04/06 16:28:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/04/06 16:28:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/04/06 16:28:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/04/06 15:52:57 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/06 15:47:47 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32i.dll

[2012/04/05 22:08:30 | 000,000,596 | ---- | C] () -- C:\Windows\System32\InstallUtil.InstallLog

[2012/04/05 22:07:04 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/04/05 22:07:04 | 000,001,052 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/04/05 20:53:09 | 000,000,134 | ---- | C] () -- C:\Users\1\Desktop\Internet Explorer-Problembehebung.url

[2012/04/05 20:25:31 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\AOL 9.0 VR.lnk

[2012/04/05 20:20:42 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat

[2012/04/05 20:12:42 | 000,001,743 | ---- | C] () -- C:\user.js

[2012/04/05 14:16:29 | 2307,862,528 | -HS- | C] () -- C:\hiberfil.sys

[2012/04/03 17:14:47 | 000,000,002 | ---- | C] () -- C:\$UpgDrv$

[2012/04/03 16:16:43 | 000,297,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/04/01 17:10:41 | 000,061,630 | ---- | C] () -- C:\Users\1\Desktop\Eros.jpg

[2012/03/25 08:29:00 | 000,026,817 | ---- | C] () -- C:\Users\1\Desktop\536791_324771840917012_100001525950660_908530_1758825167_n.jpg

[2010/09/05 12:31:22 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2010/06/29 01:38:29 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe

[2010/06/29 01:28:10 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2010/06/28 17:46:27 | 000,072,017 | ---- | C] () -- C:\Windows\System32\Uninstall ALDI SÜD Mah Jong.exe

[2010/06/28 15:06:08 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

[2010/06/28 15:06:08 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

[2010/06/28 15:06:07 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

[2010/06/28 15:06:07 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

[2010/06/28 15:06:07 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

[2010/06/28 15:06:06 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin

[2010/06/28 15:06:06 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

[2010/05/18 09:56:46 | 000,620,466 | ---- | C] () -- C:\Windows\System32\perfh01F.dat

[2010/05/18 09:56:46 | 000,285,034 | ---- | C] () -- C:\Windows\System32\perfi01F.dat

[2010/05/18 09:56:46 | 000,125,820 | ---- | C] () -- C:\Windows\System32\perfc01F.dat

[2010/05/18 09:56:46 | 000,037,160 | ---- | C] () -- C:\Windows\System32\perfd01F.dat

[2010/05/18 09:38:32 | 000,689,606 | ---- | C] () -- C:\Windows\System32\prfh0816.dat

[2010/05/18 09:38:32 | 000,336,656 | ---- | C] () -- C:\Windows\System32\prfi0816.dat

[2010/05/18 09:38:32 | 000,138,046 | ---- | C] () -- C:\Windows\System32\prfc0816.dat

[2010/05/18 09:38:32 | 000,040,548 | ---- | C] () -- C:\Windows\System32\prfd0816.dat

[2010/05/18 09:33:21 | 000,699,990 | ---- | C] () -- C:\Windows\System32\perfh015.dat

[2010/05/18 09:33:21 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat

[2010/05/18 09:33:21 | 000,139,134 | ---- | C] () -- C:\Windows\System32\perfc015.dat

[2010/05/18 09:33:21 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat

[2010/05/18 09:28:13 | 000,701,456 | ---- | C] () -- C:\Windows\System32\perfh013.dat

[2010/05/18 09:28:13 | 000,341,322 | ---- | C] () -- C:\Windows\System32\perfi013.dat

[2010/05/18 09:28:13 | 000,137,234 | ---- | C] () -- C:\Windows\System32\perfc013.dat

[2010/05/18 09:28:13 | 000,043,068 | ---- | C] () -- C:\Windows\System32\perfd013.dat

[2010/05/18 09:17:53 | 000,699,372 | ---- | C] () -- C:\Windows\System32\perfh010.dat

[2010/05/18 09:17:53 | 000,335,478 | ---- | C] () -- C:\Windows\System32\perfi010.dat

[2010/05/18 09:17:53 | 000,131,438 | ---- | C] () -- C:\Windows\System32\perfc010.dat

[2010/05/18 09:17:53 | 000,037,534 | ---- | C] () -- C:\Windows\System32\perfd010.dat

[2010/05/18 09:08:39 | 000,704,694 | ---- | C] () -- C:\Windows\System32\perfh00C.dat

[2010/05/18 09:08:39 | 000,344,522 | ---- | C] () -- C:\Windows\System32\perfi00C.dat

[2010/05/18 09:08:39 | 000,134,434 | ---- | C] () -- C:\Windows\System32\perfc00C.dat

[2010/05/18 09:08:39 | 000,038,160 | ---- | C] () -- C:\Windows\System32\perfd00C.dat

[2010/05/18 08:59:45 | 000,703,718 | ---- | C] () -- C:\Windows\System32\perfh00A.dat

[2010/05/18 08:59:45 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat

[2010/05/18 08:59:45 | 000,141,356 | ---- | C] () -- C:\Windows\System32\perfc00A.dat

[2010/05/18 08:59:45 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat

[2010/05/18 08:54:41 | 000,562,034 | ---- | C] () -- C:\Windows\System32\perfh008.dat

[2010/05/18 08:54:41 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat

[2010/05/18 08:54:41 | 000,093,730 | ---- | C] () -- C:\Windows\System32\perfc008.dat

[2010/05/18 08:54:41 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat

[2010/05/18 08:50:33 | 000,664,430 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2010/05/18 08:50:33 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2010/05/18 08:50:33 | 000,134,300 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2010/05/18 08:50:33 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

 
 ========== LOP Check ==========

 

[2012/02/15 11:22:06 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\ATViewer

[2012/04/05 20:12:34 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Babylon

[2012/04/04 13:27:01 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Baumaschinen Simulator 2011

[2012/04/05 22:09:03 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Iminent

[2012/04/05 22:07:24 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\TP

[2011/11/23 01:07:50 | 000,000,000 | ---D | M] -- C:\Users\Susanne\AppData\Roaming\Ashampoo

[2012/04/04 13:27:22 | 000,000,000 | ---D | M] -- C:\Users\Susanne\AppData\Roaming\Baumaschinen Simulator 2011

[2011/09/03 18:37:52 | 000,000,000 | ---D | M] -- C:\Users\Susanne\AppData\Roaming\PC Suite

[2012/04/05 09:32:17 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011/12/29 06:38:56 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Adobe

[2012/04/05 20:25:33 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\AOL

[2012/02/15 11:22:06 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\ATViewer

[2011/12/23 13:24:21 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Avira

[2012/04/05 20:12:34 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Babylon

[2012/04/04 13:27:01 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Baumaschinen Simulator 2011

[2011/12/31 08:37:54 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Corel

[2011/12/17 08:41:43 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\CyberLink

[2011/12/23 18:41:36 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Google

[2011/12/17 08:37:52 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Identities

[2012/04/05 22:09:03 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Iminent

[2011/12/20 08:16:28 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Macromedia

[2012/04/06 15:53:02 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Malwarebytes

[2009/07/14 09:48:18 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Media Center Programs

[2012/02/13 19:56:32 | 000,000,000 | --SD | M] -- C:\Users\1\AppData\Roaming\Microsoft

[2012/04/05 22:07:10 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\Mozilla

[2012/04/05 22:07:24 | 000,000,000 | ---D | M] -- C:\Users\1\AppData\Roaming\TP

 
 < %APPDATA%\*.exe /s >

[2010/03/05 17:49:50 | 000,197,632 | ---- | M] () -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6\TbHelper2.exe

[2010/03/12 18:45:00 | 000,042,496 | ---- | M] () -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6\uninstall.exe

[2010/03/12 18:45:00 | 000,056,832 | ---- | M] () -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6\update.exe

[2010/03/19 13:04:44 | 000,152,664 | ---- | M] () -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components\setup_widget_serv.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys

[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys

[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys

[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys

[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\drivers\iaStor.sys

[2010/03/04 04:33:26 | 000,435,736 | ---- | M] (Intel Corporation) MD5=26541A068572F650A2FA490726FE81BE -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_e8a55be84650e755\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys

[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys

[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll

[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll

[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys

[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys

[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll

[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll

[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll

[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll

[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe

[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe

[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010/05/18 10:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe

[2010/05/18 10:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe

[2010/05/18 10:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2010/05/18 10:45:00 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2011/04/18 14:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 

< End of report >

--- --- ---

Gruß, Susanne

Zitat:

[2012/04/06 16:28:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/06 16:28:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/06 16:28:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/06 16:27:54 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/06 16:22:51 | 000,000,000 | ---D | C] -- C:\Qoobox

Warum führt du Combofix OHNE ANWEISUNG mal einfach so aus? Sind die Hinweise hier nicht deutlich genug?
Wo ist das Log dazu?

Zitat:

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Weil ich dachte, dass ich es so hinbekomme. Danke trotzdem für die nette Hilfe.

Gruß, Susanne

Also dachtest du der deutlich Hinweis wäre nur reine Dekopration oder was? :confused: :balla:
Wo ist denn nun das Log?

Nein, das dachte ich nicht!!!

Um genau zu sein, habe ich die Suche nach der Fehlermeldung bei google durchgeführt und bin so auf einen Beitrag in diesem Forum gestoßen.... Dann habe ich das gemacht, was dort stand. Den Warnhinweis habe ich erst viel später gelesen. Hätte ich ihn vorher gelesen, hätte ich das auch nicht gemacht!!! Bin zwar nur Justizbeamtin, aber so blöd dann doch nicht! :sleepy:

Die Log-datei finde ich auch nicht mehr auf dem Pc, so dass ich sie hier nicht posten kann.

Falls das jetzt ein großes Problem ist, dass ich dieses Combo-Fix ausgeführt habe, tut es mir leid, aber ich kann es nicht mehr ändern.

Gruß, Susanne

Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Hoffe, erfolgreich erledigt.

Gruß, Susanne

Wieso als "catchme.zip" :wtf:
Ging der Ordner Qoobox nicht komplett?

erledigt... bin aber auch ein Dummerle :headbang:

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Unkenntlichgemachte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=http://www.t-online.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=http://www.t-online.de

IE - HKLM\..\URLSearchHook: {0e3dbc69-a682-48da-84e1-82c63a5d678e} - No CLSID value found

IE - HKLM\..\SearchScopes,DefaultScope = {47E77625-08E9-4EFF-911F-C907A0CB9D92}

IE - HKLM\..\SearchScopes\{47E77625-08E9-4EFF-911F-C907A0CB9D92}: "URL" = http://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}

IE - HKLM\..\SearchScopes\{A094BB5E-A51A-4618-8792-DF13770462FB}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://intern.passul.t-online.de/cgi-bin/CP/00000000;/Themen/CPM/Browser/ie7-start.html?l=http://www.t-online.de

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110000&tt=050412_30b&babsrc=HP_ss&mntrId=947725b800000000000074f06d0acfa9

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes,DefaultScope = {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110000&tt=050412_30b&babsrc=SP_ss&mntrId=947725b800000000000074f06d0acfa9

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://suche.aol.de/suche/web/search.jsp?q={searchTerms}

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{4E02A3BC-752D-4C27-90E2-471ED009561B}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}

IE - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\SearchScopes\{E066E1BA-DC47-4D2D-99F1-176DA84E52DE}: "URL" = http://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"

FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?babsrc=HP_Prot"

FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=110000&tt=050412_30b&babsrc=KW_ss&mntrId=947725b800000000000074f06d0acfa9&q="

[2012/04/05 22:08:43 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}

[2012/04/06 15:48:10 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com

[2012/04/06 16:05:46 | 000,002,270 | ---- | M] () -- C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\0w6fh3ay.default\searchplugins\SearchTheWeb.xml

[2012/04/05 22:08:36 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com

[2012/04/06 15:47:41 | 000,002,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

[2010/03/10 17:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2011/12/23 13:02:16 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File not found

O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)

O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (XTTBPos00 Class) - {7914D9F0-DD27-4260-9BC1-AE01834B77CA} - C:\Program Files\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll (Deutsche Telekom AG)

O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found

O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll File not found

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O3 - HKLM\..\Toolbar: (T-Online Toolbar 2.0) - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll (Deutsche Telekom AG)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O3 - HKU\S-1-5-21-624593965-2576039730-854600147-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1333650196\ee\aolsoftware.exe (America Online, Inc.)

O4 - HKLM..\Run: [Iminent] C:\Program Files\Iminent\Iminent.exe (Iminent)

O4 - HKLM..\Run: [IminentMessenger] C:\Program Files\Iminent\Iminent.Messengers.exe (Iminent)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-624593965-2576039730-854600147-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

MsConfig - StartUpFolder: C:^Users^Raphael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Alarm.lnk -  - File not found

[2012/04/08 13:06:02 | 000,000,000 | ---D | C] -- C:\7c98a69f12a8cb291aa47f6af8

[2012/04/05 22:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\IMinent Toolbar

[2012/04/05 22:04:17 | 000,825,312 | ---- | C] (Iminent) -- C:\Users\1\Desktop\IminentSetup_2-KFRPtAWP-1_.exe

[2012/04/05 20:12:42 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar

[2012/04/05 20:12:34 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Roaming\Babylon

[2012/04/05 20:12:34 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\Babylon

[2012/04/05 20:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon

[2012/04/05 20:03:28 | 000,000,000 | ---D | C] -- C:\Users\1\AppData\Local\XTTB00001

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo,
habe es so drüber laufen lassen, Computer wurde neu gestartet und es kam auch ein Fenster mit "ok". Allerdings kam dann keine Log-Datei, die ich hätte posten können. Habe ich schon wieder was falsch gemacht?
Gruß Susanne

Schau nach in den Ordner C:\_OTL

Ah, danke, habs gefunden:

Code:

 All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0e3dbc69-a682-48da-84e1-82c63a5d678e} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e3dbc69-a682-48da-84e1-82c63a5d678e}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{47E77625-08E9-4EFF-911F-C907A0CB9D92}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47E77625-08E9-4EFF-911F-C907A0CB9D92}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A094BB5E-A51A-4618-8792-DF13770462FB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A094BB5E-A51A-4618-8792-DF13770462FB}\ not found.

HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\First Home Page| /E : value set successfully!

HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!

HKU\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.

Registry key HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\SearchScopes\{4E02A3BC-752D-4C27-90E2-471ED009561B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E02A3BC-752D-4C27-90E2-471ED009561B}\ not found.

Registry key HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.

Registry key HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\SearchScopes\{E066E1BA-DC47-4D2D-99F1-176DA84E52DE}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E066E1BA-DC47-4D2D-99F1-176DA84E52DE}\ not found.

Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename

Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1

Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine

Prefs.js: "hxxp://search.babylon.com/?babsrc=HP_Prot" removed from browser.startup.homepage

Prefs.js: "hxxp://search.babylon.com/?affID=110000&tt=050412_30b&babsrc=KW_ss&mntrId=947725b800000000000074f06d0acfa9&q=" removed from keyword.URL

C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components folder moved successfully.

C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6 folder moved successfully.

C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content folder moved successfully.

C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome folder moved successfully.

C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} folder moved successfully.

C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.

C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.

C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.

C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.

C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.

C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.

C:\Users\1\AppData\Roaming\mozilla\Firefox\Profiles\0w6fh3ay.default\extensions\ffxtlbr@babylon.com folder moved successfully.

C:\Users\1\AppData\Roaming\Mozilla\Firefox\Profiles\0w6fh3ay.default\searchplugins\SearchTheWeb.xml moved successfully.

C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com\defaults\preferences folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com\defaults folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com\components_20 folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com\components folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com\chrome\content folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com\chrome folder moved successfully.

C:\Program Files\Mozilla Firefox\extensions\webbooster@iminent.com folder moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.

C:\Program Files\Mozilla Firefox\searchplugins\SearchTheWeb.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026}\ deleted successfully.

C:\Program Files\IMinent Toolbar\tbcore3.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7914D9F0-DD27-4260-9BC1-AE01834B77CA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7914D9F0-DD27-4260-9BC1-AE01834B77CA}\ deleted successfully.

C:\Program Files\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.

C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}\ deleted successfully.

C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25F97EB4-1C02-45BA-BA0C-E67AACE64D4A}\ deleted successfully.

File Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.

File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}\ deleted successfully.

File C:\Program Files\IMinent Toolbar\tbcore3.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.

File C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll not found.

Registry value HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HostManager deleted successfully.

C:\Program Files\Common Files\aol\1333650196\ee\aolsoftware.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Iminent deleted successfully.

C:\Program Files\Iminent\Iminent.exe moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IminentMessenger deleted successfully.

C:\Program Files\Iminent\Iminent.Messengers.exe moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoMSAppLogo5ChannelNotify deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoToolbarCustomize deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-624593965-2576039730-854600147-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Users^Raphael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Game Alarm.lnk\ deleted successfully.

C:\Windows\pss\Game Alarm.lnk.Startup moved successfully.

C:\7c98a69f12a8cb291aa47f6af8 folder moved successfully.

C:\Program Files\IMinent Toolbar folder moved successfully.

C:\Users\1\Desktop\IminentSetup_2-KFRPtAWP-1_.exe moved successfully.

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.

C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.

C:\Program Files\BabylonToolbar\BabylonToolbar folder moved successfully.

C:\Users\1\AppData\Roaming\Babylon folder moved successfully.

C:\Users\1\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.

C:\Users\1\AppData\Local\Babylon\Setup folder moved successfully.

C:\Users\1\AppData\Local\Babylon folder moved successfully.

C:\ProgramData\Babylon folder moved successfully.

C:\Users\1\AppData\Local\XTTB00001\Toolbar\RSSReader folder moved successfully.

C:\Users\1\AppData\Local\XTTB00001\Toolbar folder moved successfully.

C:\Users\1\AppData\Local\XTTB00001 folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: 1

->Temp folder emptied: 31746 bytes

->Temporary Internet Files folder emptied: 1138533 bytes

->Java cache emptied: 192402 bytes

->FireFox cache emptied: 289301349 bytes

->Flash cache emptied: 1412 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: Raphael

->Temp folder emptied: 0 bytes

 

User: Sanne

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33237 bytes

 

User: Susanne

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 86407522 bytes

->Java cache emptied: 586665 bytes

->Flash cache emptied: 12111 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 322508966 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 668.00 mb

 

 

[EMPTYFLASH]

 

User: 1

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Default

 

User: Default User

 

User: Public

 

User: Raphael

 

User: Sanne

 

User: Susanne

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.2 log created on 04102012_212514
 

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\OutofProcReport810208.txt not found!
 

Registry entries deleted on Reboot...

Gruß, Susanne

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Huhu :-)
erledigt:

Code:

 15:37:18.0430 2292        TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

15:37:18.0659 2292        ============================================================

15:37:18.0659 2292        Current date / time: 2012/04/11 15:37:18.0659

15:37:18.0659 2292        SystemInfo:

15:37:18.0659 2292        

15:37:18.0659 2292        OS Version: 6.1.7600 ServicePack: 0.0

15:37:18.0659 2292        Product type: Workstation

15:37:18.0659 2292        ComputerName: RAPHAEL-PC

15:37:18.0660 2292        UserName: 1

15:37:18.0660 2292        Windows directory: C:\Windows

15:37:18.0660 2292        System windows directory: C:\Windows

15:37:18.0660 2292        Processor architecture: Intel x86

15:37:18.0660 2292        Number of processors: 4

15:37:18.0660 2292        Page size: 0x1000

15:37:18.0660 2292        Boot type: Normal boot

15:37:18.0660 2292        ============================================================

15:37:19.0740 2292        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

15:37:19.0743 2292        \Device\Harddisk0\DR0:

15:37:19.0744 2292        MBR used

15:37:19.0744 2292        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

15:37:19.0744 2292        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x35152000

15:37:19.0744 2292        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x35184800, BlocksNum 0x5000000

15:37:19.0813 2292        Initialize success

15:37:19.0813 2292        ============================================================

15:38:03.0203 3808        ============================================================

15:38:03.0203 3808        Scan started

15:38:03.0203 3808        Mode: Manual; SigCheck; TDLFS; 

15:38:03.0203 3808        ============================================================

15:38:03.0546 3808        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys

15:38:03.0671 3808        1394ohci - ok

15:38:03.0733 3808        AAV UpdateService - ok

15:38:03.0858 3808        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys

15:38:03.0905 3808        ACPI - ok

15:38:04.0014 3808        AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys

15:38:04.0108 3808        AcpiPmi - ok

15:38:04.0248 3808        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

15:38:04.0326 3808        adp94xx - ok

15:38:04.0435 3808        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

15:38:04.0482 3808        adpahci - ok

15:38:04.0529 3808        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

15:38:04.0576 3808        adpu320 - ok

15:38:04.0607 3808        AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

15:38:04.0669 3808        AeLookupSvc - ok

15:38:04.0794 3808        AFD             (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys

15:38:04.0981 3808        AFD - ok

15:38:05.0122 3808        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys

15:38:05.0169 3808        agp440 - ok

15:38:05.0278 3808        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

15:38:05.0325 3808        aic78xx - ok

15:38:05.0387 3808        ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

15:38:05.0496 3808        ALG - ok

15:38:05.0605 3808        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys

15:38:05.0621 3808        aliide - ok

15:38:05.0683 3808        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys

15:38:05.0746 3808        amdagp - ok

15:38:05.0839 3808        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys

15:38:05.0871 3808        amdide - ok

15:38:05.0917 3808        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

15:38:05.0980 3808        AmdK8 - ok

15:38:06.0089 3808        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

15:38:06.0183 3808        AmdPPM - ok

15:38:06.0214 3808        amdsata         (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys

15:38:06.0245 3808        amdsata - ok

15:38:06.0385 3808        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

15:38:06.0448 3808        amdsbs - ok

15:38:06.0463 3808        amdxata         (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys

15:38:06.0495 3808        amdxata - ok

15:38:06.0604 3808        AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files\Avira\AntiVir Desktop\sched.exe

15:38:06.0682 3808        AntiVirSchedulerService - ok

15:38:06.0744 3808        AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files\Avira\AntiVir Desktop\avguard.exe

15:38:06.0822 3808        AntiVirService - ok

15:38:06.0838 3808        AntiVirWebService (cc62fdc25725267a702f48c90c5cdf31) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

15:38:06.0916 3808        AntiVirWebService - ok

15:38:07.0025 3808        AOL ACS         (85180cf88c5ebad73b452a43a004ca51) C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

15:38:07.0087 3808        AOL ACS - ok

15:38:07.0181 3808        AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys

15:38:07.0290 3808        AppID - ok

15:38:07.0399 3808        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

15:38:07.0462 3808        AppIDSvc - ok

15:38:07.0493 3808        Appinfo         (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll

15:38:07.0555 3808        Appinfo - ok

15:38:07.0696 3808        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

15:38:07.0743 3808        arc - ok

15:38:07.0774 3808        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

15:38:07.0821 3808        arcsas - ok

15:38:07.0867 3808        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

15:38:07.0945 3808        AsyncMac - ok

15:38:08.0055 3808        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys

15:38:08.0086 3808        atapi - ok

15:38:08.0133 3808        AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

15:38:08.0257 3808        AudioEndpointBuilder - ok

15:38:08.0289 3808        Audiosrv        (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll

15:38:08.0335 3808        Audiosrv - ok

15:38:08.0476 3808        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

15:38:08.0554 3808        avgntflt - ok

15:38:08.0663 3808        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys

15:38:08.0710 3808        avipbb - ok

15:38:08.0725 3808        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

15:38:08.0757 3808        avkmgr - ok

15:38:08.0788 3808        AxInstSV        (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll

15:38:08.0897 3808        AxInstSV - ok

15:38:09.0022 3808        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

15:38:09.0131 3808        b06bdrv - ok

15:38:09.0256 3808        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

15:38:09.0365 3808        b57nd60x - ok

15:38:09.0505 3808        BBSvc           (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE

15:38:09.0599 3808        BBSvc - ok

15:38:09.0708 3808        BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE

15:38:09.0833 3808        BBUpdate - ok

15:38:09.0942 3808        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

15:38:10.0005 3808        BDESVC - ok

15:38:10.0114 3808        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

15:38:10.0176 3808        Beep - ok

15:38:10.0223 3808        BFE             (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll

15:38:10.0332 3808        BFE - ok

15:38:10.0426 3808        BITS            (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll

15:38:10.0551 3808        BITS - ok

15:38:10.0597 3808        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

15:38:10.0660 3808        blbdrive - ok

15:38:10.0769 3808        bowser          (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys

15:38:10.0847 3808        bowser - ok

15:38:10.0894 3808        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:38:10.0972 3808        BrFiltLo - ok

15:38:10.0987 3808        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:38:11.0065 3808        BrFiltUp - ok

15:38:11.0175 3808        BridgeMP        (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys

15:38:11.0268 3808        BridgeMP - ok

15:38:11.0362 3808        Browser         (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll

15:38:11.0471 3808        Browser - ok

15:38:11.0580 3808        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

15:38:11.0674 3808        Brserid - ok

15:38:11.0799 3808        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

15:38:11.0861 3808        BrSerWdm - ok

15:38:11.0970 3808        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:38:12.0017 3808        BrUsbMdm - ok

15:38:12.0064 3808        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

15:38:12.0142 3808        BrUsbSer - ok

15:38:12.0173 3808        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

15:38:12.0235 3808        BTHMODEM - ok

15:38:12.0282 3808        bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

15:38:12.0376 3808        bthserv - ok

15:38:12.0485 3808        catchme - ok

15:38:12.0594 3808        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

15:38:12.0703 3808        cdfs - ok

15:38:12.0813 3808        cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys

15:38:12.0859 3808        cdrom - ok

15:38:12.0906 3808        CertPropSvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

15:38:13.0000 3808        CertPropSvc - ok

15:38:13.0109 3808        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

15:38:13.0187 3808        circlass - ok

15:38:13.0281 3808        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

15:38:13.0327 3808        CLFS - ok

15:38:13.0390 3808        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:38:13.0452 3808        clr_optimization_v2.0.50727_32 - ok

15:38:13.0530 3808        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:38:13.0561 3808        clr_optimization_v4.0.30319_32 - ok

15:38:13.0639 3808        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

15:38:13.0686 3808        CmBatt - ok

15:38:13.0780 3808        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys

15:38:13.0811 3808        cmdide - ok

15:38:13.0842 3808        CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

15:38:13.0889 3808        CNG - ok

15:38:13.0920 3808        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

15:38:13.0967 3808        Compbatt - ok

15:38:14.0092 3808        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys

15:38:14.0170 3808        CompositeBus - ok

15:38:14.0232 3808        COMSysApp - ok

15:38:14.0295 3808        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

15:38:14.0326 3808        crcdisk - ok

15:38:14.0419 3808        CryptSvc        (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll

15:38:14.0529 3808        CryptSvc - ok

15:38:14.0575 3808        DcomLaunch      (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

15:38:14.0653 3808        DcomLaunch - ok

15:38:14.0700 3808        defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

15:38:14.0794 3808        defragsvc - ok

15:38:14.0856 3808        DfsC            (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys

15:38:14.0950 3808        DfsC - ok

15:38:15.0059 3808        Dhcp            (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll

15:38:15.0137 3808        Dhcp - ok

15:38:15.0246 3808        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

15:38:15.0324 3808        discache - ok

15:38:15.0449 3808        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

15:38:15.0496 3808        Disk - ok

15:38:15.0527 3808        Dnscache        (d0722e963d3c6145446874241401b209) C:\Windows\System32\dnsrslvr.dll

15:38:15.0621 3808        Dnscache - ok

15:38:15.0652 3808        dot3svc         (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll

15:38:15.0699 3808        dot3svc - ok

15:38:15.0730 3808        DPS             (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll

15:38:15.0777 3808        DPS - ok

15:38:15.0839 3808        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

15:38:15.0886 3808        drmkaud - ok

15:38:15.0933 3808        DXGKrnl         (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys

15:38:15.0964 3808        DXGKrnl - ok

15:38:16.0011 3808        EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

15:38:16.0120 3808        EapHost - ok

15:38:16.0307 3808        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

15:38:16.0510 3808        ebdrv - ok

15:38:16.0619 3808        EFS             (f42309c4191c506b71db5d1126d26318) C:\Windows\System32\lsass.exe

15:38:16.0666 3808        EFS - ok

15:38:16.0775 3808        ehRecvr         (0f1a73c91cfa379f307f86e38c8c41ab) C:\Windows\ehome\ehRecvr.exe

15:38:16.0900 3808        ehRecvr - ok

15:38:16.0915 3808        ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

15:38:17.0009 3808        ehSched - ok

15:38:17.0103 3808        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

15:38:17.0149 3808        elxstor - ok

15:38:17.0259 3808        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys

15:38:17.0305 3808        ErrDev - ok

15:38:17.0415 3808        EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

15:38:17.0493 3808        EventSystem - ok

15:38:17.0555 3808        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

15:38:17.0633 3808        exfat - ok

15:38:17.0649 3808        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

15:38:17.0711 3808        fastfat - ok

15:38:17.0820 3808        Fax             (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe

15:38:17.0961 3808        Fax - ok

15:38:18.0054 3808        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

15:38:18.0101 3808        fdc - ok

15:38:18.0132 3808        fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

15:38:18.0195 3808        fdPHost - ok

15:38:18.0210 3808        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

15:38:18.0273 3808        FDResPub - ok

15:38:18.0304 3808        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

15:38:18.0366 3808        FileInfo - ok

15:38:18.0382 3808        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

15:38:18.0444 3808        Filetrace - ok

15:38:18.0475 3808        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

15:38:18.0522 3808        flpydisk - ok

15:38:18.0647 3808        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

15:38:18.0694 3808        FltMgr - ok

15:38:18.0725 3808        FontCache       (b6512a85815fdc3d560c3705f5bdb93d) C:\Windows\system32\FntCache.dll

15:38:18.0819 3808        FontCache - ok

15:38:18.0897 3808        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

15:38:18.0943 3808        FontCache3.0.0.0 - ok

15:38:19.0021 3808        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

15:38:19.0068 3808        FsDepends - ok

15:38:19.0084 3808        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

15:38:19.0115 3808        Fs_Rec - ok

15:38:19.0162 3808        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys

15:38:19.0209 3808        fvevol - ok

15:38:19.0318 3808        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:38:19.0380 3808        gagp30kx - ok

15:38:19.0427 3808        gpsvc           (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll

15:38:19.0505 3808        gpsvc - ok

15:38:19.0567 3808        gupdate - ok

15:38:19.0599 3808        gupdatem - ok

15:38:19.0614 3808        gusvc - ok

15:38:19.0739 3808        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

15:38:19.0817 3808        hcw85cir - ok

15:38:19.0942 3808        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys

15:38:19.0989 3808        HdAudAddService - ok

15:38:20.0129 3808        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:38:20.0176 3808        HDAudBus - ok

15:38:20.0316 3808        HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys

15:38:20.0379 3808        HECI - ok

15:38:20.0410 3808        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

15:38:20.0457 3808        HidBatt - ok

15:38:20.0488 3808        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

15:38:20.0535 3808        HidBth - ok

15:38:20.0628 3808        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

15:38:20.0691 3808        HidIr - ok

15:38:20.0722 3808        hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll

15:38:20.0815 3808        hidserv - ok

15:38:20.0925 3808        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys

15:38:20.0987 3808        HidUsb - ok

15:38:21.0018 3808        hkmsvc          (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll

15:38:21.0081 3808        hkmsvc - ok

15:38:21.0096 3808        HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll

15:38:21.0174 3808        HomeGroupListener - ok

15:38:21.0252 3808        HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll

15:38:21.0315 3808        HomeGroupProvider - ok

15:38:21.0377 3808        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys

15:38:21.0424 3808        HpSAMD - ok

15:38:21.0533 3808        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys

15:38:21.0627 3808        HTTP - ok

15:38:21.0658 3808        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys

15:38:21.0673 3808        hwpolicy - ok

15:38:21.0783 3808        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys

15:38:21.0861 3808        i8042prt - ok

15:38:22.0001 3808        iaStor          (26541a068572f650a2fa490726fe81be) C:\Windows\system32\DRIVERS\iaStor.sys

15:38:22.0063 3808        iaStor - ok

15:38:22.0079 3808        IAStorDataMgrSvc - ok

15:38:22.0188 3808        iaStorV         (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys

15:38:22.0235 3808        iaStorV - ok

15:38:22.0329 3808        idsvc           (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

15:38:22.0453 3808        idsvc - ok

15:38:22.0765 3808        igfx            (8e9da2e49347af49901526dcd4d0f397) C:\Windows\system32\DRIVERS\igdkmd32.sys

15:38:23.0109 3808        igfx - ok

15:38:23.0218 3808        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

15:38:23.0265 3808        iirsp - ok

15:38:23.0311 3808        IKEEXT          (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll

15:38:23.0389 3808        IKEEXT - ok

15:38:23.0514 3808        Impcd           (e3c36ac5ae87ec970ae8ea2a93d59ae1) C:\Windows\system32\DRIVERS\Impcd.sys

15:38:23.0592 3808        Impcd - ok

15:38:23.0733 3808        Installer Service (4aa2e012c1746d75c1217634d81f6da0) C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{6339663B-F26F-4FE3-B813-0E1DEC4ED976}\Installer\InstallerService.exe

15:38:23.0889 3808        Installer Service ( UnsignedFile.Multi.Generic ) - warning

15:38:23.0889 3808        Installer Service - detected UnsignedFile.Multi.Generic (1)

15:38:24.0076 3808        IntcAzAudAddService (5f9882ba31b7755341bc7773cb1ead62) C:\Windows\system32\drivers\RTKVHDA.sys

15:38:24.0232 3808        IntcAzAudAddService - ok

15:38:24.0357 3808        IntcDAud        (bf31740828a26ab451803e3b35432651) C:\Windows\system32\DRIVERS\IntcDAud.sys

15:38:24.0435 3808        IntcDAud - ok

15:38:24.0544 3808        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys

15:38:24.0575 3808        intelide - ok

15:38:24.0684 3808        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

15:38:24.0762 3808        intelppm - ok

15:38:24.0793 3808        IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

15:38:24.0856 3808        IPBusEnum - ok

15:38:24.0918 3808        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:38:24.0996 3808        IpFilterDriver - ok

15:38:25.0090 3808        iphlpsvc        (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll

15:38:25.0199 3808        iphlpsvc - ok

15:38:25.0246 3808        IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys

15:38:25.0324 3808        IPMIDRV - ok

15:38:25.0355 3808        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

15:38:25.0433 3808        IPNAT - ok

15:38:25.0527 3808        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

15:38:25.0589 3808        IRENUM - ok

15:38:25.0714 3808        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys

15:38:25.0761 3808        isapnp - ok

15:38:25.0792 3808        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys

15:38:25.0823 3808        iScsiPrt - ok

15:38:25.0870 3808        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

15:38:25.0917 3808        kbdclass - ok

15:38:26.0057 3808        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys

15:38:26.0135 3808        kbdhid - ok

15:38:26.0151 3808        KeyIso          (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

15:38:26.0182 3808        KeyIso - ok

15:38:26.0213 3808        KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys

15:38:26.0244 3808        KSecDD - ok

15:38:26.0291 3808        KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys

15:38:26.0353 3808        KSecPkg - ok

15:38:26.0385 3808        KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

15:38:26.0447 3808        KtmRm - ok

15:38:26.0509 3808        L1C             (4566fd5f4416e7fef3600e4b30d086c3) C:\Windows\system32\DRIVERS\L1C62x86.sys

15:38:26.0541 3808        L1C - ok

15:38:26.0587 3808        LanmanServer    (bca92cb047a4326925ecef759dbaa233) C:\Windows\System32\srvsvc.dll

15:38:26.0681 3808        LanmanServer - ok

15:38:26.0775 3808        LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll

15:38:26.0853 3808        LanmanWorkstation - ok

15:38:26.0946 3808        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

15:38:27.0024 3808        lltdio - ok

15:38:27.0087 3808        lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

15:38:27.0180 3808        lltdsvc - ok

15:38:27.0196 3808        lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

15:38:27.0258 3808        lmhosts - ok

15:38:27.0289 3808        LMS - ok

15:38:27.0414 3808        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:38:27.0477 3808        LSI_FC - ok

15:38:27.0508 3808        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:38:27.0539 3808        LSI_SAS - ok

15:38:27.0570 3808        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:38:27.0617 3808        LSI_SAS2 - ok

15:38:27.0648 3808        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:38:27.0679 3808        LSI_SCSI - ok

15:38:27.0726 3808        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

15:38:27.0789 3808        luafv - ok

15:38:27.0835 3808        Mcx2Svc         (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll

15:38:27.0913 3808        Mcx2Svc - ok

15:38:27.0976 3808        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

15:38:28.0007 3808        megasas - ok

15:38:28.0069 3808        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

15:38:28.0116 3808        MegaSR - ok

15:38:28.0147 3808        MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

15:38:28.0210 3808        MMCSS - ok

15:38:28.0257 3808        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

15:38:28.0319 3808        Modem - ok

15:38:28.0428 3808        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

15:38:28.0506 3808        monitor - ok

15:38:28.0553 3808        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

15:38:28.0584 3808        mouclass - ok

15:38:28.0693 3808        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

15:38:28.0756 3808        mouhid - ok

15:38:28.0771 3808        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys

15:38:28.0818 3808        mountmgr - ok

15:38:28.0943 3808        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

15:38:29.0021 3808        MpFilter - ok

15:38:29.0068 3808        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys

15:38:29.0130 3808        mpio - ok

15:38:29.0271 3808        MpKsl5c6c1a1a   (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{562EB444-82F2-4A36-B1FA-5CB3F35CAE33}\MpKsl5c6c1a1a.sys

15:38:29.0302 3808        MpKsl5c6c1a1a - ok

15:38:29.0411 3808        MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

15:38:29.0473 3808        MpNWMon - ok

15:38:29.0536 3808        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

15:38:29.0614 3808        mpsdrv - ok

15:38:29.0661 3808        MpsSvc          (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll

15:38:29.0770 3808        MpsSvc - ok

15:38:29.0817 3808        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys

15:38:29.0895 3808        MRxDAV - ok

15:38:29.0941 3808        mrxsmb          (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:38:30.0004 3808        mrxsmb - ok

15:38:30.0113 3808        mrxsmb10        (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:38:30.0175 3808        mrxsmb10 - ok

15:38:30.0207 3808        mrxsmb20        (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:38:30.0269 3808        mrxsmb20 - ok

15:38:30.0316 3808        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys

15:38:30.0347 3808        msahci - ok

15:38:30.0394 3808        msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys

15:38:30.0425 3808        msdsm - ok

15:38:30.0487 3808        MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

15:38:30.0550 3808        MSDTC - ok

15:38:30.0597 3808        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

15:38:30.0659 3808        Msfs - ok

15:38:30.0690 3808        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

15:38:30.0753 3808        mshidkmdf - ok

15:38:30.0784 3808        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys

15:38:30.0799 3808        msisadrv - ok

15:38:30.0831 3808        MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

15:38:30.0924 3808        MSiSCSI - ok

15:38:30.0940 3808        msiserver - ok

15:38:30.0987 3808        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

15:38:31.0065 3808        MSKSSRV - ok

15:38:31.0221 3808        MsMpSvc         (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

15:38:31.0252 3808        MsMpSvc - ok

15:38:31.0377 3808        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

15:38:31.0455 3808        MSPCLOCK - ok

15:38:31.0564 3808        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

15:38:31.0642 3808        MSPQM - ok

15:38:31.0657 3808        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

15:38:31.0720 3808        MsRPC - ok

15:38:31.0751 3808        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys

15:38:31.0782 3808        mssmbios - ok

15:38:31.0829 3808        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

15:38:31.0860 3808        MSTEE - ok

15:38:31.0969 3808        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

15:38:32.0032 3808        MTConfig - ok

15:38:32.0063 3808        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

15:38:32.0110 3808        Mup - ok

15:38:32.0172 3808        napagent        (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll

15:38:32.0250 3808        napagent - ok

15:38:32.0313 3808        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

15:38:32.0375 3808        NativeWifiP - ok

15:38:32.0547 3808        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys

15:38:32.0609 3808        NDIS - ok

15:38:32.0718 3808        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

15:38:32.0781 3808        NdisCap - ok

15:38:32.0796 3808        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

15:38:32.0859 3808        NdisTapi - ok

15:38:32.0952 3808        Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys

15:38:33.0046 3808        Ndisuio - ok

15:38:33.0061 3808        NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys

15:38:33.0124 3808        NdisWan - ok

15:38:33.0155 3808        NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys

15:38:33.0217 3808        NDProxy - ok

15:38:33.0342 3808        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

15:38:33.0420 3808        NetBIOS - ok

15:38:33.0514 3808        NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys

15:38:33.0623 3808        NetBT - ok

15:38:33.0685 3808        Netlogon        (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

15:38:33.0732 3808        Netlogon - ok

15:38:33.0795 3808        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

15:38:33.0857 3808        Netman - ok

15:38:33.0888 3808        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

15:38:33.0935 3808        netprofm - ok

15:38:34.0029 3808        NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:38:34.0075 3808        NetTcpPortSharing - ok

15:38:34.0169 3808        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

15:38:34.0216 3808        nfrd960 - ok

15:38:34.0356 3808        NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

15:38:34.0403 3808        NisDrv - ok

15:38:34.0512 3808        NisSrv          (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

15:38:34.0575 3808        NisSrv - ok

15:38:34.0653 3808        NlaSvc          (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll

15:38:34.0746 3808        NlaSvc - ok

15:38:34.0902 3808        nmwcd           (712bc0c22ba00b2ba324c6b8df668ee7) C:\Windows\system32\drivers\ccdcmb.sys

15:38:34.0965 3808        nmwcd - ok

15:38:35.0011 3808        nmwcdc          (7312987b6ccde6f6cee32c14bed1ca2e) C:\Windows\system32\drivers\ccdcmbo.sys

15:38:35.0074 3808        nmwcdc - ok

15:38:35.0136 3808        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

15:38:35.0199 3808        Npfs - ok

15:38:35.0230 3808        nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

15:38:35.0308 3808        nsi - ok

15:38:35.0355 3808        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

15:38:35.0433 3808        nsiproxy - ok

15:38:35.0573 3808        Ntfs            (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys

15:38:35.0776 3808        Ntfs - ok

15:38:35.0885 3808        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

15:38:35.0932 3808        Null - ok

15:38:35.0994 3808        nvraid          (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys

15:38:36.0057 3808        nvraid - ok

15:38:36.0072 3808        nvstor          (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys

15:38:36.0119 3808        nvstor - ok

15:38:36.0150 3808        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys

15:38:36.0197 3808        nv_agp - ok

15:38:36.0306 3808        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys

15:38:36.0369 3808        ohci1394 - ok

15:38:36.0415 3808        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

15:38:36.0462 3808        p2pimsvc - ok

15:38:36.0493 3808        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

15:38:36.0556 3808        p2psvc - ok

15:38:36.0618 3808        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

15:38:36.0696 3808        Parport - ok

15:38:36.0805 3808        partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys

15:38:36.0852 3808        partmgr - ok

15:38:36.0868 3808        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

15:38:36.0915 3808        Parvdm - ok

15:38:36.0946 3808        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

15:38:37.0024 3808        PcaSvc - ok

15:38:37.0149 3808        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys

15:38:37.0242 3808        pccsmcfd - ok

15:38:37.0289 3808        pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys

15:38:37.0320 3808        pci - ok

15:38:37.0351 3808        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys

15:38:37.0367 3808        pciide - ok

15:38:37.0398 3808        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

15:38:37.0429 3808        pcmcia - ok

15:38:37.0476 3808        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

15:38:37.0507 3808        pcw - ok

15:38:37.0539 3808        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

15:38:37.0617 3808        PEAUTH - ok

15:38:37.0679 3808        pla             (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll

15:38:37.0819 3808        pla - ok

15:38:37.0897 3808        PlugPlay        (2cc2008f1296968fba162ed9f9afe328) C:\Windows\system32\umpnpmgr.dll

15:38:37.0991 3808        PlugPlay - ok

15:38:38.0022 3808        PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

15:38:38.0053 3808        PNRPAutoReg - ok

15:38:38.0085 3808        PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

15:38:38.0116 3808        PNRPsvc - ok

15:38:38.0163 3808        PolicyAgent     (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll

15:38:38.0209 3808        PolicyAgent - ok

15:38:38.0241 3808        Power           (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll

15:38:38.0287 3808        Power - ok

15:38:38.0365 3808        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

15:38:38.0443 3808        PptpMiniport - ok

15:38:38.0568 3808        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

15:38:38.0615 3808        Processor - ok

15:38:38.0662 3808        ProfSvc         (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll

15:38:38.0740 3808        ProfSvc - ok

15:38:38.0771 3808        ProtectedStorage (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

15:38:38.0802 3808        ProtectedStorage - ok

15:38:38.0865 3808        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

15:38:38.0943 3808        Psched - ok

15:38:39.0005 3808        PSI_SVC_2 - ok

15:38:39.0145 3808        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

15:38:39.0239 3808        ql2300 - ok

15:38:39.0270 3808        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

15:38:39.0317 3808        ql40xx - ok

15:38:39.0348 3808        QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

15:38:39.0426 3808        QWAVE - ok

15:38:39.0473 3808        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

15:38:39.0567 3808        QWAVEdrv - ok

15:38:39.0676 3808        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

15:38:39.0754 3808        RasAcd - ok

15:38:39.0879 3808        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:38:39.0957 3808        RasAgileVpn - ok

15:38:39.0988 3808        RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

15:38:40.0081 3808        RasAuto - ok

15:38:40.0175 3808        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:38:40.0269 3808        Rasl2tp - ok

15:38:40.0300 3808        RasMan          (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll

15:38:40.0362 3808        RasMan - ok

15:38:40.0425 3808        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

15:38:40.0487 3808        RasPppoe - ok

15:38:40.0518 3808        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

15:38:40.0581 3808        RasSstp - ok

15:38:40.0612 3808        rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys

15:38:40.0674 3808        rdbss - ok

15:38:40.0705 3808        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

15:38:40.0752 3808        rdpbus - ok

15:38:40.0799 3808        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:38:40.0861 3808        RDPCDD - ok

15:38:40.0893 3808        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

15:38:40.0955 3808        RDPENCDD - ok

15:38:41.0064 3808        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

15:38:41.0127 3808        RDPREFMP - ok

15:38:41.0158 3808        RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys

15:38:41.0236 3808        RDPWD - ok

15:38:41.0267 3808        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys

15:38:41.0329 3808        rdyboost - ok

15:38:41.0423 3808        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

15:38:41.0517 3808        RemoteAccess - ok

15:38:41.0532 3808        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

15:38:41.0610 3808        RemoteRegistry - ok

15:38:41.0673 3808        RichVideo - ok

15:38:41.0797 3808        RMCAST          (b4090006a82eeb608c358ab5d37de85a) C:\Windows\system32\DRIVERS\RMCAST.sys

15:38:41.0891 3808        RMCAST - ok

15:38:41.0938 3808        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

15:38:41.0985 3808        RpcEptMapper - ok

15:38:42.0016 3808        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

15:38:42.0078 3808        RpcLocator - ok

15:38:42.0125 3808        RpcSs           (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll

15:38:42.0203 3808        RpcSs - ok

15:38:42.0250 3808        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

15:38:42.0328 3808        rspndr - ok

15:38:42.0437 3808        RSUSBSTOR       (0340a381b920a6e68178b832889f33f8) C:\Windows\System32\Drivers\RtsUStor.sys

15:38:42.0484 3808        RSUSBSTOR - ok

15:38:42.0531 3808        rtl8192se       (cfd6c307bf5db3b339be9f92b95433b9) C:\Windows\system32\DRIVERS\rtl8192se.sys

15:38:42.0577 3808        rtl8192se - ok

15:38:42.0609 3808        SamSs           (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

15:38:42.0640 3808        SamSs - ok

15:38:42.0687 3808        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys

15:38:42.0749 3808        sbp2port - ok

15:38:42.0780 3808        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

15:38:42.0843 3808        SCardSvr - ok

15:38:42.0921 3808        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys

15:38:42.0983 3808        scfilter - ok

15:38:43.0045 3808        Schedule        (3e8b0c453e25613a1f59762a5c42aa75) C:\Windows\system32\schedsvc.dll

15:38:43.0123 3808        Schedule - ok

15:38:43.0155 3808        SCPolicySvc     (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll

15:38:43.0201 3808        SCPolicySvc - ok

15:38:43.0248 3808        SDRSVC          (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll

15:38:43.0295 3808        SDRSVC - ok

15:38:43.0357 3808        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

15:38:43.0420 3808        secdrv - ok

15:38:43.0482 3808        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

15:38:43.0560 3808        seclogon - ok

15:38:43.0576 3808        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll

15:38:43.0638 3808        SENS - ok

15:38:43.0669 3808        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

15:38:43.0701 3808        SensrSvc - ok

15:38:43.0763 3808        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

15:38:43.0810 3808        Serenum - ok

15:38:43.0841 3808        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

15:38:43.0919 3808        Serial - ok

15:38:43.0966 3808        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

15:38:44.0013 3808        sermouse - ok

15:38:44.0153 3808        ServiceLayer    (3ec8de67b1c78c31e54c0f030e6bd7d5) C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

15:38:44.0278 3808        ServiceLayer ( UnsignedFile.Multi.Generic ) - warning

15:38:44.0278 3808        ServiceLayer - detected UnsignedFile.Multi.Generic (1)

15:38:44.0371 3808        SessionEnv      (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll

15:38:44.0449 3808        SessionEnv - ok

15:38:44.0496 3808        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys

15:38:44.0543 3808        sffdisk - ok

15:38:44.0559 3808        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys

15:38:44.0590 3808        sffp_mmc - ok

15:38:44.0621 3808        sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys

15:38:44.0637 3808        sffp_sd - ok

15:38:44.0683 3808        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

15:38:44.0715 3808        sfloppy - ok

15:38:44.0824 3808        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

15:38:44.0917 3808        SharedAccess - ok

15:38:44.0949 3808        ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll

15:38:44.0995 3808        ShellHWDetection - ok

15:38:45.0073 3808        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys

15:38:45.0120 3808        sisagp - ok

15:38:45.0120 3808        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:38:45.0151 3808        SiSRaid2 - ok

15:38:45.0183 3808        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

15:38:45.0214 3808        SiSRaid4 - ok

15:38:45.0261 3808        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

15:38:45.0339 3808        Smb - ok

15:38:45.0432 3808        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

15:38:45.0495 3808        SNMPTRAP - ok

15:38:45.0557 3808        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

15:38:45.0604 3808        spldr - ok

15:38:45.0651 3808        Spooler         (49b6dd6ab3715b7a67965f17194e98a9) C:\Windows\System32\spoolsv.exe

15:38:45.0697 3808        Spooler - ok

15:38:45.0791 3808        sppsvc          (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe

15:38:46.0041 3808        sppsvc - ok

15:38:46.0119 3808        sppuinotify     (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll

15:38:46.0197 3808        sppuinotify - ok

15:38:46.0243 3808        srv             (dd0dd124d95390fdffa7fb6283923ed4) C:\Windows\system32\DRIVERS\srv.sys

15:38:46.0337 3808        srv - ok

15:38:46.0446 3808        srv2            (59ef6d9c690e89d51b0692ccb13a06fc) C:\Windows\system32\DRIVERS\srv2.sys

15:38:46.0493 3808        srv2 - ok

15:38:46.0540 3808        srvnet          (08f28676802b58138e48a2b40caf6204) C:\Windows\system32\DRIVERS\srvnet.sys

15:38:46.0602 3808        srvnet - ok

15:38:46.0633 3808        SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

15:38:46.0711 3808        SSDPSRV - ok

15:38:46.0774 3808        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

15:38:46.0805 3808        ssmdrv - ok

15:38:46.0836 3808        SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

15:38:46.0883 3808        SstpSvc - ok

15:38:46.0930 3808        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

15:38:46.0961 3808        stexstor - ok

15:38:46.0992 3808        StiSvc          (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll

15:38:47.0055 3808        StiSvc - ok

15:38:47.0101 3808        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys

15:38:47.0117 3808        swenum - ok

15:38:47.0148 3808        swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

15:38:47.0226 3808        swprv - ok

15:38:47.0304 3808        SynTP           (d776eb85a20696d9d43129ccf6e703e2) C:\Windows\system32\DRIVERS\SynTP.sys

15:38:47.0351 3808        SynTP - ok

15:38:47.0460 3808        SysMain         (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll

15:38:47.0569 3808        SysMain - ok

15:38:47.0647 3808        TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll

15:38:47.0710 3808        TabletInputService - ok

15:38:47.0741 3808        TapiSrv         (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll

15:38:47.0803 3808        TapiSrv - ok

15:38:47.0835 3808        TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

15:38:47.0913 3808        TBS - ok

15:38:47.0991 3808        Tcpip           (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys

15:38:48.0084 3808        Tcpip - ok

15:38:48.0225 3808        TCPIP6          (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys

15:38:48.0287 3808        TCPIP6 - ok

15:38:48.0318 3808        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys

15:38:48.0381 3808        tcpipreg - ok

15:38:48.0396 3808        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys

15:38:48.0474 3808        TDPIPE - ok

15:38:48.0505 3808        TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys

15:38:48.0568 3808        TDTCP - ok

15:38:48.0677 3808        tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys

15:38:48.0771 3808        tdx - ok

15:38:48.0802 3808        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys

15:38:48.0833 3808        TermDD - ok

15:38:48.0895 3808        TermService     (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll

15:38:48.0989 3808        TermService - ok

15:38:49.0020 3808        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

15:38:49.0067 3808        Themes - ok

15:38:49.0114 3808        THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

15:38:49.0161 3808        THREADORDER - ok

15:38:49.0192 3808        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

15:38:49.0270 3808        TrkWks - ok

15:38:49.0332 3808        TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe

15:38:49.0426 3808        TrustedInstaller - ok

15:38:49.0504 3808        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:38:49.0597 3808        tssecsrv - ok

15:38:49.0722 3808        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys

15:38:49.0800 3808        tunnel - ok

15:38:49.0831 3808        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

15:38:49.0863 3808        uagp35 - ok

15:38:49.0909 3808        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys

15:38:49.0972 3808        udfs - ok

15:38:50.0003 3808        UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

15:38:50.0034 3808        UI0Detect - ok

15:38:50.0097 3808        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys

15:38:50.0143 3808        uliagpkx - ok

15:38:50.0175 3808        umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys

15:38:50.0221 3808        umbus - ok

15:38:50.0268 3808        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

15:38:50.0315 3808        UmPass - ok

15:38:50.0346 3808        UNS - ok

15:38:50.0424 3808        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

15:38:50.0518 3808        upnphost - ok

15:38:50.0580 3808        upperdev        (7062ed67a10f1c83b2ab951736e24f11) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys

15:38:50.0627 3808        upperdev - ok

15:38:50.0658 3808        usbccgp         (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys

15:38:50.0721 3808        usbccgp - ok

15:38:50.0767 3808        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys

15:38:50.0830 3808        usbcir - ok

15:38:50.0861 3808        usbehci         (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys

15:38:50.0908 3808        usbehci - ok

15:38:51.0017 3808        usbhub          (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys

15:38:51.0079 3808        usbhub - ok

15:38:51.0111 3808        usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys

15:38:51.0157 3808        usbohci - ok

15:38:51.0189 3808        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

15:38:51.0235 3808        usbprint - ok

15:38:51.0360 3808        usbser          (88701eca76145e2c011c0eeff0f7b70e) C:\Windows\system32\drivers\usbser.sys

15:38:51.0438 3808        usbser - ok

15:38:51.0454 3808        UsbserFilt      (b76d8039f5b595c4ca551b3d5dd15a98) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys

15:38:51.0501 3808        UsbserFilt - ok

15:38:51.0532 3808        USBSTOR         (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:38:51.0579 3808        USBSTOR - ok

15:38:51.0610 3808        usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys

15:38:51.0657 3808        usbuhci - ok

15:38:51.0781 3808        usbvideo        (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys

15:38:51.0828 3808        usbvideo - ok

15:38:51.0859 3808        UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

15:38:51.0922 3808        UxSms - ok

15:38:51.0953 3808        VaultSvc        (f42309c4191c506b71db5d1126d26318) C:\Windows\system32\lsass.exe

15:38:52.0000 3808        VaultSvc - ok

15:38:52.0062 3808        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys

15:38:52.0093 3808        vdrvroot - ok

15:38:52.0140 3808        vds             (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe

15:38:52.0171 3808        vds - ok

15:38:52.0249 3808        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

15:38:52.0281 3808        vga - ok

15:38:52.0296 3808        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

15:38:52.0359 3808        VgaSave - ok

15:38:52.0390 3808        vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys

15:38:52.0421 3808        vhdmp - ok

15:38:52.0452 3808        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys

15:38:52.0499 3808        viaagp - ok

15:38:52.0593 3808        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

15:38:52.0655 3808        ViaC7 - ok

15:38:52.0702 3808        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys

15:38:52.0749 3808        viaide - ok

15:38:52.0764 3808        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys

15:38:52.0811 3808        volmgr - ok

15:38:52.0842 3808        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

15:38:52.0873 3808        volmgrx - ok

15:38:52.0920 3808        volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys

15:38:52.0936 3808        volsnap - ok

15:38:52.0983 3808        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

15:38:53.0029 3808        vsmraid - ok

15:38:53.0092 3808        VSS             (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe

15:38:53.0201 3808        VSS - ok

15:38:53.0295 3808        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

15:38:53.0357 3808        vwifibus - ok

15:38:53.0388 3808        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

15:38:53.0435 3808        vwififlt - ok

15:38:53.0544 3808        vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

15:38:53.0607 3808        vwifimp - ok

15:38:53.0638 3808        W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

15:38:53.0700 3808        W32Time - ok

15:38:53.0763 3808        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

15:38:53.0809 3808        WacomPen - ok

15:38:53.0919 3808        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

15:38:54.0012 3808        WANARP - ok

15:38:54.0012 3808        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys

15:38:54.0075 3808        Wanarpv6 - ok

15:38:54.0199 3808        wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys

15:38:54.0277 3808        wanatw - ok

15:38:54.0355 3808        wbengine        (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe

15:38:54.0480 3808        wbengine - ok

15:38:54.0558 3808        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

15:38:54.0605 3808        WbioSrvc - ok

15:38:54.0636 3808        wcncsvc         (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll

15:38:54.0683 3808        wcncsvc - ok

15:38:54.0699 3808        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

15:38:54.0761 3808        WcsPlugInService - ok

15:38:54.0792 3808        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

15:38:54.0823 3808        Wd - ok

15:38:54.0870 3808        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

15:38:54.0901 3808        Wdf01000 - ok

15:38:54.0948 3808        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

15:38:55.0011 3808        WdiServiceHost - ok

15:38:55.0011 3808        WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

15:38:55.0042 3808        WdiSystemHost - ok

15:38:55.0073 3808        WebClient       (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll

15:38:55.0120 3808        WebClient - ok

15:38:55.0151 3808        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

15:38:55.0229 3808        Wecsvc - ok

15:38:55.0245 3808        wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

15:38:55.0307 3808        wercplsupport - ok

15:38:55.0416 3808        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

15:38:55.0479 3808        WerSvc - ok

15:38:55.0541 3808        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

15:38:55.0603 3808        WfpLwf - ok

15:38:55.0635 3808        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

15:38:55.0650 3808        WIMMount - ok

15:38:55.0744 3808        WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

15:38:55.0837 3808        WinDefend - ok

15:38:55.0837 3808        WinHttpAutoProxySvc - ok

15:38:55.0931 3808        Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

15:38:56.0040 3808        Winmgmt - ok

15:38:56.0103 3808        WinRM           (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll

15:38:56.0243 3808        WinRM - ok

15:38:56.0368 3808        WinUsb          (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys

15:38:56.0446 3808        WinUsb - ok

15:38:56.0493 3808        WisLMSvc - ok

15:38:56.0571 3808        Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

15:38:56.0695 3808        Wlansvc - ok

15:38:56.0820 3808        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys

15:38:56.0867 3808        WmiAcpi - ok

15:38:56.0914 3808        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

15:38:57.0039 3808        wmiApSrv - ok

15:38:57.0148 3808        WMPNetworkSvc   (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe

15:38:57.0304 3808        WMPNetworkSvc - ok

15:38:57.0382 3808        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

15:38:57.0444 3808        WPCSvc - ok

15:38:57.0460 3808        WPDBusEnum      (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll

15:38:57.0522 3808        WPDBusEnum - ok

15:38:57.0585 3808        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

15:38:57.0647 3808        ws2ifsl - ok

15:38:57.0678 3808        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll

15:38:57.0772 3808        wscsvc - ok

15:38:57.0787 3808        WSearch - ok

15:38:57.0834 3808        wuauserv        (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll

15:38:57.0975 3808        wuauserv - ok

15:38:58.0084 3808        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys

15:38:58.0162 3808        WudfPf - ok

15:38:58.0287 3808        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:38:58.0365 3808        WUDFRd - ok

15:38:58.0396 3808        wudfsvc         (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll

15:38:58.0443 3808        wudfsvc - ok

15:38:58.0474 3808        WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

15:38:58.0521 3808        WwanSvc - ok

15:38:58.0552 3808        MBR (0x1B8)     (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0

15:39:01.0438 3808        \Device\Harddisk0\DR0 - ok

15:39:01.0469 3808        Boot (0x1200)   (f31dc2512ad53822a7e28369d1c5e63f) \Device\Harddisk0\DR0\Partition0

15:39:01.0469 3808        \Device\Harddisk0\DR0\Partition0 - ok

15:39:01.0485 3808        Boot (0x1200)   (880637bea931fe8c03abed6dd053f59b) \Device\Harddisk0\DR0\Partition1

15:39:01.0485 3808        \Device\Harddisk0\DR0\Partition1 - ok

15:39:01.0516 3808        Boot (0x1200)   (41300ec0d0bbc9dab6d46fb8d03c5f51) \Device\Harddisk0\DR0\Partition2

15:39:01.0516 3808        \Device\Harddisk0\DR0\Partition2 - ok

15:39:01.0516 3808        ============================================================

15:39:01.0516 3808        Scan finished

15:39:01.0516 3808        ============================================================

15:39:01.0531 3424        Detected object count: 2

15:39:01.0531 3424        Actual detected object count: 2

15:39:14.0089 3424        Installer Service ( UnsignedFile.Multi.Generic ) - skipped by user

15:39:14.0089 3424        Installer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

15:39:14.0089 3424        ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user

15:39:14.0089 3424        ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip

Gruß, Susanne

Dann bitte nochmal CF ausführen aber richtig!

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Auch das wurde von mir - jetzt hoffentlich richtig - erledigt:

Combofix Logfile:

Code:

ComboFix 12-04-11.03 - 1 11.04.2012  17:46:28.2.4 - x86

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.2935.2008 [GMT 2:00]

ausgeführt von:: c:\users\1\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-03-11 bis 2012-04-11  ))))))))))))))))))))))))))))))

.

.

2012-04-11 15:59 . 2012-04-11 15:59        --------        d-----w-        c:\users\Susanne\AppData\Local\temp

2012-04-11 15:59 . 2012-04-11 15:59        --------        d-----w-        c:\users\Raphael\AppData\Local\temp

2012-04-11 15:59 . 2012-04-11 15:59        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-04-11 15:42 . 2012-04-11 15:42        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{562EB444-82F2-4A36-B1FA-5CB3F35CAE33}\MpKslf01ea3ac.sys

2012-04-11 07:56 . 2012-03-14 02:15        6582328        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{562EB444-82F2-4A36-B1FA-5CB3F35CAE33}\mpengine.dll

2012-04-10 19:25 . 2012-04-10 19:25        --------        d-----w-        C:\_OTL

2012-04-07 13:53 . 2012-04-07 13:53        --------        d-----w-        c:\program files\ESET

2012-04-07 02:22 . 2012-04-07 02:22        --------        d-----w-        c:\program files\CCleaner

2012-04-06 14:40 . 2012-04-11 15:59        --------        d-----w-        c:\users\1\AppData\Local\temp

2012-04-06 13:53 . 2012-04-06 13:53        --------        d-----w-        c:\users\1\AppData\Roaming\Malwarebytes

2012-04-06 13:52 . 2012-04-06 13:52        --------        d-----w-        c:\programdata\Malwarebytes

2012-04-06 13:52 . 2011-12-10 13:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-04-06 13:52 . 2012-04-06 13:52        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-04-06 13:47 . 2012-04-06 13:47        --------        d-----w-        c:\program files\GPLGS

2012-04-06 13:47 . 2011-10-04 20:42        86016        ----a-w-        c:\windows\system32\custmon32i.dll

2012-04-06 13:47 . 2012-04-06 13:47        --------        d-----w-        C:\Program1

2012-04-06 13:47 . 2012-04-06 13:47        --------        d-----w-        c:\program files\FoxTabPDFCreator

2012-04-05 20:09 . 2012-04-05 20:09        --------        d-----w-        c:\users\1\AppData\Roaming\Iminent

2012-04-05 20:08 . 2012-04-05 20:08        --------        d-----w-        c:\programdata\Iminent

2012-04-05 20:08 . 2012-04-10 19:25        --------        d-----w-        c:\program files\Iminent

2012-04-05 18:25 . 2012-04-05 18:25        --------        d-----w-        c:\users\1\AppData\Roaming\AOL

2012-04-05 18:24 . 2012-04-05 18:24        --------        d-----w-        c:\programdata\Viewpoint

2012-04-05 18:24 . 2012-04-05 18:24        --------        d-----w-        c:\program files\Viewpoint

2012-04-05 18:24 . 2012-04-05 18:24        --------        d-----w-        c:\users\1\AppData\Local\AOL

2012-04-05 18:23 . 2006-11-29 22:24        33588        ----a-w-        c:\windows\system32\drivers\wanatw4.sys

2012-04-05 18:23 . 2012-04-05 18:25        --------        d-----w-        c:\program files\AOL 9.0 VR

2012-04-05 18:23 . 2012-04-05 18:25        --------        d-----w-        c:\programdata\AOL

2012-04-05 18:12 . 2012-04-10 19:25        --------        d-----w-        c:\program files\BabylonToolbar

2012-04-05 18:12 . 2012-04-06 13:47        1743        ----a-w-        C:\user.js

2012-04-05 18:12 . 2012-04-05 18:20        --------        d-----w-        c:\programdata\AOL Downloads

2012-04-05 18:04 . 2012-04-05 18:09        --------        d-----w-        C:\Medion

2012-04-05 17:57 . 2012-04-05 17:57        --------        d-----w-        c:\program files\T-Online

2012-04-05 08:29 . 2012-04-05 08:29        --------        d-----w-        c:\program files\Avira

2012-04-05 07:41 . 2012-04-05 07:42        --------        d-----w-        c:\users\Sanne

2012-04-04 11:49 . 2012-04-04 11:49        --------        d-----w-        c:\users\1\AppData\Local\Microsoft Corporation

2012-04-03 16:45 . 2012-04-03 16:45        --------        d-----w-        c:\users\Susanne\AppData\Local\Microsoft Corporation

2012-04-03 16:18 . 2012-04-03 16:18        --------        d-----w-        C:\Intel

2012-04-03 13:52 . 2012-04-07 02:22        --------        dc----w-        c:\users\1\AppData\Local\MigWiz

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-05 18:29 . 2011-12-23 09:48        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-03-14 02:15 . 2011-12-20 05:27        6582328        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-02-13 05:31 . 2012-02-13 05:32        713784        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C69D7EE-EFBD-4822-BA06-0B093B1E9B65}\gapaengine.dll

2012-01-31 12:44 . 2010-06-28 23:04        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-03-13 04:38 . 2012-04-05 20:07        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-23 9177632]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-23 1423904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-21 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-21 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-21 170008]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-11 1594664]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]

c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]

2009-02-26 15:04        2376992        ----a-w-        c:\program files\Nokia\Nokia Music\NokiaMusic.exe

.

R2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 Installer Service;Installer Service;c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{6339663B-F26F-4FE3-B813-0E1DEC4ED976}\Installer\InstallerService.exe [2011-06-15 119296]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 193056]

R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 36000]

S1 MpKslf01ea3ac;MpKslf01ea3ac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{562EB444-82F2-4A36-B1FA-5CB3F35CAE33}\MpKslf01ea3ac.sys [2012-04-11 29904]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]

S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-15 463824]

S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]

S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-03-04 67624]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-03-02 1006624]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MPKSLF01EA3AC

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

mStart Page = 

uInternet Settings,ProxyOverride = <local>

IE: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\1\AppData\Roaming\Mozilla\Firefox\Profiles\0w6fh3ay.default\

FF - prefs.js: browser.search.selectedEngine - 

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110000&tt=050412_30b

FF - user.js: extensions.BabylonToolbar_i.babExt - 

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 947725b800000000000074f06d0acfa9

FF - user.js: extensions.BabylonToolbar_i.hardId - 947725b800000000000074f06d0acfa9

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15436

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:47

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-04-11  18:01:32

ComboFix-quarantined-files.txt  2012-04-11 16:01

ComboFix2.txt  2012-04-06 14:40

.

Vor Suchlauf: 10 Verzeichnis(se), 424.581.365.760 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 424.288.468.992 Bytes frei

.

- - End Of File - - 680139E4521DB3B7887F99233CBFB006

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hallo,
also GMER ging wirklich nicht. Hier die Log-Datei von OSAM:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 08:31:58 on 12.04.2012
 

OS: Windows 7 Home Premium Edition (Build 7600), 32-bit

Default Browser: Mozilla Corporation Firefox 11.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys

"catchme" (catchme) - ? - C:\Users\1\AppData\Local\Temp\catchme.sys  (File not found)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - ? - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll  (File not found)

-----( HKLM\Software\Classes\Protocols\Handler )-----

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll

{5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - C:\Windows\system32\wuaucpl.cpl  (File not found)

{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll  (File not found)

{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll  (File not found)

{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll  (File not found)

{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll  (File not found)

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll  (File not found)

{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll  (File not found)

{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll  (File not found)

{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellVista.dll  (File not found)

{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - ? - c:\Program Files\Common Files\Corel\Shared\Shell Extension\ShellXP.dll  (File not found)

{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~1\MI8079~1\shellext.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - ? - C:\Program Files\Java\jre6\bin\jp2iexp.dll  (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - ? - C:\Program Files\Java\jre6\bin\jp2iexp.dll  (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - ? - C:\Program Files\Java\jre6\bin\npjpi160_20.dll  (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{DE9C389F-3316-41A7-809B-AA305ED9D922} "AOL Toolbar" - ? -   (File not found | COM-object registry key not found)

"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"CUSTPDF Writer Monitor x86" - ? - C:\Windows\system32\custmon32i.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

"AAV UpdateService" (AAV UpdateService) - ? - "C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe"  (File not found)

"AOL Connectivity Service" (AOL ACS) - "AOL LLC" - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE

"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE

"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - "C:\Program Files\CyberLink\Shared files\RichVideo.exe"  (File not found)

"Google Software Updater" (gusvc) - ? - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"  (File not found)

"Google Update Service (gupdate)" (gupdate) - ? - "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc  (File not found)

"Google Update-Dienst (gupdatem)" (gupdatem) - ? - "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc  (File not found)

"Installer Service" (Installer Service) - ? - C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{6339663B-F26F-4FE3-B813-0E1DEC4ED976}\Installer\InstallerService.exe  (File found, but it contains no detailed information)

"Intel(R) Management & Security Application User Notification Service" (UNS) - ? - "C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"  (File not found)

"Intel(R) Management and Security Application Local Management Service" (LMS) - ? - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe  (File not found)

"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - ? - "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"  (File not found)

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

"Protexis Licensing V2" (PSI_SVC_2) - ? - "c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"  (File not found)

"ServiceLayer" (ServiceLayer) - "Nokia." - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

"WisLMSvc" (WisLMSvc) - ? - "C:\Program Files\Launch Manager\WisLMSvc.exe"  (File not found)
 

[Winlogon]

-----( HKCU\Control Panel\Desktop )-----

"SCRNSAVE.EXE" - "ALDI SÜD" - C:\Windows\system32\MAHJON~1.SCR
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avsda.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code]

So und dann das nächste:

Code:

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-04-12 08:40:17

-----------------------------

08:40:17.674    OS Version: Windows 6.1.7600 

08:40:17.674    Number of processors: 4 586 0x2502

08:40:17.675    ComputerName: RAPHAEL-PC  UserName: 1

08:40:35.890    Initialize success

08:48:27.126    AVAST engine defs: 12041101

08:48:46.695    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

08:48:46.697    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3

08:48:46.725    Disk 0 MBR read successfully

08:48:46.728    Disk 0 MBR scan

08:48:46.739    Disk 0 unknown MBR code

08:48:46.746    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

08:48:46.763    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       434852 MB offset 206848

08:48:46.805    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 890783744

08:48:46.829    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 974669824

08:48:46.836    Disk 0 scanning sectors +976771072

08:48:46.959    Disk 0 scanning C:\Windows\system32\drivers

08:48:57.271    Service scanning

08:49:10.163    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

08:49:28.341    Modules scanning

08:49:37.275    Disk 0 trace - called modules:

08:49:37.288    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 

08:49:37.293    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d607c8]

08:49:37.298    3 CLASSPNP.SYS[8b3a959e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861b5028]

08:49:38.204    AVAST engine scan C:\Windows

08:49:40.599    AVAST engine scan C:\Windows\system32

08:52:03.564    AVAST engine scan C:\Windows\system32\drivers

08:52:20.886    AVAST engine scan C:\Users\1

08:53:19.607    AVAST engine scan C:\ProgramData

08:54:22.346    Scan finished successfully

08:55:15.499    Disk 0 MBR has been saved successfully to "C:\Users\1\Documents\MBR.dat"

08:55:15.505    The log file has been saved successfully to "C:\Users\1\Documents\aswMBR.txt"

Gruß, Susanne

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Huhu,
alles erledigt.
Hier das neue Log:

Code:

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-04-12 11:19:26

-----------------------------

11:19:26.381    OS Version: Windows 6.1.7600 

11:19:26.381    Number of processors: 4 586 0x2502

11:19:26.381    ComputerName: RAPHAEL-PC  UserName: 1

11:19:27.395    Initialize success

11:19:31.373    AVAST engine defs: 12041101

11:19:35.491    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

11:19:35.491    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3

11:19:35.523    Disk 0 MBR read successfully

11:19:35.523    Disk 0 MBR scan

11:19:35.538    Disk 0 Windows 7 default MBR code

11:19:35.554    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048

11:19:35.569    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       434852 MB offset 206848

11:19:35.601    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        40960 MB offset 890783744

11:19:35.616    Disk 0 Partition 4 00     12  Compaq diag NTFS         1026 MB offset 974669824

11:19:35.632    Disk 0 scanning sectors +976771072

11:19:35.725    Disk 0 scanning C:\Windows\system32\drivers

11:19:47.425    Service scanning

11:20:03.259    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

11:20:19.811    Modules scanning

11:20:30.045    Disk 0 trace - called modules:

11:20:30.060    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 

11:20:30.076    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d62030]

11:20:30.076    3 CLASSPNP.SYS[8b59e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861b5028]

11:20:31.246    AVAST engine scan C:\Windows

11:20:34.132    AVAST engine scan C:\Windows\system32

11:23:15.935    AVAST engine scan C:\Windows\system32\drivers

11:23:49.538    AVAST engine scan C:\Users\1

11:26:17.208    AVAST engine scan C:\ProgramData

11:27:35.021    Scan finished successfully

11:31:01.939    Disk 0 MBR has been saved successfully to "C:\Users\1\Documents\MBR.dat"

11:31:01.955    The log file has been saved successfully to "C:\Users\1\Documents\aswMBR1.txt"

und nun?? :confused:

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hi,
auch das habe ich nun gemacht:

Code:

 SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 04/12/2012 at 05:43 PM
 

Application Version : 5.0.1146
 

Core Rules Database Version : 8445

Trace Rules Database Version: 6257
 

Scan type       : Complete Scan

Total Scan Time : 01:25:52
 

Operating System Information

Windows 7 Home Premium 32-bit (Build 6.01.7600)

UAC On - Limited User
 

Memory items scanned      : 547

Memory threats detected   : 0

Registry items scanned    : 35254

Registry threats detected : 5

File items scanned        : 172031

File threats detected     : 204
 

Adware.Tracking Cookie

        C:\Users\1\AppData\Roaming\Microsoft\Windows\Cookies\1@apmebf[1].txt [ /apmebf ]

        C:\Users\1\AppData\Roaming\Microsoft\Windows\Cookies\1@de.at.atwola[1].txt [ /de.at.atwola ]

        C:\Users\1\AppData\Roaming\Microsoft\Windows\Cookies\1@fastclick[2].txt [ /fastclick ]

        C:\Users\1\AppData\Roaming\Microsoft\Windows\Cookies\1@mediaplex[2].txt [ /mediaplex ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\susanne@mediaplex[1].txt [ Cookie:susanne@mediaplex.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\susanne@apmebf[2].txt [ Cookie:susanne@apmebf.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@c.atdmt[2].txt [ Cookie:susanne@c.atdmt.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@collective-media[1].txt [ Cookie:susanne@collective-media.net/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@ad4.adfarm1.adition[1].txt [ Cookie:susanne@ad4.adfarm1.adition.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@adfarm1.adition[1].txt [ Cookie:susanne@adfarm1.adition.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@smartadserver[1].txt [ Cookie:susanne@smartadserver.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@invitemedia[2].txt [ Cookie:susanne@invitemedia.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@lfstmedia[1].txt [ Cookie:susanne@lfstmedia.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@eas.apm.emediate[1].txt [ Cookie:susanne@eas.apm.emediate.eu/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@ad2.adfarm1.adition[1].txt [ Cookie:susanne@ad2.adfarm1.adition.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@ad.zanox[2].txt [ Cookie:susanne@ad.zanox.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@unitymedia[2].txt [ Cookie:susanne@unitymedia.de/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@yieldmanager[1].txt [ Cookie:susanne@yieldmanager.net/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@adtech[2].txt [ Cookie:susanne@adtech.de/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@tracking.mindshare[1].txt [ Cookie:susanne@tracking.mindshare.de/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@mediaplex[1].txt [ Cookie:susanne@mediaplex.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@tradedoubler[1].txt [ Cookie:susanne@tradedoubler.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@doubleclick[1].txt [ Cookie:susanne@doubleclick.net/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@tracking.quisma[1].txt [ Cookie:susanne@tracking.quisma.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@imrworldwide[2].txt [ Cookie:susanne@imrworldwide.com/cgi-bin ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@clkads[3].txt [ Cookie:susanne@clkads.com/adServe/banners ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@webmasterplan[2].txt [ Cookie:susanne@webmasterplan.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@ad.dyntracker[1].txt [ Cookie:susanne@ad.dyntracker.de/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@apmebf[1].txt [ Cookie:susanne@apmebf.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@media6degrees[1].txt [ Cookie:susanne@media6degrees.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@adform[1].txt [ Cookie:susanne@adform.net/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@ad3.adfarm1.adition[1].txt [ Cookie:susanne@ad3.adfarm1.adition.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@ad1.adfarm1.adition[1].txt [ Cookie:susanne@ad1.adfarm1.adition.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@im.banner.t-online[2].txt [ Cookie:susanne@im.banner.t-online.de/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@a.revenuemax[1].txt [ Cookie:susanne@a.revenuemax.de/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@revsci[2].txt [ Cookie:susanne@revsci.net/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@urbia.wwe-media[2].txt [ Cookie:susanne@urbia.wwe-media.de/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@lucidmedia[1].txt [ Cookie:susanne@lucidmedia.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@www.googleadservices[1].txt [ Cookie:susanne@www.googleadservices.com/pagead/conversion/1071490405/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@server.adform[1].txt [ Cookie:susanne@server.adform.net/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@serving-sys[1].txt [ Cookie:susanne@serving-sys.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@media.gan-online[1].txt [ Cookie:susanne@media.gan-online.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@zanox-affiliate[1].txt [ Cookie:susanne@zanox-affiliate.de/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@xiti[1].txt [ Cookie:susanne@xiti.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@ad.yieldmanager[1].txt [ Cookie:susanne@ad.yieldmanager.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@bs.serving-sys[1].txt [ Cookie:susanne@bs.serving-sys.com/ ]

        C:\USERS\SUSANNE\AppData\Roaming\Microsoft\Windows\Cookies\Low\susanne@statse.webtrendslive[2].txt [ Cookie:susanne@statse.webtrendslive.com/ ]

        C:\USERS\SUSANNE\Cookies\susanne@mediaplex[1].txt [ Cookie:susanne@mediaplex.com/ ]

        C:\USERS\SUSANNE\Cookies\susanne@apmebf[2].txt [ Cookie:susanne@apmebf.com/ ]

        .apmebf.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        data.coremetrics.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .atdmt.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        youradserver.me [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        youradserver.me [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        youradserver.me [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .statcounter.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .de.at.atwola.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        eas.apm.emediate.eu [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ww251.smartadserver.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adtech.de [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .im.banner.t-online.de [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .fastclick.net [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .clickfuse.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .tracking.mindshare.de [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .a.revenuemax.de [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .lfstmedia.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .lfstmedia.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        tracking.quisma.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ad3.adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .advertising.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .smartadserver.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        www.googleadservices.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.de [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .unitymedia.de [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .tracking.quisma.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .zanox.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .webmasterplan.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .mediaplex.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ad4.adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        ad2.adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .adfarm1.adition.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .serving-sys.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .lfstmedia.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .lfstmedia.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .lfstmedia.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        .lfstmedia.com [ C:\USERS\1\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W6FH3AY.DEFAULT\COOKIES.SQLITE ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@AD.360YIELD[1].TXT [ /AD.360YIELD ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@ADS.PUBMATIC[2].TXT [ /ADS.PUBMATIC ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@ZANOX[1].TXT [ /ZANOX ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@RU4[1].TXT [ /RU4 ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@ATDMT[2].TXT [ /ATDMT ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@ADVIVA[1].TXT [ /ADVIVA ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@FASTCLICK[2].TXT [ /FASTCLICK ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@TRACK.ADFORM[2].TXT [ /TRACK.ADFORM ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@TRAFFICTRACK[1].TXT [ /TRAFFICTRACK ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@DKVAG.112.2O7[1].TXT [ /DKVAG.112.2O7 ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@ADS.CREATIVE-SERVING[2].TXT [ /ADS.CREATIVE-SERVING ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\SUSANNE@AD.AD-SRV[2].TXT [ /AD.AD-SRV ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SUSANNE@ATDMT[2].TXT [ /ATDMT ]

        C:\USERS\SUSANNE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\SUSANNE@FASTCLICK[1].TXT [ /FASTCLICK ]
 

Browser Hijacker.Deskbar

        HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}

        HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid

        HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32

        HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib

        HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
 

Adware.InstallCore

        C:\USERS\1\DOWNLOADS\PDFCREATORSETUP.EXE

Auch malware habe ich über eine Stunde lang drüber laufen lassen, hab dann auch die Logdatei gespeichert, allerdings ist sie nirgendwo mehr auffindbar :-(
Einen Fund hatte er angezeigt....

Werden eigentlich die Programme wieder laufen, die nur als Verknüpfung noch angezeigt werden oder sind die verloren?

Gruß Susanne

Die Logs sind alle in Malwarebytes im Reiter Logdateien

Zitat:

Werden eigentlich die Programme wieder laufen, die nur als Verknüpfung noch angezeigt werden oder sind die verloren?

Ich weiß immer noch nicht was du für Verknüpfungen meinst und wo diese sein sollen

Hallo,

also, ich versuche es verständlich zu erklären: Auf dem Desktop sind - bei verschiedenen installierten Programmen - doch Verknüpfungen, die man mit Doppelklick öffnen kann. Simples Beispiel: CC Cleaner. Dieses "C" auf dem Desktop, das man doppelt anklickt und schwups, Programm öffnet sich. An dieser Stelle findet sich nicht mehr das "C" sondern ein weißes Blatt, wenn man drauf klickt, kommt dann diese Fehlermeldung: "Das Element, auf das sich die Verknüpfung bezieht, wurde verändert oder verschoben".
Dies ist bei den meisten Programmen so. Unter anderem das selbe auch bei dem internet-explorer. Auch über Start-Programme lassen sich die Programme nicht mehr öffnen. Auch der ie nicht mehr.
Konnte man das jetzt verstehen??? :crazy:

Ich habe unter den logfiles nachgesehen. Der von heute befindet sich dort nicht. Soll ich ihn noch mal drüber laufen lassen?

Gruß und danke für den Versuch, meine Beschreibung zu verstehen:abklatsch:

Ach jetzt versteh ich endlich was du meinst :D

Dieser Schilderung zu Folge kann das eigentlich nur zwei Ursachen haben

1. Die Verknüpfung wurde manipuliert#
2. das Programmverzeichnis wurde verändert oder gelöscht

Sind denn die genannten Programm noch über die Verknüpfungen im Startmenü unter alle Programme zu öffnen oder geht's da auch nicht?

Endlich versteht mich einer ...:party:

Über das Menü Start-Programme lassen sie sich auch nicht öffnen. Auch dann kommt diese Fehlermeldung.
Allerdings bin ich die einzige an dem PC und ich habe weder was verändert noch verschoben...
Morgens ging alles noch normal und Mittags war dann alles weg.

Und? Kann man da was retten?? :wtf:

Gruß, Susanne (die schon von logfiles träumt :zunge:)

Mach mal einen Rechtsklick auf eine Verknüpfung die ins Leere geht => Eigenschaften
Poste den Pfad der als Ziel eingetragen ist

Schau auch mal nach, ob der Ordner C:\Programme bzw. C:\Program Files noch gefüllt ist und du da die Ordner deiner installierten Programme siehst

Also hier ein Beispiel: Ist ein Kinderspiel, dessen Pfad lautet so: "C:\Program Files\Baumaschinen Simulator 2011\Baumaschinen Simulator.exe"

Oder z.B. google chrome lautet so: "C:\Program Files\Google\Chrome\Application\chrome.exe"

Unter c: Programme bzw. program files finde ich sie auch nicht mehr :-( .....

... internet explorer ist auch komplett verschwunden.

Ich schmeiß das Ding in die Tonne!!!

Dann wurden die Ordner entweder gelöscht, verschoben oder umbenannt :balla:
Vllt findest du durch eine Suche die Ordner wieder. Wenn nicht, ja dann wirds wohl in einer Neuinstallation enden, wer weiß was da noch alles fehlt :balla:

mmh, dann muss ich ihn doch in die Tonne kicken... Schade eigentlich :-(

Aber trotzdem vielen Dank für die nette Hilfe. War ja nicht ganz einfach mit mir ;-)

Gruß, Susanne

In Zukunft einfach mal an regelmäßigen Backups denken. Da gibt es genug tolle Programme, da kann man sich einfach mal ein Image der gesamten Platte bzw. der Systempartitition erstellen.