Trojaner-Board - http://www.searchqu.com/406

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - http://www.searchqu.com/406 (https://www.trojaner-board.de/105002-http-www-searchqu-com-406-a.html)

http://www.searchqu.com/406

Hallo,

ich habe seit ein paar Tagen das oben genannte Problem, dass hxxp://www.searchqu.com/406 statt Google Chrome als Startseite angezeigt wird.

Ich kenne mich nicht gut mit Computern aus und hoffe, dass ich alles richtig befolgt habe.

Vielen Dank vorab schon mal für Eure Mühe!

Neon

Code:

OTL logfile created on: 10.11.2011 15:48:47 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = E:\

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,75 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 59,77% Memory free

7,57 Gb Paging File | 6,57 Gb Available in Paging File | 86,83% Paging File free

Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 146,49 Gb Total Space | 81,12 Gb Free Space | 55,37% Space Free | Partition Type: NTFS

Drive E: | 97,65 Gb Total Space | 68,46 Gb Free Space | 70,10% Space Free | Partition Type: NTFS

Drive F: | 160,16 Gb Total Space | 84,18 Gb Free Space | 52,56% Space Free | Partition Type: NTFS

Drive G: | 61,46 Gb Total Space | 21,66 Gb Free Space | 35,24% Space Free | Partition Type: NTFS

 

Computer Name: LULU-PC | User Name: lulu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.11.10 15:36:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe

PRC - [2011.11.02 11:07:18 | 001,694,096 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe

PRC - [2011.10.17 18:18:23 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- E:\SuperAnti Spyware\SUPERAntiSpyware.exe

PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- E:\SuperAnti Spyware\SASCore.exe

PRC - [2011.08.02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe

PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe

PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2011.03.30 08:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2010.06.29 14:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE

PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.18 22:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2006.10.05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.11.10 15:32:49 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2011.11.10 15:32:49 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2011.11.08 08:16:33 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2011.11.08 08:16:33 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2007.01.18 22:54:48 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- E:\SuperAnti Spyware\SASCORE.EXE -- (!SASCORE)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006.10.05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.11.10 15:31:10 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24C6437D-1BAE-426C-AE81-AA012B33468B}\MpKsl3d205333.sys -- (MpKsl3d205333)

DRV - [2011.09.23 10:45:19 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\SuperAnti Spyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\SuperAnti Spyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2011.03.24 09:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)

DRV - [2011.03.24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2009.12.17 15:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007.01.18 23:03:24 | 002,314,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006.11.28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 5D 5E 8C 3B 3B CC 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="

FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lulu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lulu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.05 15:34:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011.11.07 22:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lulu\AppData\Roaming\mozilla\Extensions

[2011.11.07 22:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lulu\AppData\Roaming\mozilla\Firefox\Profiles\7vns9mm9.default\extensions

[2011.11.07 22:08:58 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\lulu\AppData\Roaming\mozilla\Firefox\Profiles\7vns9mm9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2011.11.07 22:08:50 | 000,002,519 | ---- | M] () -- C:\Users\lulu\AppData\Roaming\Mozilla\Firefox\Profiles\7vns9mm9.default\searchplugins\SearchResults.xml

[2011.11.07 22:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.07.05 18:52:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.07.05 18:52:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.07.05 14:29:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.06.16 05:33:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.11.07 22:08:50 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\lulu\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\lulu\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\lulu\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Users\lulu\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2011.09.25 20:43:49 | 000,000,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1                   activate.adobe.com

O1 - Hosts: 127.0.0.1                   practivate.adobe.com

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKCU..\Run: [SUPERAntiSpyware] E:\SuperAnti Spyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B660F5D-83F7-4B4A-8007-DF1856FEBF0C}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C48D1866-6407-480C-BBD8-58D0C8FC0237}: DhcpNameServer = 192.168.178.1

O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (E:\SuperAnti Spyware\SASWINLO.DLL) - E:\SuperAnti Spyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: F:\***\Leben\2011\Trampolin be Mms Abiball\IMG_9655.JPG

O24 - Desktop BackupWallPaper: F:\***\Leben\2011\Trampolin be Mms Abiball\IMG_9655.JPG

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\SuperAnti Spyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\Shell - "" = AutoRun

O33 - MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.11.08 08:16:15 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Roaming\SUPERAntiSpyware.com

[2011.11.08 08:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011.11.08 08:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011.11.08 08:14:53 | 000,000,000 | ---D | C] -- C:\Users\lulu\Neuer Ordner

[2011.11.08 08:11:40 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Roaming\Malwarebytes

[2011.11.08 08:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.11.08 08:11:23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.11.07 22:12:46 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\Ilivid Player

[2011.11.07 22:09:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}

[2011.11.07 22:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid

[2011.11.07 22:07:45 | 000,000,000 | ---D | C] -- C:\Users\lulu\Ilivid Youtube

[2011.11.07 22:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid

[2011.11.07 22:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2011.11.07 22:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar

[2011.11.07 22:05:51 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\PackageAware

[2011.11.06 17:51:53 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Film

[2011.11.06 17:35:51 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Papiere die ich ständig benötige

[2011.11.05 13:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst

[2011.11.05 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\downloads

[2011.11.05 08:03:36 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\*** Fotos

[2011.10.31 10:11:45 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Gedanken

[2011.10.24 22:23:28 | 000,000,000 | ---D | C] -- C:\Users\lulu\Documents\ICQ

[2011.10.23 14:41:12 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Schauspiel Unis

[2011.10.23 12:00:44 | 000,000,000 | RH-D | C] -- C:\Users\lulu\AppData\Roaming\SecuROM

[2011.10.23 11:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2011.10.23 11:12:01 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Roaming\Origin

[2011.10.23 11:11:59 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\Origin

[2011.10.23 11:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

[2011.10.23 11:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games

[2011.10.23 11:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2011.10.23 11:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Origin

[2011.10.21 08:09:06 | 000,000,000 | ---D | C] -- C:\Users\lulu\Documents\GameFools

[2011.10.18 10:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2011.10.18 10:40:32 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\MLS2

[2011.10.17 19:23:02 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Origami

[2011.10.17 16:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Games

[2011.10.14 21:29:41 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe

[2011.10.14 08:33:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.10.14 08:33:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.10.14 08:33:22 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.10.14 08:33:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.10.14 08:33:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.10.13 21:38:45 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll

[2011.10.13 21:38:45 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax

[2011.10.13 21:38:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax

[2011.10.13 21:38:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax

[2011.10.13 21:38:43 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.10.13 21:38:31 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll

[2011.10.13 21:38:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.11.10 15:35:24 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.11.10 15:35:24 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.11.10 15:35:24 | 000,127,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.11.10 15:35:24 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.11.10 15:31:13 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.11.10 15:31:13 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.11.10 15:31:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.11.10 15:30:43 | 1877,131,264 | -HS- | M] () -- C:\hiberfil.sys

[2011.11.10 15:10:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962186711-3762864419-1631889991-1000UA.job

[2011.11.09 05:23:13 | 000,022,537 | ---- | M] () -- C:\Users\lulu\Desktop\Breitz Notizen.odt

[2011.11.09 04:45:08 | 001,134,426 | ---- | M] () -- C:\Users\lulu\Desktop\Candice Breitz.odp

[2011.11.08 23:26:15 | 000,010,923 | ---- | M] () -- C:\Users\lulu\Desktop\teufel_pakt_fluch.gif

[2011.11.08 23:23:40 | 000,582,392 | ---- | M] () -- C:\Users\lulu\Desktop\Brunnenvergiftung.jpg

[2011.11.08 22:10:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962186711-3762864419-1631889991-1000Core.job

[2011.11.08 21:40:13 | 000,743,593 | ---- | M] () -- C:\Users\lulu\Desktop\Juden.odt

[2011.11.08 10:02:35 | 000,112,658 | ---- | M] () -- C:\Users\lulu\Desktop\Versuch_Kugelschanze_Kurz.pdf

[2011.11.08 08:15:27 | 000,000,660 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.11.07 22:19:26 | 000,012,288 | ---- | M] () -- C:\Users\lulu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.11.07 22:09:21 | 000,000,535 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk

[2011.11.07 19:25:36 | 000,486,942 | ---- | M] () -- C:\Users\lulu\Desktop\Einleitungsskript.pdf

[2011.11.07 19:25:24 | 000,046,325 | ---- | M] () -- C:\Users\lulu\Desktop\Deixis 1 (Märländer, Person, Thierfelder).pdf

[2011.11.07 19:25:14 | 000,137,274 | ---- | M] () -- C:\Users\lulu\Desktop\print.pdf

[2011.11.06 17:50:05 | 000,891,567 | ---- | M] () -- C:\Users\lulu\Desktop\IMG_0879.jpg

[2011.11.06 17:49:00 | 000,950,024 | ---- | M] () -- C:\Users\lulu\Desktop\DSC_7833.jpg

[2011.11.06 17:48:11 | 001,255,049 | ---- | M] () -- C:\Users\lulu\Desktop\DSC_8312.jpg

[2011.11.06 17:47:58 | 001,510,198 | ---- | M] () -- C:\Users\lulu\Desktop\DSC_8349.jpg

[2011.11.06 17:47:23 | 001,670,767 | ---- | M] () -- C:\Users\lulu\Desktop\*** (278 von 996).jpg

[2011.11.06 17:47:08 | 003,037,418 | ---- | M] () -- C:\Users\lulu\Desktop\*** (342 von 996).jpg

[2011.11.06 17:46:51 | 001,688,215 | ---- | M] () -- C:\Users\lulu\Desktop\*** (511 von 996).jpg

[2011.11.06 17:46:37 | 002,944,042 | ---- | M] () -- C:\Users\lulu\Desktop\*** (565 von 996).jpg

[2011.11.06 17:46:11 | 001,905,957 | ---- | M] () -- C:\Users\lulu\Desktop\*** (607 von 996).jpg

[2011.11.06 17:45:27 | 001,590,358 | ---- | M] () -- C:\Users\lulu\Desktop\*** (755 von 996).jpg

[2011.11.06 17:16:09 | 000,145,744 | ---- | M] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642 (1).jpg

[2011.11.06 17:16:01 | 000,145,744 | ---- | M] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642.jpg

[2011.11.05 18:31:14 | 000,000,734 | ---- | M] () -- C:\Users\lulu\Desktop\81F.gif

[2011.11.05 18:31:14 | 000,000,642 | ---- | M] () -- C:\Users\lulu\Desktop\B60.gif

[2011.11.05 18:31:14 | 000,000,108 | ---- | M] () -- C:\Users\lulu\Desktop\4B0.gif

[2011.11.05 17:21:01 | 000,019,146 | ---- | M] () -- C:\Users\lulu\Desktop\Unbenannt 1.odt

[2011.11.05 14:41:48 | 001,111,474 | ---- | M] () -- C:\Users\lulu\Desktop\LogikundKonversation.pdf

[2011.11.05 10:20:34 | 022,367,754 | ---- | M] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (5).zip

[2011.11.05 10:19:57 | 009,608,300 | ---- | M] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (4).zip

[2011.11.05 10:19:33 | 005,665,181 | ---- | M] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (3).zip

[2011.11.05 10:19:03 | 005,500,573 | ---- | M] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (2).zip

[2011.11.05 10:18:44 | 003,878,787 | ---- | M] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (1).zip

[2011.11.05 10:18:12 | 021,771,789 | ---- | M] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5.zip

[2011.11.05 08:51:20 | 005,022,579 | ---- | M] () -- C:\Users\lulu\Desktop\IMG_7909.JPG

[2011.11.05 08:51:18 | 005,210,022 | ---- | M] () -- C:\Users\lulu\Desktop\IMG_7936.JPG

[2011.11.05 08:49:46 | 000,069,388 | ---- | M] () -- C:\Users\lulu\Desktop\b5ce6e8d4b79a34af84fbc3faba4325b126918436983383475.jpg

[2011.11.05 08:49:36 | 000,100,344 | ---- | M] () -- C:\Users\lulu\Desktop\121323692dbb6cda80ee739653d5e699126908570715175424.jpg

[2011.11.05 08:49:16 | 000,063,129 | ---- | M] () -- C:\Users\lulu\Desktop\b244136bb8dff16d43ce9f81aebeadc3126933148078562750.jpg

[2011.11.05 08:48:50 | 000,113,617 | ---- | M] () -- C:\Users\lulu\Desktop\e0165e55f75d9eca73e02503b1d4d45c127006316943486172.jpg

[2011.11.05 08:46:41 | 000,151,791 | ---- | M] () -- C:\Users\lulu\Desktop\f85bb052d8934eccf1f5fd81fd378f63129339342012131702.jpg

[2011.11.05 08:46:19 | 000,094,876 | ---- | M] () -- C:\Users\lulu\Desktop\9ab20919f4ceab2f353dafb77a643b32127124482953425653.jpg

[2011.11.05 08:46:15 | 000,142,035 | ---- | M] () -- C:\Users\lulu\Desktop\b2ad0541f378835d9f507a43f3f0daf0127006355916485132.jpg

[2011.11.05 08:46:10 | 000,159,426 | ---- | M] () -- C:\Users\lulu\Desktop\075f9c815579baed160304d76fc780a7128709169438097924.jpg

[2011.11.05 08:45:50 | 000,084,944 | ---- | M] () -- C:\Users\lulu\Desktop\150e3ddf598ba7cc414427535ec4827e127133340786705684.jpg

[2011.11.04 22:53:19 | 000,210,025 | ---- | M] () -- C:\Users\lulu\Desktop\ansp-2.jpg

[2011.11.04 22:51:49 | 000,132,037 | ---- | M] () -- C:\Users\lulu\Desktop\anba.jpg

[2011.11.04 20:45:14 | 000,000,806 | ---- | M] () -- C:\Users\lulu\Desktop\Die Sims 3 - Verknüpfung.lnk

[2011.11.03 10:51:48 | 000,097,151 | ---- | M] () -- C:\Users\lulu\Desktop\wasp.pdf

[2011.11.02 23:35:25 | 000,036,730 | ---- | M] () -- C:\Users\lulu\Desktop\OpenDocument Text (neu).odt

[2011.10.23 17:56:45 | 000,279,295 | ---- | M] () -- C:\Users\lulu\Desktop\Fotografie Studieren.rtf

[2011.10.17 19:52:59 | 000,025,852 | ---- | M] () -- C:\Users\lulu\Desktop\Böll - Ansichten eines Clowns.odt

[2011.10.14 21:40:35 | 000,099,781 | ---- | M] () -- C:\Windows\War3Unin.dat

[2011.10.14 21:33:17 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe

[2011.10.14 21:33:17 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif

[2011.10.14 12:57:44 | 003,614,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

 
 ========== Files Created - No Company Name ==========

 

[2011.11.09 04:51:40 | 000,022,537 | ---- | C] () -- C:\Users\lulu\Desktop\Breitz Notizen.odt

[2011.11.09 03:05:19 | 001,134,426 | ---- | C] () -- C:\Users\lulu\Desktop\Candice Breitz.odp

[2011.11.08 23:26:17 | 000,010,923 | ---- | C] () -- C:\Users\lulu\Desktop\teufel_pakt_fluch.gif

[2011.11.08 23:23:51 | 000,582,392 | ---- | C] () -- C:\Users\lulu\Desktop\Brunnenvergiftung.jpg

[2011.11.08 10:02:40 | 000,112,658 | ---- | C] () -- C:\Users\lulu\Desktop\Versuch_Kugelschanze_Kurz.pdf

[2011.11.08 08:15:27 | 000,000,660 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.11.07 22:09:21 | 000,000,535 | ---- | C] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk

[2011.11.07 21:39:35 | 000,743,593 | ---- | C] () -- C:\Users\lulu\Desktop\Juden.odt

[2011.11.07 19:25:39 | 000,486,942 | ---- | C] () -- C:\Users\lulu\Desktop\Einleitungsskript.pdf

[2011.11.07 19:25:27 | 000,046,325 | ---- | C] () -- C:\Users\lulu\Desktop\Deixis 1 (Märländer, Person, Thierfelder).pdf

[2011.11.07 19:25:18 | 000,137,274 | ---- | C] () -- C:\Users\lulu\Desktop\print.pdf

[2011.11.06 17:50:04 | 000,891,567 | ---- | C] () -- C:\Users\lulu\Desktop\IMG_0879.jpg

[2011.11.06 17:48:57 | 000,950,024 | ---- | C] () -- C:\Users\lulu\Desktop\DSC_7833.jpg

[2011.11.06 17:48:08 | 001,255,049 | ---- | C] () -- C:\Users\lulu\Desktop\DSC_8312.jpg

[2011.11.06 17:47:55 | 001,510,198 | ---- | C] () -- C:\Users\lulu\Desktop\DSC_8349.jpg

[2011.11.06 17:47:21 | 001,670,767 | ---- | C] () -- C:\Users\lulu\Desktop\*** (278 von 996).jpg

[2011.11.06 17:47:06 | 003,037,418 | ---- | C] () -- C:\Users\lulu\Desktop\*** (342 von 996).jpg

[2011.11.06 17:46:49 | 001,688,215 | ---- | C] () -- C:\Users\lulu\Desktop\*** (511 von 996).jpg

[2011.11.06 17:46:35 | 002,944,042 | ---- | C] () -- C:\Users\lulu\Desktop\*** (565 von 996).jpg

[2011.11.06 17:46:07 | 001,905,957 | ---- | C] () -- C:\Users\lulu\Desktop\*** (607 von 996).jpg

[2011.11.06 17:45:25 | 001,590,358 | ---- | C] () -- C:\Users\lulu\Desktop\*** (755 von 996).jpg

[2011.11.06 17:16:10 | 000,145,744 | ---- | C] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642 (1).jpg

[2011.11.06 17:16:04 | 000,145,744 | ---- | C] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642.jpg

[2011.11.05 19:31:37 | 000,000,734 | ---- | C] () -- C:\Users\lulu\Desktop\81F.gif

[2011.11.05 19:31:37 | 000,000,642 | ---- | C] () -- C:\Users\lulu\Desktop\B60.gif

[2011.11.05 19:31:37 | 000,000,108 | ---- | C] () -- C:\Users\lulu\Desktop\4B0.gif

[2011.11.05 17:20:59 | 000,019,146 | ---- | C] () -- C:\Users\lulu\Desktop\Unbenannt 1.odt

[2011.11.05 14:41:51 | 001,111,474 | ---- | C] () -- C:\Users\lulu\Desktop\LogikundKonversation.pdf

[2011.11.05 10:20:20 | 022,367,754 | ---- | C] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (5).zip

[2011.11.05 10:19:47 | 009,608,300 | ---- | C] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (4).zip

[2011.11.05 10:19:27 | 005,665,181 | ---- | C] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (3).zip

[2011.11.05 10:18:58 | 005,500,573 | ---- | C] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (2).zip

[2011.11.05 10:18:40 | 003,878,787 | ---- | C] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (1).zip

[2011.11.05 10:17:58 | 021,771,789 | ---- | C] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5.zip

[2011.11.05 09:53:38 | 005,022,579 | ---- | C] () -- C:\Users\lulu\Desktop\IMG_7909.JPG

[2011.11.05 09:53:37 | 005,210,022 | ---- | C] () -- C:\Users\lulu\Desktop\IMG_7936.JPG

[2011.11.05 08:49:47 | 000,069,388 | ---- | C] () -- C:\Users\lulu\Desktop\b5ce6e8d4b79a34af84fbc3faba4325b126918436983383475.jpg

[2011.11.05 08:49:37 | 000,100,344 | ---- | C] () -- C:\Users\lulu\Desktop\121323692dbb6cda80ee739653d5e699126908570715175424.jpg

[2011.11.05 08:49:17 | 000,063,129 | ---- | C] () -- C:\Users\lulu\Desktop\b244136bb8dff16d43ce9f81aebeadc3126933148078562750.jpg

[2011.11.05 08:48:51 | 000,113,617 | ---- | C] () -- C:\Users\lulu\Desktop\e0165e55f75d9eca73e02503b1d4d45c127006316943486172.jpg

[2011.11.05 08:46:42 | 000,151,791 | ---- | C] () -- C:\Users\lulu\Desktop\f85bb052d8934eccf1f5fd81fd378f63129339342012131702.jpg

[2011.11.05 08:46:20 | 000,094,876 | ---- | C] () -- C:\Users\lulu\Desktop\9ab20919f4ceab2f353dafb77a643b32127124482953425653.jpg

[2011.11.05 08:46:16 | 000,142,035 | ---- | C] () -- C:\Users\lulu\Desktop\b2ad0541f378835d9f507a43f3f0daf0127006355916485132.jpg

[2011.11.05 08:46:11 | 000,159,426 | ---- | C] () -- C:\Users\lulu\Desktop\075f9c815579baed160304d76fc780a7128709169438097924.jpg

[2011.11.05 08:45:56 | 000,084,944 | ---- | C] () -- C:\Users\lulu\Desktop\150e3ddf598ba7cc414427535ec4827e127133340786705684.jpg

[2011.11.05 08:04:50 | 001,039,024 | ---- | C] () -- C:\Users\lulu\Desktop\*** (23 von 996).jpg

[2011.11.04 22:53:20 | 000,210,025 | ---- | C] () -- C:\Users\lulu\Desktop\ansp-2.jpg

[2011.11.04 22:51:54 | 000,132,037 | ---- | C] () -- C:\Users\lulu\Desktop\anba.jpg

[2011.11.04 20:45:14 | 000,000,806 | ---- | C] () -- C:\Users\lulu\Desktop\Die Sims 3 - Verknüpfung.lnk

[2011.11.03 10:51:54 | 000,097,151 | ---- | C] () -- C:\Users\lulu\Desktop\wasp.pdf

[2011.11.03 00:13:26 | 000,066,459 | ---- | C] () -- C:\Users\lulu\Desktop\AB-Kirchner-Selbstbildnis.pdf

[2011.11.03 00:13:26 | 000,029,630 | ---- | C] () -- C:\Users\lulu\Desktop\AB-Entartete Kunst.rtf

[2011.11.02 21:58:19 | 000,036,730 | ---- | C] () -- C:\Users\lulu\Desktop\OpenDocument Text (neu).odt

[2011.10.23 17:06:13 | 000,279,295 | ---- | C] () -- C:\Users\lulu\Desktop\Fotografie Studieren.rtf

[2011.10.17 19:47:02 | 000,025,852 | ---- | C] () -- C:\Users\lulu\Desktop\Böll - Ansichten eines Clowns.odt

[2011.10.14 21:29:41 | 000,099,781 | ---- | C] () -- C:\Windows\War3Unin.dat

[2011.10.14 21:29:41 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif

[2011.07.08 20:00:10 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll

[2011.07.08 20:00:09 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe

[2011.07.08 20:00:09 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe

[2011.07.08 20:00:09 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys

[2011.07.08 20:00:09 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys

[2011.07.05 18:56:00 | 000,012,288 | ---- | C] () -- C:\Users\lulu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.05 17:12:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011.07.05 17:12:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011.07.05 17:12:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011.07.05 11:35:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2010.01.13 11:42:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll

[2006.11.02 16:33:31 | 000,630,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 16:33:31 | 000,127,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 003,614,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 

< End of report >

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hi Arne,

vielen Dank für die schnelle Antwort!

Ich bin nun ziemlich sicher, woher dieses Searchqu kommt. Eine Kommilitonin von mir hat das nämlich auch; wir haben uns eine Software auf Verweis unserer Dozentin heruntergeladen. Da diese es empfohlen hat, habe ich nicht daran gedacht, dass die Software illegal sein könnte und habe mich auch nicht darüber informiert. Das Programm heißt ilivid. Ich habe es gestern deinstalliert.

Code:

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=cb65bb72bd9a8347af0012ec674c99b0

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-12 05:31:39

# local_time=2011-11-12 06:31:39 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 11232053 158648221 0 0

# compatibility_mode=8192 67108863 100 0 27638 27638 0 0

# scanned=134788

# found=0

# cleaned=0

# scan_time=3605

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=cb65bb72bd9a8347af0012ec674c99b0

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-12 07:01:34

# local_time=2011-11-12 08:01:34 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 11240680 158656848 0 0

# compatibility_mode=8192 67108863 100 0 36265 36265 0 0

# scanned=14453

# found=0

# cleaned=0

# scan_time=374

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=cb65bb72bd9a8347af0012ec674c99b0

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-12 09:17:05

# local_time=2011-11-12 10:17:05 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 11241121 158657289 0 0

# compatibility_mode=8192 67108863 100 0 36706 36706 0 0

# scanned=187926

# found=0

# cleaned=0

# scan_time=8063

ESETSmartInstaller@High as downloader log:

all ok

esets_scanner_update returned -1 esets_gle=53251

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=cb65bb72bd9a8347af0012ec674c99b0

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-13 06:28:43

# local_time=2011-11-13 07:28:43 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1031

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=5892 16776574 100 100 11264141 158680309 0 0

# compatibility_mode=8192 67108863 100 0 59726 59726 0 0

# scanned=253981

# found=0

# cleaned=0

# scan_time=18141

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Code:

OTL logfile created on: 15.11.2011 16:39:19 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = E:\

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,75 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,04% Memory free

7,57 Gb Paging File | 6,68 Gb Available in Paging File | 88,25% Paging File free

Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 146,49 Gb Total Space | 81,12 Gb Free Space | 55,38% Space Free | Partition Type: NTFS

Drive E: | 97,65 Gb Total Space | 68,49 Gb Free Space | 70,14% Space Free | Partition Type: NTFS

Drive F: | 160,16 Gb Total Space | 79,30 Gb Free Space | 49,51% Space Free | Partition Type: NTFS

Drive G: | 61,46 Gb Total Space | 21,86 Gb Free Space | 35,56% Space Free | Partition Type: NTFS

 

Computer Name: LULU-PC | User Name: lulu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.11.10 15:36:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe

PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- E:\SuperAnti Spyware\SASCore.exe

PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe

PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010.06.29 14:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE

PRC - [2009.04.10 22:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE

PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008.01.18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2006.10.05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- E:\SuperAnti Spyware\SASCORE.EXE -- (!SASCORE)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2006.10.05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.11.15 16:34:04 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37E5BD1E-5618-4953-8F7D-5212E802D1BD}\MpKsl5ad63156.sys -- (MpKsl5ad63156)

DRV - [2011.09.23 10:45:19 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\SuperAnti Spyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\SuperAnti Spyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2011.03.24 09:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)

DRV - [2011.03.24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2009.12.17 15:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007.01.18 23:03:24 | 002,314,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006.11.28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 5D 5E 8C 3B 3B CC 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="

 

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lulu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lulu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.05 15:34:29 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2011.11.12 08:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lulu\AppData\Roaming\mozilla\Extensions

[2011.11.12 08:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lulu\AppData\Roaming\mozilla\Firefox\Profiles\7vns9mm9.default\extensions

[2011.11.07 22:08:50 | 000,002,519 | ---- | M] () -- C:\Users\lulu\AppData\Roaming\Mozilla\Firefox\Profiles\7vns9mm9.default\searchplugins\SearchResults.xml

[2011.11.12 08:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.07.05 18:52:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.07.05 18:52:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.07.05 14:29:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011.06.16 05:33:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.11.07 22:08:50 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}

CHR - default_search_provider: suggest_url = 

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\lulu\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\lulu\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\lulu\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Users\lulu\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

 

O1 HOSTS File: ([2011.09.25 20:43:49 | 000,000,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1                   activate.adobe.com

O1 - Hosts: 127.0.0.1                   practivate.adobe.com

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKCU..\Run: [SUPERAntiSpyware] E:\SuperAnti Spyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B660F5D-83F7-4B4A-8007-DF1856FEBF0C}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C48D1866-6407-480C-BBD8-58D0C8FC0237}: DhcpNameServer = 192.168.178.1

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (E:\SuperAnti Spyware\SASWINLO.DLL) - E:\SuperAnti Spyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: F:\***\Leben\2011\Trampolin be Mms Abiball\IMG_9655.JPG

O24 - Desktop BackupWallPaper: F:\***\Leben\2011\Trampolin be Mms Abiball\IMG_9655.JPG

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\SuperAnti Spyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\Shell - "" = AutoRun

O33 - MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: !SASCORE - E:\SuperAnti Spyware\SASCORE.EXE (SUPERAntiSpyware.com)

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: !SASCORE - E:\SuperAnti Spyware\SASCORE.EXE (SUPERAntiSpyware.com)

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.11.12 10:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.11.11 13:13:00 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Trojanerboard

[2011.11.08 08:16:15 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Roaming\SUPERAntiSpyware.com

[2011.11.08 08:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2011.11.08 08:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011.11.08 08:14:53 | 000,000,000 | ---D | C] -- C:\Users\lulu\Neuer Ordner

[2011.11.08 08:11:40 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Roaming\Malwarebytes

[2011.11.08 08:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.11.08 08:11:23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.11.07 22:12:46 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\Ilivid Player

[2011.11.07 22:07:45 | 000,000,000 | ---D | C] -- C:\Users\lulu\Ilivid Youtube

[2011.11.07 22:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid

[2011.11.07 22:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2011.11.07 22:05:51 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\PackageAware

[2011.11.06 17:51:53 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Film

[2011.11.06 17:35:51 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Papiere die ich ständig benötige

[2011.11.05 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\downloads

[2011.11.05 08:03:36 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\*** Fotos

[2011.10.31 10:11:45 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Gedanken

[2011.10.24 22:23:28 | 000,000,000 | ---D | C] -- C:\Users\lulu\Documents\ICQ

[2011.10.23 14:41:12 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Schauspiel Unis

[2011.10.23 12:00:44 | 000,000,000 | RH-D | C] -- C:\Users\lulu\AppData\Roaming\SecuROM

[2011.10.23 11:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2011.10.23 11:12:01 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Roaming\Origin

[2011.10.23 11:11:59 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\Origin

[2011.10.23 11:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

[2011.10.23 11:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games

[2011.10.23 11:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2011.10.23 11:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Origin

[2011.10.18 10:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2011.10.18 10:40:32 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\MLS2

[2011.10.17 19:23:02 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Origami
 
 
 ========== Files - Modified Within 30 Days ==========

 

[2011.11.15 16:40:03 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.11.15 16:40:03 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.11.15 16:40:03 | 000,127,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.11.15 16:40:03 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.11.15 16:34:05 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.11.15 16:34:05 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.11.15 16:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.11.15 16:33:55 | 1877,131,264 | -HS- | M] () -- C:\hiberfil.sys

[2011.11.14 10:10:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962186711-3762864419-1631889991-1000UA.job

[2011.11.14 08:44:51 | 016,993,239 | ---- | M] () -- C:\Users\lulu\Desktop\kunsterziehung im nationalsozialismus.odp

[2011.11.14 08:39:26 | 000,028,161 | ---- | M] () -- C:\Users\lulu\Desktop\T Teil Ns-Zeit.odt

[2011.11.13 22:44:43 | 000,021,909 | ---- | M] () -- C:\Users\lulu\Documents\Deutsche Kultur.odt

[2011.11.13 22:10:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962186711-3762864419-1631889991-1000Core.job

[2011.11.13 20:46:44 | 000,378,970 | ---- | M] () -- C:\Users\lulu\Desktop\11522657.jpg

[2011.11.13 20:46:41 | 000,118,184 | ---- | M] () -- C:\Users\lulu\Desktop\Alte_Pinakothek.jpg

[2011.11.13 20:21:09 | 000,043,546 | ---- | M] () -- C:\Users\lulu\Desktop\Wikis NS.odt

[2011.11.13 20:19:08 | 000,402,842 | ---- | M] () -- C:\Users\lulu\Desktop\berufsbeamtentum_33.jpg

[2011.11.13 01:29:24 | 000,038,758 | ---- | M] () -- C:\Users\lulu\Documents\Fotografie Selbststudium.odt

[2011.11.13 01:24:06 | 000,019,949 | ---- | M] () -- C:\Users\lulu\Desktop\Polaroid Lochkamera basteln.odt

[2011.11.13 01:15:11 | 000,040,792 | ---- | M] () -- C:\Users\lulu\Desktop\Lochkamera.odt

[2011.11.13 00:56:07 | 000,081,906 | ---- | M] () -- C:\Users\lulu\Desktop\Foucault_AndereRaeume.pdf

[2011.11.09 05:23:13 | 000,022,537 | ---- | M] () -- C:\Users\lulu\Desktop\Breitz Notizen.odt

[2011.11.09 04:45:08 | 001,134,426 | ---- | M] () -- C:\Users\lulu\Desktop\Candice Breitz.odp

[2011.11.08 23:26:15 | 000,010,923 | ---- | M] () -- C:\Users\lulu\Desktop\teufel_pakt_fluch.gif

[2011.11.08 23:23:40 | 000,582,392 | ---- | M] () -- C:\Users\lulu\Desktop\Brunnenvergiftung.jpg

[2011.11.08 21:40:13 | 000,743,593 | ---- | M] () -- C:\Users\lulu\Desktop\Juden.odt

[2011.11.08 10:02:35 | 000,112,658 | ---- | M] () -- C:\Users\lulu\Desktop\Versuch_Kugelschanze_Kurz.pdf

[2011.11.08 08:15:27 | 000,000,660 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.11.07 22:19:26 | 000,012,288 | ---- | M] () -- C:\Users\lulu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.11.07 19:25:36 | 000,486,942 | ---- | M] () -- C:\Users\lulu\Desktop\Einleitungsskript.pdf

[2011.11.07 19:25:24 | 000,046,325 | ---- | M] () -- C:\Users\lulu\Desktop\Deixis 1 (Märländer, Person, Thierfelder).pdf

[2011.11.07 19:25:14 | 000,137,274 | ---- | M] () -- C:\Users\lulu\Desktop\print.pdf

[2011.11.06 17:50:05 | 000,891,567 | ---- | M] () -- C:\Users\lulu\Desktop\IMG_0879.jpg

[2011.11.06 17:16:09 | 000,145,744 | ---- | M] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642 (1).jpg

[2011.11.06 17:16:01 | 000,145,744 | ---- | M] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642.jpg

[2011.11.05 18:31:14 | 000,000,734 | ---- | M] () -- C:\Users\lulu\Desktop\81F.gif

[2011.11.05 18:31:14 | 000,000,642 | ---- | M] () -- C:\Users\lulu\Desktop\B60.gif

[2011.11.05 18:31:14 | 000,000,108 | ---- | M] () -- C:\Users\lulu\Desktop\4B0.gif

[2011.11.05 17:21:01 | 000,019,146 | ---- | M] () -- C:\Users\lulu\Desktop\Unbenannt 1.odt

[2011.11.05 14:41:48 | 001,111,474 | ---- | M] () -- C:\Users\lulu\Desktop\LogikundKonversation.pdf

[2011.11.04 22:53:19 | 000,210,025 | ---- | M] () -- C:\Users\lulu\Desktop\ansp-2.jpg

[2011.11.04 22:51:49 | 000,132,037 | ---- | M] () -- C:\Users\lulu\Desktop\anba.jpg

[2011.11.04 20:45:14 | 000,000,806 | ---- | M] () -- C:\Users\lulu\Desktop\Die Sims 3 - Verknüpfung.lnk

[2011.11.03 10:51:48 | 000,097,151 | ---- | M] () -- C:\Users\lulu\Desktop\wasp.pdf

[2011.11.02 23:35:25 | 000,036,730 | ---- | M] () -- C:\Users\lulu\Desktop\OpenDocument Text (neu).odt

[2011.10.23 17:56:45 | 000,279,295 | ---- | M] () -- C:\Users\lulu\Desktop\Fotografie Studieren.rtf

[2011.10.17 19:52:59 | 000,025,852 | ---- | M] () -- C:\Users\lulu\Desktop\Böll - Ansichten eines Clowns.odt

 
 ========== Files Created - No Company Name ==========

 

[2011.11.13 22:44:41 | 000,021,909 | ---- | C] () -- C:\Users\lulu\Documents\Deutsche Kultur.odt

[2011.11.13 20:46:45 | 000,378,970 | ---- | C] () -- C:\Users\lulu\Desktop\11522657.jpg

[2011.11.13 20:46:42 | 000,118,184 | ---- | C] () -- C:\Users\lulu\Desktop\Alte_Pinakothek.jpg

[2011.11.13 20:21:07 | 000,043,546 | ---- | C] () -- C:\Users\lulu\Desktop\Wikis NS.odt

[2011.11.13 20:19:11 | 000,402,842 | ---- | C] () -- C:\Users\lulu\Desktop\berufsbeamtentum_33.jpg

[2011.11.13 19:35:08 | 000,028,161 | ---- | C] () -- C:\Users\lulu\Desktop\T Teil Ns-Zeit.odt

[2011.11.13 01:29:21 | 000,038,758 | ---- | C] () -- C:\Users\lulu\Documents\Fotografie Selbststudium.odt

[2011.11.13 01:24:05 | 000,019,949 | ---- | C] () -- C:\Users\lulu\Desktop\Polaroid Lochkamera basteln.odt

[2011.11.13 01:15:08 | 000,040,792 | ---- | C] () -- C:\Users\lulu\Desktop\Lochkamera.odt

[2011.11.13 00:56:11 | 000,081,906 | ---- | C] () -- C:\Users\lulu\Desktop\Foucault_AndereRaeume.pdf

[2011.11.12 14:38:03 | 016,993,239 | ---- | C] () -- C:\Users\lulu\Desktop\kunsterziehung im nationalsozialismus.odp

[2011.11.11 10:06:08 | 005,526,715 | ---- | C] () -- C:\Users\lulu\Desktop\Herrengarten_love_page.jpg

[2011.11.11 10:06:08 | 003,479,711 | ---- | C] () -- C:\Users\lulu\Desktop\Waldliebes_und_sunita tributepage.jpg

[2011.11.11 10:06:08 | 002,257,163 | ---- | C] () -- C:\Users\lulu\Desktop\sunitatribute.jpg

[2011.11.11 10:06:08 | 000,831,654 | ---- | C] () -- C:\Users\lulu\Desktop\sunita_partey_allnight_usa_small.jpg

[2011.11.09 04:51:40 | 000,022,537 | ---- | C] () -- C:\Users\lulu\Desktop\Breitz Notizen.odt

[2011.11.09 03:05:19 | 001,134,426 | ---- | C] () -- C:\Users\lulu\Desktop\Candice Breitz.odp

[2011.11.08 23:26:17 | 000,010,923 | ---- | C] () -- C:\Users\lulu\Desktop\teufel_pakt_fluch.gif

[2011.11.08 23:23:51 | 000,582,392 | ---- | C] () -- C:\Users\lulu\Desktop\Brunnenvergiftung.jpg

[2011.11.08 10:02:40 | 000,112,658 | ---- | C] () -- C:\Users\lulu\Desktop\Versuch_Kugelschanze_Kurz.pdf

[2011.11.08 08:15:27 | 000,000,660 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2011.11.07 21:39:35 | 000,743,593 | ---- | C] () -- C:\Users\lulu\Desktop\Juden.odt

[2011.11.07 19:25:39 | 000,486,942 | ---- | C] () -- C:\Users\lulu\Desktop\Einleitungsskript.pdf

[2011.11.07 19:25:27 | 000,046,325 | ---- | C] () -- C:\Users\lulu\Desktop\Deixis 1 (Märländer, Person, Thierfelder).pdf

[2011.11.07 19:25:18 | 000,137,274 | ---- | C] () -- C:\Users\lulu\Desktop\print.pdf

[2011.11.06 17:50:04 | 000,891,567 | ---- | C] () -- C:\Users\lulu\Desktop\IMG_0879.jpg

[2011.11.06 17:16:10 | 000,145,744 | ---- | C] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642 (1).jpg

[2011.11.06 17:16:04 | 000,145,744 | ---- | C] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642.jpg

[2011.11.05 19:31:37 | 000,000,734 | ---- | C] () -- C:\Users\lulu\Desktop\81F.gif

[2011.11.05 19:31:37 | 000,000,642 | ---- | C] () -- C:\Users\lulu\Desktop\B60.gif

[2011.11.05 19:31:37 | 000,000,108 | ---- | C] () -- C:\Users\lulu\Desktop\4B0.gif

[2011.11.05 17:20:59 | 000,019,146 | ---- | C] () -- C:\Users\lulu\Desktop\Unbenannt 1.odt

[2011.11.05 14:41:51 | 001,111,474 | ---- | C] () -- C:\Users\lulu\Desktop\LogikundKonversation.pdf

[2011.11.04 22:53:20 | 000,210,025 | ---- | C] () -- C:\Users\lulu\Desktop\ansp-2.jpg

[2011.11.04 22:51:54 | 000,132,037 | ---- | C] () -- C:\Users\lulu\Desktop\anba.jpg

[2011.11.04 20:45:14 | 000,000,806 | ---- | C] () -- C:\Users\lulu\Desktop\Die Sims 3 - Verknüpfung.lnk

[2011.11.03 10:51:54 | 000,097,151 | ---- | C] () -- C:\Users\lulu\Desktop\wasp.pdf

[2011.11.03 00:13:26 | 000,066,459 | ---- | C] () -- C:\Users\lulu\Desktop\AB-Kirchner-Selbstbildnis.pdf

[2011.11.03 00:13:26 | 000,029,630 | ---- | C] () -- C:\Users\lulu\Desktop\AB-Entartete Kunst.rtf

[2011.11.02 21:58:19 | 000,036,730 | ---- | C] () -- C:\Users\lulu\Desktop\OpenDocument Text (neu).odt

[2011.10.23 17:06:13 | 000,279,295 | ---- | C] () -- C:\Users\lulu\Desktop\Fotografie Studieren.rtf

[2011.10.17 19:47:02 | 000,025,852 | ---- | C] () -- C:\Users\lulu\Desktop\Böll - Ansichten eines Clowns.odt

[2011.07.08 20:00:10 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll

[2011.07.08 20:00:09 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe

[2011.07.08 20:00:09 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe

[2011.07.08 20:00:09 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys

[2011.07.08 20:00:09 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys

[2011.07.05 18:56:00 | 000,012,288 | ---- | C] () -- C:\Users\lulu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.07.05 17:12:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2011.07.05 17:12:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2011.07.05 17:12:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2011.07.05 11:35:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2010.01.13 11:42:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll

[2006.11.02 16:33:31 | 000,630,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2006.11.02 16:33:31 | 000,127,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:47:37 | 003,614,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

 
 ========== LOP Check ==========

 

[2011.10.14 09:17:46 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Be a King 2

[2011.08.01 08:16:25 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011.07.31 15:54:58 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011.09.23 10:46:03 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\DAEMON Tools Lite

[2011.11.10 10:28:33 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Dropbox

[2011.08.09 10:56:42 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Gamelab

[2011.11.13 23:40:01 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\ICQ

[2011.07.08 22:10:52 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\IrfanView

[2011.07.05 18:48:52 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\LibreOffice

[2011.10.23 11:12:38 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Origin

[2011.07.31 14:05:02 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\PhotoScape

[2011.11.14 10:15:17 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.11.06 17:50:33 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Adobe

[2011.08.01 08:16:25 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011.07.31 15:54:58 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011.09.23 10:46:03 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\DAEMON Tools Lite

[2011.11.10 10:28:33 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Dropbox

[2011.11.13 23:40:01 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\ICQ

[2011.07.05 11:46:35 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Identities

[2011.07.08 22:10:52 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\IrfanView

[2011.07.05 18:48:52 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\LibreOffice

[2011.07.08 21:49:38 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Macromedia

[2011.11.08 08:11:40 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Malwarebytes

[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Media Center Programs

[2011.08.24 17:28:19 | 000,000,000 | --SD | M] -- C:\Users\lulu\AppData\Roaming\Microsoft

[2011.07.05 15:34:44 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Mozilla

[2011.07.31 14:05:02 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\PhotoScape

[2011.10.23 12:00:44 | 000,000,000 | RH-D | M] -- C:\Users\lulu\AppData\Roaming\SecuROM

[2011.11.11 17:00:01 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Skype

[2011.11.08 08:16:15 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\SUPERAntiSpyware.com

[2011.09.30 02:28:16 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\vlc

[2011.09.23 10:37:07 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\lulu\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\lulu\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2011.07.31 15:53:52 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\lulu\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2011.08.24 17:28:19 | 000,010,134 | R--- | M] () -- C:\Users\lulu\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2008.01.18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2007.01.03 12:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys

[2007.01.03 12:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys

[2007.01.03 12:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys

[2008.01.19 06:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2011.07.05 14:30:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys

[2011.07.05 14:30:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys

[2008.01.19 05:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[2011.07.05 14:30:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2008.01.18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll

[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

[2008.01.18 22:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

[2008.01.18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2008.01.18 22:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2007.02.15 05:05:25 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\SoftwareDistribution\Download\15884d02a70b05388dbf592ea5ae20b8\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2011.07.05 12:51:01 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll

[2007.02.15 05:06:38 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\SoftwareDistribution\Download\15884d02a70b05388dbf592ea5ae20b8\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2011.07.05 12:51:01 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll

[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2008.01.18 22:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll

[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008.01.18 22:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.18 22:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[2008.01.18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys

[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

[2008.01.18 20:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.18 20:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys

 
 < %systemroot%\System32\config\*.sav >

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 5D 5E 8C 3B 3B CC 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - prefs.js..browser.search.defaultenginename: "Search Results"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "Search Results"

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="

[2011.11.07 22:08:50 | 000,002,519 | ---- | M] () -- C:\Users\lulu\AppData\Roaming\Mozilla\Firefox\Profiles\7vns9mm9.default\searchplugins\SearchResults.xml

[2011.11.07 22:08:50 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}

CHR - default_search_provider: suggest_url =

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\Shell - "" = AutoRun

O33 - MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Okay.

Code:

All processes killed

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

Prefs.js: "Search Results" removed from browser.search.defaultenginename

Prefs.js: "Search Results" removed from browser.search.order.1

Prefs.js: "Search Results" removed from browser.search.selectedEngine

Prefs.js: "www.google.de" removed from browser.startup.homepage

Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=" removed from keyword.URL

C:\Users\lulu\AppData\Roaming\Mozilla\Firefox\Profiles\7vns9mm9.default\searchplugins\SearchResults.xml moved successfully.

C:\Programme\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

Unable to fix default_search_provider items.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{771a1e4e-e73d-11e0-8651-0013779e54ae}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{771a1e4e-e73d-11e0-8651-0013779e54ae}\ not found.

File K:\LaunchU3.exe -a not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56468 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: lulu

->Temp folder emptied: 11332731 bytes

->Temporary Internet Files folder emptied: 3752070 bytes

->Java cache emptied: 7527272 bytes

->FireFox cache emptied: 43365788 bytes

->Google Chrome cache emptied: 8475860 bytes

->Flash cache emptied: 57045 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 12916 bytes

RecycleBin emptied: 334874627 bytes

 

Total Files Cleaned = 391,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 11182011_152234
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Ich habe jetzt dann noch mal die Startseite bei Google geändert. Das hat davor nicht funktioniert, aber nach Deinem Code und der Umstellung scheint es zu funktionieren. Jedenfalls erscheint die Searchqu-seite nicht mehr.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hi Arne,

Code:

23:42:47.0320 2188        TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

23:42:48.0272 2188        ============================================================

23:42:48.0272 2188        Current date / time: 2011/11/26 23:42:48.0272

23:42:48.0272 2188        SystemInfo:

23:42:48.0272 2188        

23:42:48.0272 2188        OS Version: 6.0.6002 ServicePack: 2.0

23:42:48.0272 2188        Product type: Workstation

23:42:48.0272 2188        ComputerName: LULU-PC

23:42:48.0272 2188        UserName: lulu

23:42:48.0272 2188        Windows directory: C:\Windows

23:42:48.0272 2188        System windows directory: C:\Windows

23:42:48.0272 2188        Processor architecture: Intel x86

23:42:48.0272 2188        Number of processors: 2

23:42:48.0272 2188        Page size: 0x1000

23:42:48.0272 2188        Boot type: Normal boot

23:42:48.0272 2188        ============================================================

23:42:53.0529 2188        Initialize success

23:44:42.0105 4168        ============================================================

23:44:42.0105 4168        Scan started

23:44:42.0105 4168        Mode: Manual; SigCheck; TDLFS; 

23:44:42.0105 4168        ============================================================

23:44:43.0067 4168        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

23:44:44.0184 4168        ACPI - ok

23:44:44.0808 4168        adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

23:44:45.0198 4168        adp94xx - ok

23:44:45.0791 4168        adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

23:44:45.0994 4168        adpahci - ok

23:44:46.0368 4168        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

23:44:46.0758 4168        adpu160m - ok

23:44:47.0055 4168        adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

23:44:47.0195 4168        adpu320 - ok

23:44:47.0585 4168        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

23:44:47.0835 4168        AFD - ok

23:44:48.0615 4168        AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys

23:44:49.0176 4168        AgereSoftModem - ok

23:44:49.0504 4168        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

23:44:49.0613 4168        agp440 - ok

23:44:49.0987 4168        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

23:44:50.0065 4168        aic78xx - ok

23:44:50.0253 4168        aliide          (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys

23:44:50.0331 4168        aliide - ok

23:44:50.0518 4168        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

23:44:50.0580 4168        amdagp - ok

23:44:50.0799 4168        amdide          (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys

23:44:50.0814 4168        amdide - ok

23:44:50.0939 4168        AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

23:44:51.0157 4168        AmdK7 - ok

23:44:51.0501 4168        AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

23:44:51.0657 4168        AmdK8 - ok

23:44:52.0015 4168        arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

23:44:52.0062 4168        arc - ok

23:44:52.0249 4168        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

23:44:52.0359 4168        arcsas - ok

23:44:52.0608 4168        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

23:44:52.0998 4168        AsyncMac - ok

23:44:53.0326 4168        atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

23:44:53.0404 4168        atapi - ok

23:44:53.0825 4168        athr            (f32fee7cb2ee32c1f808409bc8019701) C:\Windows\system32\DRIVERS\athr.sys

23:44:54.0043 4168        athr - ok

23:44:54.0340 4168        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

23:44:54.0480 4168        Beep - ok

23:44:54.0823 4168        BHDrvx86        (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111114.002\BHDrvx86.sys

23:44:55.0416 4168        BHDrvx86 - ok

23:44:55.0713 4168        blbdrive - ok

23:44:55.0822 4168        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

23:44:55.0947 4168        bowser - ok

23:44:56.0259 4168        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

23:44:56.0493 4168        BrFiltLo - ok

23:44:56.0758 4168        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

23:44:56.0929 4168        BrFiltUp - ok

23:44:57.0054 4168        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

23:44:57.0273 4168        Brserid - ok

23:44:57.0413 4168        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

23:44:57.0600 4168        BrSerWdm - ok

23:44:57.0772 4168        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

23:44:57.0865 4168        BrUsbMdm - ok

23:44:57.0959 4168        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

23:44:58.0037 4168        BrUsbSer - ok

23:44:58.0146 4168        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

23:44:58.0240 4168        BTHMODEM - ok

23:44:58.0552 4168        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

23:44:58.0677 4168        cdfs - ok

23:44:58.0817 4168        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

23:44:58.0911 4168        cdrom - ok

23:44:59.0004 4168        circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

23:44:59.0176 4168        circlass - ok

23:44:59.0441 4168        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

23:44:59.0597 4168        CLFS - ok

23:44:59.0784 4168        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

23:44:59.0925 4168        CmBatt - ok

23:45:00.0049 4168        cmdide          (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys

23:45:00.0127 4168        cmdide - ok

23:45:00.0252 4168        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

23:45:00.0315 4168        Compbatt - ok

23:45:00.0408 4168        crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

23:45:00.0455 4168        crcdisk - ok

23:45:00.0564 4168        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

23:45:00.0689 4168        Crusoe - ok

23:45:00.0798 4168        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

23:45:00.0876 4168        DfsC - ok

23:45:01.0017 4168        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

23:45:01.0063 4168        disk - ok

23:45:01.0204 4168        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

23:45:01.0282 4168        drmkaud - ok

23:45:01.0438 4168        dtsoftbus01     (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

23:45:01.0703 4168        dtsoftbus01 - ok

23:45:01.0828 4168        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

23:45:01.0906 4168        DXGKrnl - ok

23:45:02.0046 4168        E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

23:45:02.0233 4168        E1G60 - ok

23:45:02.0421 4168        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

23:45:02.0499 4168        Ecache - ok

23:45:02.0670 4168        eeCtrl          (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

23:45:02.0779 4168        eeCtrl - ok

23:45:03.0029 4168        elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

23:45:03.0091 4168        elxstor - ok

23:45:03.0201 4168        epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys

23:45:03.0263 4168        epmntdrv ( UnsignedFile.Multi.Generic ) - warning

23:45:03.0263 4168        epmntdrv - detected UnsignedFile.Multi.Generic (1)

23:45:03.0403 4168        EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

23:45:03.0513 4168        EraserUtilRebootDrv - ok

23:45:03.0731 4168        EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys

23:45:03.0840 4168        EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning

23:45:03.0840 4168        EuGdiDrv - detected UnsignedFile.Multi.Generic (1)

23:45:04.0105 4168        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

23:45:04.0246 4168        exfat - ok

23:45:04.0355 4168        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

23:45:04.0464 4168        fastfat - ok

23:45:04.0573 4168        fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

23:45:04.0714 4168        fdc - ok

23:45:04.0823 4168        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

23:45:04.0854 4168        FileInfo - ok

23:45:04.0979 4168        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

23:45:05.0026 4168        Filetrace - ok

23:45:05.0135 4168        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

23:45:05.0213 4168        flpydisk - ok

23:45:05.0322 4168        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

23:45:05.0369 4168        FltMgr - ok

23:45:05.0509 4168        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

23:45:05.0587 4168        Fs_Rec - ok

23:45:05.0697 4168        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

23:45:05.0743 4168        gagp30kx - ok

23:45:05.0884 4168        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys

23:45:05.0993 4168        HdAudAddService - ok

23:45:06.0133 4168        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

23:45:06.0321 4168        HDAudBus - ok

23:45:06.0445 4168        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

23:45:06.0633 4168        HidBth - ok

23:45:06.0648 4168        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

23:45:06.0851 4168        HidIr - ok

23:45:07.0054 4168        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

23:45:07.0179 4168        HidUsb - ok

23:45:07.0319 4168        HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

23:45:07.0381 4168        HpCISSs - ok

23:45:07.0537 4168        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

23:45:07.0725 4168        HTTP - ok

23:45:07.0834 4168        i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

23:45:07.0896 4168        i2omp - ok

23:45:08.0021 4168        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

23:45:08.0130 4168        i8042prt - ok

23:45:08.0286 4168        iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

23:45:08.0364 4168        iaStorV - ok

23:45:08.0707 4168        IDSVix86        (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111124.030\IDSvix86.sys

23:45:08.0863 4168        IDSVix86 - ok

23:45:09.0113 4168        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

23:45:09.0191 4168        iirsp - ok

23:45:09.0347 4168        intelide        (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys

23:45:09.0409 4168        intelide - ok

23:45:09.0519 4168        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

23:45:09.0643 4168        intelppm - ok

23:45:09.0784 4168        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:45:09.0909 4168        IpFilterDriver - ok

23:45:10.0033 4168        IpInIp - ok

23:45:10.0845 4168        IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

23:45:11.0032 4168        IPMIDRV - ok

23:45:11.0266 4168        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

23:45:11.0391 4168        IPNAT - ok

23:45:11.0547 4168        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

23:45:11.0656 4168        IRENUM - ok

23:45:11.0781 4168        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

23:45:11.0843 4168        isapnp - ok

23:45:12.0015 4168        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

23:45:12.0108 4168        iScsiPrt - ok

23:45:12.0233 4168        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

23:45:12.0280 4168        iteatapi - ok

23:45:12.0420 4168        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

23:45:12.0576 4168        iteraid - ok

23:45:12.0795 4168        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

23:45:12.0904 4168        kbdclass - ok

23:45:13.0044 4168        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

23:45:13.0200 4168        kbdhid - ok

23:45:13.0465 4168        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

23:45:13.0575 4168        KSecDD - ok

23:45:13.0715 4168        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

23:45:13.0855 4168        lltdio - ok

23:45:14.0027 4168        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

23:45:14.0074 4168        LSI_FC - ok

23:45:14.0214 4168        LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

23:45:14.0245 4168        LSI_SAS - ok

23:45:14.0370 4168        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

23:45:14.0417 4168        LSI_SCSI - ok

23:45:14.0511 4168        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

23:45:14.0604 4168        luafv - ok

23:45:14.0713 4168        megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

23:45:14.0745 4168        megasas - ok

23:45:14.0916 4168        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

23:45:15.0010 4168        Modem - ok

23:45:15.0150 4168        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

23:45:15.0244 4168        monitor - ok

23:45:15.0369 4168        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

23:45:15.0447 4168        mouclass - ok

23:45:15.0556 4168        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

23:45:15.0649 4168        mouhid - ok

23:45:15.0790 4168        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

23:45:15.0868 4168        MountMgr - ok

23:45:15.0993 4168        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys

23:45:16.0164 4168        MpFilter - ok

23:45:16.0289 4168        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

23:45:16.0445 4168        mpio - ok

23:45:16.0679 4168        MpKsl004649b7   (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AAA4005-C791-4859-8ACC-73D9D84E62BC}\MpKsl004649b7.sys

23:45:16.0757 4168        MpKsl004649b7 - ok

23:45:16.0851 4168        MpKsl33d3ab3a - ok

23:45:16.0897 4168        MpKslb105bf05 - ok

23:45:17.0147 4168        MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys

23:45:17.0225 4168        MpNWMon - ok

23:45:17.0334 4168        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

23:45:17.0428 4168        mpsdrv - ok

23:45:17.0553 4168        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

23:45:17.0615 4168        Mraid35x - ok

23:45:17.0771 4168        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

23:45:17.0896 4168        MRxDAV - ok

23:45:18.0021 4168        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

23:45:18.0145 4168        mrxsmb - ok

23:45:18.0270 4168        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:45:18.0395 4168        mrxsmb10 - ok

23:45:18.0551 4168        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:45:18.0645 4168        mrxsmb20 - ok

23:45:18.0769 4168        msahci          (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys

23:45:18.0816 4168        msahci - ok

23:45:18.0925 4168        msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

23:45:18.0988 4168        msdsm - ok

23:45:19.0128 4168        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

23:45:19.0237 4168        Msfs - ok

23:45:19.0347 4168        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

23:45:19.0425 4168        msisadrv - ok

23:45:19.0830 4168        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

23:45:20.0049 4168        MSKSSRV - ok

23:45:20.0329 4168        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

23:45:20.0470 4168        MSPCLOCK - ok

23:45:20.0610 4168        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

23:45:20.0719 4168        MSPQM - ok

23:45:20.0891 4168        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

23:45:20.0985 4168        MsRPC - ok

23:45:21.0141 4168        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

23:45:21.0203 4168        mssmbios - ok

23:45:21.0312 4168        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

23:45:21.0406 4168        MSTEE - ok

23:45:21.0531 4168        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

23:45:21.0562 4168        Mup - ok

23:45:21.0718 4168        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

23:45:21.0749 4168        NativeWifiP - ok

23:45:22.0155 4168        NAVENG          (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20111125.033\NAVENG.SYS

23:45:22.0248 4168        NAVENG - ok

23:45:22.0857 4168        NAVEX15         (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20111125.033\NAVEX15.SYS

23:45:23.0028 4168        NAVEX15 - ok

23:45:23.0605 4168        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

23:45:23.0715 4168        NDIS - ok

23:45:23.0980 4168        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

23:45:24.0073 4168        NdisTapi - ok

23:45:24.0183 4168        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

23:45:24.0261 4168        Ndisuio - ok

23:45:24.0448 4168        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

23:45:24.0510 4168        NdisWan - ok

23:45:24.0744 4168        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

23:45:24.0807 4168        NDProxy - ok

23:45:25.0103 4168        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

23:45:25.0259 4168        NetBIOS - ok

23:45:25.0399 4168        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

23:45:25.0540 4168        netbt - ok

23:45:25.0665 4168        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

23:45:25.0711 4168        nfrd960 - ok

23:45:25.0867 4168        NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

23:45:25.0961 4168        NisDrv - ok

23:45:26.0211 4168        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

23:45:26.0320 4168        Npfs - ok

23:45:26.0476 4168        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

23:45:26.0585 4168        nsiproxy - ok

23:45:26.0881 4168        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

23:45:27.0084 4168        Ntfs - ok

23:45:27.0240 4168        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

23:45:27.0334 4168        ntrigdigi - ok

23:45:27.0443 4168        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

23:45:27.0521 4168        Null - ok

23:45:27.0739 4168        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

23:45:27.0802 4168        nvraid - ok

23:45:27.0958 4168        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

23:45:27.0989 4168        nvstor - ok

23:45:28.0114 4168        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

23:45:28.0161 4168        nv_agp - ok

23:45:28.0270 4168        NwlnkFlt - ok

23:45:28.0285 4168        NwlnkFwd - ok

23:45:28.0332 4168        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

23:45:28.0441 4168        ohci1394 - ok

23:45:28.0582 4168        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

23:45:28.0675 4168        Parport - ok

23:45:28.0800 4168        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

23:45:28.0878 4168        partmgr - ok

23:45:29.0050 4168        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

23:45:29.0221 4168        Parvdm - ok

23:45:29.0424 4168        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

23:45:29.0471 4168        pci - ok

23:45:29.0705 4168        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

23:45:29.0752 4168        pciide - ok

23:45:30.0001 4168        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

23:45:30.0048 4168        pcmcia - ok

23:45:30.0282 4168        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

23:45:30.0438 4168        PEAUTH - ok

23:45:30.0594 4168        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

23:45:30.0657 4168        PptpMiniport - ok

23:45:30.0781 4168        Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

23:45:30.0875 4168        Processor - ok

23:45:31.0015 4168        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

23:45:31.0078 4168        PSched - ok

23:45:31.0234 4168        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

23:45:31.0359 4168        ql2300 - ok

23:45:31.0483 4168        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

23:45:31.0530 4168        ql40xx - ok

23:45:31.0686 4168        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

23:45:31.0780 4168        QWAVEdrv - ok

23:45:32.0747 4168        R300            (9afa62db7f553a0f1f52c70b738b0064) C:\Windows\system32\DRIVERS\atikmdag.sys

23:45:33.0075 4168        R300 - ok

23:45:33.0402 4168        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

23:45:33.0527 4168        RasAcd - ok

23:45:33.0714 4168        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

23:45:33.0886 4168        Rasl2tp - ok

23:45:34.0042 4168        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

23:45:34.0135 4168        RasPppoe - ok

23:45:34.0245 4168        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

23:45:34.0338 4168        RasSstp - ok

23:45:34.0541 4168        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

23:45:34.0713 4168        rdbss - ok

23:45:34.0900 4168        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

23:45:35.0040 4168        RDPCDD - ok

23:45:35.0165 4168        rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

23:45:35.0352 4168        rdpdr - ok

23:45:35.0493 4168        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

23:45:35.0602 4168        RDPENCDD - ok

23:45:35.0742 4168        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

23:45:35.0836 4168        RDPWD - ok

23:45:35.0961 4168        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

23:45:36.0070 4168        rspndr - ok

23:45:36.0210 4168        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

23:45:36.0273 4168        sbp2port - ok

23:45:36.0382 4168        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

23:45:36.0522 4168        secdrv - ok

23:45:36.0631 4168        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

23:45:36.0709 4168        Serenum - ok

23:45:36.0834 4168        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

23:45:36.0959 4168        Serial - ok

23:45:37.0068 4168        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

23:45:37.0115 4168        sermouse - ok

23:45:37.0255 4168        sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys

23:45:37.0365 4168        sffdisk - ok

23:45:37.0505 4168        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys

23:45:37.0630 4168        sffp_mmc - ok

23:45:37.0739 4168        sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys

23:45:37.0879 4168        sffp_sd - ok

23:45:38.0067 4168        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

23:45:38.0191 4168        sfloppy - ok

23:45:38.0301 4168        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

23:45:38.0363 4168        sisagp - ok

23:45:38.0472 4168        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

23:45:38.0503 4168        SiSRaid2 - ok

23:45:38.0613 4168        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

23:45:38.0659 4168        SiSRaid4 - ok

23:45:38.0769 4168        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

23:45:38.0862 4168        Smb - ok

23:45:38.0987 4168        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

23:45:39.0034 4168        spldr - ok

23:45:39.0486 4168        SRTSP           (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSP.SYS

23:45:39.0689 4168        SRTSP - ok

23:45:40.0141 4168        SRTSPX          (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS

23:45:40.0313 4168        SRTSPX - ok

23:45:40.0719 4168        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

23:45:40.0890 4168        srv - ok

23:45:41.0233 4168        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

23:45:41.0389 4168        srv2 - ok

23:45:41.0779 4168        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

23:45:41.0904 4168        srvnet - ok

23:45:42.0435 4168        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

23:45:42.0559 4168        swenum - ok

23:45:42.0778 4168        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

23:45:42.0856 4168        Symc8xx - ok

23:45:43.0043 4168        SymDS           (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS

23:45:43.0152 4168        SymDS - ok

23:45:43.0542 4168        SymEFA          (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS

23:45:43.0620 4168        SymEFA - ok

23:45:43.0761 4168        SymEvent        (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS

23:45:43.0885 4168        SymEvent - ok

23:45:44.0135 4168        SymIRON         (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS

23:45:44.0244 4168        SymIRON - ok

23:45:44.0400 4168        SYMTDIv         (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS

23:45:44.0478 4168        SYMTDIv - ok

23:45:44.0603 4168        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

23:45:44.0681 4168        Sym_hi - ok

23:45:44.0915 4168        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

23:45:44.0977 4168        Sym_u3 - ok

23:45:45.0133 4168        Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys

23:45:45.0258 4168        Tcpip - ok

23:45:45.0399 4168        Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys

23:45:45.0523 4168        Tcpip6 - ok

23:45:45.0726 4168        tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys

23:45:45.0835 4168        tcpipreg - ok

23:45:45.0991 4168        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

23:45:46.0101 4168        TDPIPE - ok

23:45:46.0225 4168        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

23:45:46.0335 4168        TDTCP - ok

23:45:46.0444 4168        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

23:45:46.0569 4168        tdx - ok

23:45:46.0725 4168        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

23:45:46.0803 4168        TermDD - ok

23:45:46.0990 4168        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

23:45:47.0099 4168        tssecsrv - ok

23:45:47.0317 4168        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

23:45:47.0411 4168        tunmp - ok

23:45:47.0520 4168        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

23:45:47.0598 4168        tunnel - ok

23:45:47.0723 4168        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

23:45:47.0817 4168        uagp35 - ok

23:45:47.0973 4168        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

23:45:48.0097 4168        udfs - ok

23:45:48.0222 4168        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

23:45:48.0285 4168        uliagpkx - ok

23:45:48.0441 4168        uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

23:45:48.0519 4168        uliahci - ok

23:45:48.0612 4168        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

23:45:48.0690 4168        UlSata - ok

23:45:48.0784 4168        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

23:45:48.0877 4168        ulsata2 - ok

23:45:49.0002 4168        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

23:45:49.0096 4168        umbus - ok

23:45:49.0267 4168        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

23:45:49.0377 4168        usbccgp - ok

23:45:49.0486 4168        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

23:45:49.0642 4168        usbcir - ok

23:45:49.0782 4168        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

23:45:49.0876 4168        usbehci - ok

23:45:50.0001 4168        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

23:45:50.0125 4168        usbhub - ok

23:45:50.0266 4168        usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

23:45:50.0359 4168        usbohci - ok

23:45:50.0515 4168        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

23:45:50.0625 4168        usbprint - ok

23:45:50.0765 4168        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:45:50.0890 4168        USBSTOR - ok

23:45:50.0999 4168        usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

23:45:51.0155 4168        usbuhci - ok

23:45:51.0295 4168        vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

23:45:51.0373 4168        vga - ok

23:45:51.0483 4168        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

23:45:51.0545 4168        VgaSave - ok

23:45:51.0670 4168        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

23:45:51.0701 4168        viaagp - ok

23:45:51.0826 4168        ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

23:45:51.0951 4168        ViaC7 - ok

23:45:52.0075 4168        viaide          (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys

23:45:52.0122 4168        viaide - ok

23:45:52.0278 4168        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

23:45:52.0341 4168        volmgr - ok

23:45:52.0481 4168        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

23:45:52.0559 4168        volmgrx - ok

23:45:52.0684 4168        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

23:45:52.0777 4168        volsnap - ok

23:45:52.0918 4168        vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

23:45:53.0011 4168        vsmraid - ok

23:45:53.0105 4168        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

23:45:53.0277 4168        WacomPen - ok

23:45:53.0433 4168        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

23:45:53.0557 4168        Wanarp - ok

23:45:53.0651 4168        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

23:45:53.0745 4168        Wanarpv6 - ok

23:45:53.0854 4168        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

23:45:53.0901 4168        Wd - ok

23:45:54.0057 4168        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

23:45:54.0150 4168        Wdf01000 - ok

23:45:54.0259 4168        WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys

23:45:54.0322 4168        WmiAcpi - ok

23:45:54.0493 4168        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

23:45:54.0587 4168        WpdUsb - ok

23:45:54.0712 4168        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

23:45:54.0774 4168        ws2ifsl - ok

23:45:55.0039 4168        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

23:45:55.0180 4168        WUDFRd - ok

23:45:55.0726 4168        yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys

23:45:55.0835 4168        yukonwlh - ok

23:45:55.0882 4168        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

23:45:56.0724 4168        \Device\Harddisk0\DR0 - ok

23:45:56.0740 4168        Boot (0x1200)   (d81b54fa8103ef1e127785ad05e039d5) \Device\Harddisk0\DR0\Partition0

23:45:56.0771 4168        \Device\Harddisk0\DR0\Partition0 - ok

23:45:56.0802 4168        Boot (0x1200)   (7eb1cce2ca48c4184521fe3c6208ec3b) \Device\Harddisk0\DR0\Partition1

23:45:56.0818 4168        \Device\Harddisk0\DR0\Partition1 - ok

23:45:56.0849 4168        Boot (0x1200)   (1df9326f9917f889eb88f863c604eef3) \Device\Harddisk0\DR0\Partition2

23:45:56.0880 4168        \Device\Harddisk0\DR0\Partition2 - ok

23:45:56.0943 4168        Boot (0x1200)   (5b55816167a3691c97cea179d9bae6d0) \Device\Harddisk0\DR0\Partition3

23:45:57.0005 4168        \Device\Harddisk0\DR0\Partition3 - ok

23:45:57.0005 4168        ============================================================

23:45:57.0005 4168        Scan finished

23:45:57.0005 4168        ============================================================

23:45:57.0036 5552        Detected object count: 2

23:45:57.0036 5552        Actual detected object count: 2

23:46:11.0638 5552        epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user

23:46:11.0638 5552        epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

23:46:11.0638 5552        EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user

23:46:11.0638 5552        EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Guten Morgen, Arne.

Code:

ComboFix 11-12-01.01 - lulu 01.12.2011   9:53.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1789.860 [GMT 1:00]

ausgeführt von:: c:\users\lulu\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-01 bis 2011-12-01  ))))))))))))))))))))))))))))))

.

.

2011-12-01 09:05 . 2011-12-01 09:05        --------        d-----w-        c:\users\lulu\AppData\Local\temp

2011-12-01 09:05 . 2011-12-01 09:05        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-12-01 08:47 . 2011-12-01 08:47        --------        d-----w-        c:\programdata\SUPERSetup

2011-12-01 08:14 . 2011-12-01 08:14        28752        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43B665DA-36E7-4B3C-85A9-962753B4ABDB}\MpKslfb6b5d1d.sys

2011-12-01 08:13 . 2011-12-01 08:13        56200        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43B665DA-36E7-4B3C-85A9-962753B4ABDB}\offreg.dll

2011-11-30 18:19 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43B665DA-36E7-4B3C-85A9-962753B4ABDB}\mpengine.dll

2011-11-20 18:35 . 2011-11-20 18:35        --------        d-----w-        c:\windows\Cake Mania - To the Max

2011-11-20 10:56 . 2011-11-20 10:56        --------        d-----w-        c:\program files\Microsoft Silverlight

2011-11-18 15:33 . 2011-11-20 11:00        --------        d-----w-        c:\users\lulu\AppData\Local\CrashDumps

2011-11-15 21:57 . 2011-11-15 21:57        --------        d-----w-        c:\program files\Common Files\Java

2011-11-15 21:35 . 2011-11-17 20:35        --------        d-----w-        c:\program files\Common Files\Symantec Shared

2011-11-15 21:35 . 2011-11-15 21:35        --------        d-----w-        c:\program files\Symantec

2011-11-15 21:35 . 2011-11-15 21:35        126584        ----a-w-        c:\windows\system32\drivers\SYMEVENT.SYS

2011-11-15 21:34 . 2011-11-15 21:34        --------        d-----w-        c:\windows\system32\drivers\NIS

2011-11-15 21:34 . 2011-11-15 21:34        --------        d-----w-        c:\programdata\Norton

2011-11-15 21:30 . 2011-11-15 21:30        --------        d-----w-        c:\program files\NortonInstaller

2011-11-12 09:50 . 2011-11-12 09:50        --------        d-----w-        c:\program files\ESET

2011-11-10 09:35 . 2011-10-17 11:41        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2011-11-10 09:35 . 2011-09-20 21:02        913280        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-11-10 09:35 . 2011-09-20 13:44        31232        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys

2011-11-10 09:35 . 2011-09-30 15:57        707584        ----a-w-        c:\program files\Common Files\System\wab32.dll

2011-11-08 07:15 . 2011-11-08 07:15        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2011-11-08 07:14 . 2011-11-08 07:14        --------        d-----w-        c:\users\lulu\Neuer Ordner

2011-11-08 07:11 . 2011-11-08 07:11        --------        d-----w-        c:\users\lulu\AppData\Roaming\Malwarebytes

2011-11-08 07:11 . 2011-11-08 07:11        --------        d-----w-        c:\programdata\Malwarebytes

2011-11-08 07:11 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-11-07 21:12 . 2011-11-07 21:12        --------        d-----w-        c:\users\lulu\AppData\Local\Ilivid Player

2011-11-07 21:07 . 2011-11-07 21:07        --------        d-----w-        c:\users\lulu\Ilivid Youtube

2011-11-07 21:06 . 2011-11-07 21:06        --------        d-----w-        c:\program files\iLivid

2011-11-07 21:06 . 2011-11-08 06:35        --------        d-----w-        c:\programdata\boost_interprocess

2011-11-07 21:05 . 2011-11-07 21:05        --------        d-----w-        c:\users\lulu\AppData\Local\PackageAware

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-11 12:22 . 2011-10-11 12:22        703824        ------w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B46C6972-26B0-435F-A395-8CCBA4D568E2}\gapaengine.dll

2011-10-07 03:48 . 2011-07-08 17:49        6668624        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-10-03 04:06 . 2011-07-05 17:52        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-09-23 09:45 . 2011-09-23 09:45        232512        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys

2011-09-06 13:30 . 2011-10-13 20:38        2043392        ----a-w-        c:\windows\system32\win32k.sys

2011-06-16 04:33 . 2011-07-05 14:34        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\lulu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\lulu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12        94208        ----a-w-        c:\users\lulu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Microsoft Office.lnk - e:\microsoft office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2011-08-02 07:33        4910912        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-08-31 16:00        1047208        ----a-w-        e:\malwarebytes' anti-malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2011-08-18 15:04        17360520        ----a-r-        c:\program files\Skype\Phone\Skype.exe

.

R1 MpKsl33d3ab3a;MpKsl33d3ab3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C61B149E-EAC9-4D22-B27B-AF95BA18AEA9}\MpKsl33d3ab3a.sys [x]

R1 MpKslb105bf05;MpKslb105bf05;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06D814DF-AE72-4CFE-B742-1FCEDD6CA168}\MpKslb105bf05.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111123.001\BHDrvx86.sys [2011-11-14 819320]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-23 232512]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111130.001\IDSvix86.sys [2011-11-12 368248]

S1 MpKslfb6b5d1d;MpKslfb6b5d1d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43B665DA-36E7-4B3C-85A9-962753B4ABDB}\MpKslfb6b5d1d.sys [2011-12-01 28752]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 NIS;Norton Internet Security;e:\utilities\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-17 106104]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MPKSLFB6B5D1D

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-962186711-3762864419-1631889991-1000Core.job

- c:\users\lulu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 20:48]

.

2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-962186711-3762864419-1631889991-1000UA.job

- c:\users\lulu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 20:48]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = 

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - e:\icq\ICQ7.5\ICQ.exe

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\lulu\AppData\Roaming\Mozilla\Firefox\Profiles\7vns9mm9.default\

FF - prefs.js: browser.search.selectedEngine - 

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Toolbar-10 - (no file)

HKCU-Run-AdobeBridge - (no file)

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)

Notify-!SASWinLogon - e:\superanti spyware\SASWINLO.DLL

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-12-01 10:05

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]

"ImagePath"="\"e:\utilities\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"e:\utilities\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-962186711-3762864419-1631889991-1000\Software\SecuROM\License information*]

"datasecu"=hex:42,0f,fa,3e,e3,c2,ec,de,67,18,58,ba,00,7c,c1,25,2f,4f,4a,43,bd,

   2d,b8,70,6f,6f,88,28,6c,b2,ca,1b,a2,95,0f,c2,30,e3,34,aa,df,a2,6d,53,14,3d,\

"rkeysecu"=hex:1f,b5,12,4e,95,00,6f,bf,e8,4e,ec,55,3f,3f,76,d9

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(2732)

c:\users\lulu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

Zeit der Fertigstellung: 2011-12-01  10:09:11

ComboFix-quarantined-files.txt  2011-12-01 09:09

.

Vor Suchlauf: 7 Verzeichnis(se), 75.735.543.808 Bytes frei

Nach Suchlauf: 10 Verzeichnis(se), 75.687.325.696 Bytes frei

.

- - End Of File - - AFC43D260BF03C22F482AD0BE087AAA2

Sollte ich das Programm (Combofix) nun deinstallieren?

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Hi,

GMER:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2011-12-03 14:28:47

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM500JI rev.2AC101C4

Running: 3olsf0lh.exe; Driver: C:\Users\lulu\AppData\Local\Temp\kwtdapog.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            862DB918                       ZwAlertResumeThread

SSDT            862DB9F8                       ZwAlertThread

SSDT            862DB360                       ZwAllocateVirtualMemory

SSDT            860BA990                       ZwAlpcConnectPort

SSDT            863EBCD0                       ZwAssignProcessToJobObject

SSDT            862DCF88                       ZwCreateMutant

SSDT            862DB6D0                       ZwCreateSymbolicLinkObject

SSDT            86244318                       ZwCreateThread

SSDT            862DCFD0                       ZwDebugActiveProcess

SSDT            862DB530                       ZwDuplicateObject

SSDT            862DB180                       ZwFreeVirtualMemory

SSDT            86277CB8                       ZwImpersonateAnonymousToken

SSDT            862DB838                       ZwImpersonateThread

SSDT            85F54B38                       ZwLoadDriver

SSDT            862DB080                       ZwMapViewOfSection

SSDT            862DCEA8                       ZwOpenEvent

SSDT            86244200                       ZwOpenProcess

SSDT            862DB450                       ZwOpenProcessToken

SSDT            86277870                       ZwOpenSection

SSDT            862DB008                       ZwOpenThread

SSDT            864BA2A8                       ZwProtectVirtualMemory

SSDT            862DBAD8                       ZwResumeThread

SSDT            862DBD78                       ZwSetContextThread

SSDT            862DBE58                       ZwSetInformationProcess

SSDT            86277748                       ZwSetSystemInformation

SSDT            862DCDC8                       ZwSuspendProcess

SSDT            862DBBB8                       ZwSuspendThread

SSDT            862443F8                       ZwTerminateProcess

SSDT            862DBC98                       ZwTerminateThread

SSDT            862DBF48                       ZwUnmapViewOfSection

SSDT            862DB270                       ZwWriteVirtualMemory

SSDT            862DB778                       ZwCreateThreadEx
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 11D  81CC28A0 8 Bytes  [18, B9, 2D, 86, F8, B9, 2D, ...]

.text           ntkrnlpa.exe!KeSetEvent + 131  81CC28B4 4 Bytes  [60, B3, 2D, 86]

.text           ntkrnlpa.exe!KeSetEvent + 13D  81CC28C0 4 Bytes  [90, A9, 0B, 86]

.text           ntkrnlpa.exe!KeSetEvent + 191  81CC2914 4 Bytes  JMP C088F99A 

.text           ntkrnlpa.exe!KeSetEvent + 1F5  81CC2978 4 Bytes  [88, CF, 2D, 86]

.text           ...                            
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\tdx \Device\Tcp        SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice  \Driver\tdx \Device\Udp        SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice  \Driver\tdx \Device\RawIp      SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice  \FileSystem\fastfat \Fat       fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

aswMBR:

HTML-Code:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software

Run date: 2011-12-03 14:40:34

-----------------------------

14:40:34.136    OS Version: Windows 6.0.6002 Service Pack 2

14:40:34.136    Number of processors: 2 586 0xF0D

14:40:34.136    ComputerName: ***-PC  UserName: lulu

14:40:53.882    Initialize success

14:49:43.540    AVAST engine defs: 11120301

14:50:06.722    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

14:50:06.738    Disk 0 Vendor: SAMSUNG_HM500JI 2AC101C4 Size: 476940MB BusType: 3

14:50:08.766    Disk 0 MBR read successfully

14:50:08.766    Disk 0 MBR scan

14:50:08.781    Disk 0 Windows VISTA default MBR code

14:50:08.781    Disk 0 scanning sectors +976768065

14:50:08.859    Disk 0 scanning C:\Windows\system32\drivers

14:50:19.467    Service scanning

14:50:20.091    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

14:50:20.731    Modules scanning

14:50:25.707    Disk 0 trace - called modules:

14:50:25.738    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 

14:50:25.754    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e12578]

14:50:25.754    3 CLASSPNP.SYS[875a78b3] -> nt!IofCallDriver -> [0x83eb30a8]

14:50:25.754    5 acpi.sys[806916bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83ebb8a0]

14:50:26.206    AVAST engine scan C:\Windows

14:50:28.640    AVAST engine scan C:\Windows\system32

14:52:23.940    AVAST engine scan C:\Windows\system32\drivers

14:52:34.704    AVAST engine scan C:\Users\lulu

14:54:46.648    AVAST engine scan C:\ProgramData

14:56:37.892    Scan finished successfully

15:01:11.906    Disk 0 MBR has been saved successfully to "C:\Users\lulu\Desktop\MBR.dat"

15:01:11.906    The log file has been saved successfully to "C:\Users\lulu\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset