Trojaner-Board - Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. (https://www.trojaner-board.de/106646-sicherheitsgruenden-wurde-windowssystem-blockiert.html)

Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.

Hiho erst mal,
gestern fing ich mir einen Virus ein, der mir nach einigen Minuten des einschaltens meines Pc´s(mit Internetverbindung) den Bildschirm schwärzt und eine Nachricht anzeigt, dass mein System geblockt wird und ich bezahlen soll, damit ich wieder vollen Zugriff auf meinen Pc besitze. Nach einem Neustart ließ ich erst einmal mein Antivirenprogramm alles durchsuchen, das hatte 26 Treffer(laut programm wurden alle beseitigt). Wenn es nötig ist kann ich diese Befunde noch nachposten.
Da es nicht funktionierte und ich kurze Zeit später, wieder die Meldung erhielt, suchte ich ein bisschen im Internet und fand eure schöne Seite und hoffe, dass mir hier jemand helfen kann. Otl.exe habe ich schon benutzt.

Ich bedanke mich schonmal :)

Zitat:

Boot Mode: SafeMode

Geht auch der abgesicherte Modus mit Netzwerktreibern?

Joa das geht auch.

Ich kann soweit keine Internetverbindung vorhanden ist den Pc einwandfrei benutzen.

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

So Malwarebytes hab ich schonmal

Code:

 Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 911122104
 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385
 

21.12.2011 19:02:11

mbam-log-2011-12-21 (19-02-11).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 365508

Laufzeit: 1 Stunde(n), 7 Minute(n), 55 Sekunde(n)
 

Infizierte Speicherprozesse: 1

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 4
 

Infizierte Speicherprozesse:

c:\Users\Rene\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.Dropper) -> 2656 -> Unloaded process successfully.
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firefox.exe (Trojan.Dropper) -> Value: firefox.exe -> Quarantined and deleted successfully.
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\Rene\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\Rene\AppData\Local\Temp\0.45908092030176106.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\Rene\AppData\LocalLow\Sun\Java\deployment\cache\6.0\51\17add6f3-7d0d9c59 (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Users\Rene\downloads\xvidsetup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.

Eset hab ich dann auch fertig

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=aa715ff0734c4348ad19f99dbc13fe53

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-12-21 08:00:01

# local_time=2011-12-21 09:00:01 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=5893 16776573 100 94 6752 76899573 0 0

# compatibility_mode=8192 67108863 100 0 4112 4112 0 0

# scanned=201757

# found=4

# cleaned=0

# scan_time=3698

C:\Users\Rene\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-12130948        a variant of Java/Exploit.CVE-2010-4452.A trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Rene\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\3cc664c-1c0c58ee        Java/Exploit.CVE-2010-4452.A trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\Rene\AppData\Roaming\toolplugin\toolbar.dll        Win32/Adware.ToolPlugin application (unable to clean)        00000000000000000000000000000000        I

C:\Users\Rene\Documents\Downloads\SoftonicDownloader15597.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 21.12.2011 21:20:00 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Rene\Desktop

64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 50,90% Memory free

8,00 Gb Paging File | 6,32 Gb Available in Paging File | 79,04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465,66 Gb Total Space | 381,14 Gb Free Space | 81,85% Space Free | Partition Type: NTFS

 

Computer Name: RENTIER | User Name: Rene | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.12.20 17:31:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe

PRC - [2011.12.12 23:20:56 | 003,305,760 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Rene\AppData\Local\Akamai\netsession_win.exe

PRC - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010.09.01 05:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

PRC - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe

PRC - [2010.02.18 12:24:32 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe

PRC - [2009.08.31 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe

PRC - [2009.08.31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

PRC - [2008.03.14 04:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

PRC - [2008.03.14 04:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

PRC - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2005.08.22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008.09.29 08:07:00 | 000,075,656 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV - [2011.12.14 21:11:54 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)

SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2009.08.31 20:07:00 | 000,178,920 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe -- (McShield)

SRV - [2009.08.31 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)

SRV - [2009.08.31 20:07:00 | 000,019,720 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe -- (McAfeeEngineService)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.03.14 04:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2010.09.07 21:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009.12.19 09:11:40 | 000,314,400 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009.11.23 17:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)

DRV:64bit: - [2009.08.21 01:27:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)

DRV:64bit: - [2009.08.21 01:27:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)

DRV:64bit: - [2009.08.21 01:27:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)

DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.19 11:59:08 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)

DRV:64bit: - [2009.06.19 11:59:06 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)

DRV:64bit: - [2009.06.19 11:59:02 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (LGBusEnum)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV:64bit: - [2008.09.29 08:07:00 | 000,465,792 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2008.09.29 08:07:00 | 000,118,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2008.09.29 08:07:00 | 000,096,016 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2008.09.29 08:07:00 | 000,082,504 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)

DRV:64bit: - [2008.09.29 08:07:00 | 000,075,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009.03.05 06:55:20 | 000,033,080 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys -- (RushTopDevice_J)

DRV - [2008.12.27 04:21:10 | 000,044,344 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys -- (DualCoreCenter)

DRV - [2008.12.19 04:17:36 | 000,075,576 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys -- (RushTopDevice2)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C4 60 E0 C2 67 AE CB 01  [binary data]

IE - HKCU\..\URLSearchHook:  - No CLSID value found

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.order.1: "Search the web"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: ChoiceGuard@Microsoft:2.0

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03

FF - prefs.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

 

FF - user.js..browser.search.selectedEngine: "Search the web"

FF - user.js..browser.search.order.1: "Search the web"

FF - user.js..browser.search.defaultenginename: "Search the web"

FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.21 21:18:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.21 21:18:23 | 000,000,000 | ---D | M]

 

[2010.03.13 17:26:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Extensions

[2011.12.21 21:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions

[2010.06.10 15:28:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.09.17 17:55:07 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\ChoiceGuard@Microsoft

[2011.10.28 17:54:17 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\welcome@toolmin.com

[2010.09.17 17:55:39 | 000,001,819 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\bing.xml

[2011.12.19 18:11:31 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-1.xml

[2011.03.05 13:28:01 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-10.xml

[2011.03.27 17:30:30 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-11.xml

[2011.05.03 20:07:02 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-12.xml

[2011.08.09 13:49:27 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-13.xml

[2011.08.22 19:16:43 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-14.xml

[2011.10.08 16:15:50 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-15.xml

[2011.10.24 18:07:26 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-16.xml

[2011.11.15 14:19:54 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-17.xml

[2011.11.15 18:48:04 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-18.xml

[2010.07.22 16:37:29 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-2.xml

[2010.07.24 23:17:24 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-3.xml

[2010.09.10 14:53:18 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-4.xml

[2010.09.17 16:51:12 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-5.xml

[2010.10.20 14:16:18 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-6.xml

[2010.11.01 00:38:04 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-7.xml

[2010.12.18 19:49:50 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-8.xml

[2011.03.04 17:14:48 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-9.xml

[2010.06.10 15:28:28 | 000,000,168 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin.gif

[2010.06.10 15:28:28 | 000,000,618 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin.src

[2010.06.25 12:15:57 | 000,001,056 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin.xml

[2010.04.22 17:23:20 | 000,002,057 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\youtube-videosuche.xml

[2011.12.21 19:32:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2010.11.05 22:00:19 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010.07.12 21:28:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.24 18:07:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.24 18:07:09 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.24 18:07:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.28 17:54:17 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src

[2011.10.24 18:07:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.24 18:07:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.63\pdf.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: YouTube = C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\

CHR - Extension: Google-Suche = C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\

CHR - Extension: Google Mail = C:\Users\Rene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)

O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Rene\AppData\Roaming\toolplugin\toolbar.dll ()

O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [DelReg] C:\Program Files (x86)\MSI\OverclockingCenter\DelReg.exe ()

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Rene\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22E70B15-0833-4E62-9232-D53B0D2971BB}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{29963807-6cbf-11df-8620-40618679bfab}\Shell - "" = AutoRun

O33 - MountPoints2\{29963807-6cbf-11df-8620-40618679bfab}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)

MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Remote Control Editor - hkey= - key= - C:\Program Files\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)

MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: McAfeeEngineService - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe (McAfee, Inc.)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)

Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.12.21 19:49:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011.12.21 17:37:31 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Malwarebytes

[2011.12.21 17:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.12.21 17:35:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.12.21 17:35:53 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.12.21 17:35:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.12.21 17:35:07 | 009,852,544 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Rene\Desktop\mbam-setup-1.51.2.1300.exe

[2011.12.20 18:10:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe

[2011.12.20 18:02:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Windows\SysNative\OTL.exe

[2011.12.19 19:55:10 | 000,000,000 | ---D | C] -- C:\QUARANTINE

[2011.12.19 19:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2011.12.19 19:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011.12.14 20:32:32 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Roaming\Opera

[2011.12.14 20:32:32 | 000,000,000 | ---D | C] -- C:\Users\Rene\AppData\Local\Opera

[2011.12.14 20:32:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.12.21 21:05:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.12.21 19:10:50 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.12.21 19:10:50 | 000,014,592 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.12.21 19:03:43 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.12.21 19:03:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.12.21 19:03:22 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys

[2011.12.21 17:35:57 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.21 17:30:28 | 009,852,544 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Rene\Desktop\mbam-setup-1.51.2.1300.exe

[2011.12.20 17:31:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Windows\SysNative\OTL.exe

[2011.12.20 17:31:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Rene\Desktop\OTL.exe

[2011.12.19 19:15:49 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.12.15 08:32:22 | 000,363,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.14 22:06:12 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2011.12.01 17:25:46 | 000,002,575 | ---- | M] () -- C:\Users\Rene\Desktop\DC Universe Online Live.lnk

[2011.11.25 18:49:37 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.11.25 18:49:37 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.11.25 18:49:37 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.11.25 18:49:37 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.11.25 18:49:37 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.12.21 17:35:57 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.12.19 19:15:49 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011.12.14 20:32:29 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk

[2011.09.30 18:37:44 | 000,003,584 | ---- | C] () -- C:\Users\Rene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.05 22:04:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.03.13 01:15:49 | 000,007,597 | ---- | C] () -- C:\Users\Rene\AppData\Local\Resmon.ResmonCfg

[2010.03.13 00:31:42 | 000,217,088 | ---- | C] () -- C:\Windows\NVGfxOgl.dll

[2010.03.12 22:33:18 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

 
 ========== LOP Check ==========

 

[2010.06.05 21:27:47 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\FOG Downloader

[2011.08.18 22:11:18 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\GetRightToGo

[2010.12.05 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\ICQ

[2010.05.31 18:26:17 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\LG Electronics

[2010.03.15 09:59:50 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1

[2011.12.14 20:32:32 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Opera

[2010.09.18 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Sony

[2010.03.28 20:22:59 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TerraTec

[2011.10.24 18:05:39 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\toolplugin

[2011.12.19 19:17:59 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TS3Client

[2010.05.31 18:26:17 | 000,000,000 | -H-D | M] -- C:\Users\Rene\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}

[2011.12.20 17:50:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.08.30 13:20:44 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Adobe

[2010.04.06 21:48:34 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\DivX

[2010.06.05 21:27:47 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\FOG Downloader

[2011.08.18 22:11:18 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\GetRightToGo

[2010.12.05 15:32:48 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\ICQ

[2010.03.12 22:08:48 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Identities

[2010.04.06 18:07:13 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\InstallShield

[2010.05.31 18:26:17 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\LG Electronics

[2010.03.15 09:59:50 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1

[2010.04.04 11:22:58 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Macromedia

[2011.12.21 17:37:31 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:19 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Media Center Programs

[2011.08.18 22:13:01 | 000,000,000 | --SD | M] -- C:\Users\Rene\AppData\Roaming\Microsoft

[2010.03.13 17:26:17 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Mozilla

[2011.12.14 20:32:32 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Opera

[2011.05.12 15:33:40 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Skype

[2011.05.12 15:32:53 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\skypePM

[2010.09.18 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\Sony

[2010.11.27 20:40:41 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\teamspeak2

[2010.03.28 20:22:59 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TerraTec

[2011.10.24 18:05:39 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\toolplugin

[2011.12.19 19:17:59 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\TS3Client

[2010.06.17 14:10:50 | 000,000,000 | ---D | M] -- C:\Users\Rene\AppData\Roaming\WinRAR

[2010.05.31 18:26:17 | 000,000,000 | -H-D | M] -- C:\Users\Rene\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2010.09.01 05:29:28 | 011,406,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
 

< End of report >

--- --- ---
[/code]

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

PRC - [2010.03.28 15:47:30 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="

FF - prefs.js..browser.search.order.1: "Search the web"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..extensions.enabledItems: welcome@toolmin.com:1.03

FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - user.js..browser.search.selectedEngine: "Search the web"

FF - user.js..browser.search.order.1: "Search the web"

FF - user.js..browser.search.defaultenginename: "Search the web"

FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

[2010.06.10 15:28:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.09.17 17:55:07 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\ChoiceGuard@Microsoft

[2011.10.28 17:54:17 | 000,000,000 | ---D | M] (toolplugin) -- C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\welcome@toolmin.com

[2010.09.17 17:55:39 | 000,001,819 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\bing.xml

[2011.12.19 18:11:31 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-1.xml

[2011.03.05 13:28:01 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-10.xml

[2011.03.27 17:30:30 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-11.xml

[2011.05.03 20:07:02 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-12.xml

[2011.08.09 13:49:27 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-13.xml

[2011.08.22 19:16:43 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-14.xml

[2011.10.08 16:15:50 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-15.xml

[2011.10.24 18:07:26 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-16.xml

[2011.11.15 14:19:54 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-17.xml

[2011.11.15 18:48:04 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-18.xml

[2010.07.22 16:37:29 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-2.xml

[2010.07.24 23:17:24 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-3.xml

[2010.09.10 14:53:18 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-4.xml

[2010.09.17 16:51:12 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-5.xml

[2010.10.20 14:16:18 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-6.xml

[2010.11.01 00:38:04 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-7.xml

[2010.12.18 19:49:50 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-8.xml

[2011.03.04 17:14:48 | 000,000,950 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-9.xml

[2010.06.10 15:28:28 | 000,000,168 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin.gif

[2010.06.10 15:28:28 | 000,000,618 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin.src

[2010.06.25 12:15:57 | 000,001,056 | ---- | M] () -- C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin.xml

[2011.10.28 17:54:17 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{29963807-6cbf-11df-8620-40618679bfab}\Shell - "" = AutoRun

O33 - MountPoints2\{29963807-6cbf-11df-8620-40618679bfab}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

 All processes killed

========== OTL ==========

No active process named ICQ Service.exe was found!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.

C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.

Prefs.js: "ICQ Search" removed from browser.search.defaultenginename

Prefs.js: "hxxp://www.bing.com/search?FORM=IEFM1&q=" removed from browser.search.defaulturl

Prefs.js: "Search the web" removed from browser.search.order.1

Prefs.js: "ICQ Search" removed from browser.search.selectedEngine

Prefs.js: welcome@toolmin.com:1.03 removed from extensions.enabledItems

Prefs.js: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL

C:\Users\Rene\AppData\Roaming\Mozilla\FireFox\Profiles\90f6ghiz.default\user.js moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\ChoiceGuard@Microsoft\content folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\ChoiceGuard@Microsoft folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\welcome@toolmin.com\chrome\content folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\welcome@toolmin.com\chrome folder moved successfully.

C:\Users\Rene\AppData\Roaming\mozilla\Firefox\Profiles\90f6ghiz.default\extensions\welcome@toolmin.com folder moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\bing.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-10.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-11.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-12.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-13.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-14.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-15.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-16.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-17.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-18.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-3.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-4.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-5.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-6.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-7.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-8.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin-9.xml moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin.gif moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin.src moved successfully.

C:\Users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\searchplugins\icqplugin.xml moved successfully.

C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.

File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29963807-6cbf-11df-8620-40618679bfab}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29963807-6cbf-11df-8620-40618679bfab}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29963807-6cbf-11df-8620-40618679bfab}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29963807-6cbf-11df-8620-40618679bfab}\ not found.

File E:\USBAutoRun.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 41620 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Rene

->Temp folder emptied: 21368350 bytes

->Temporary Internet Files folder emptied: 1029994 bytes

->Java cache emptied: 26221206 bytes

->FireFox cache emptied: 55209728 bytes

->Google Chrome cache emptied: 23674507 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 3762 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 61457 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5244564 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes

RecycleBin emptied: 958350825 bytes

 

Total Files Cleaned = 1.041,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 12212011_215122
 

Files\Folders moved on Reboot...

C:\Users\Rene\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

 22:23:56.0141 2804        TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31

22:23:56.0328 2804        ============================================================

22:23:56.0328 2804        Current date / time: 2011/12/21 22:23:56.0328

22:23:56.0328 2804        SystemInfo:

22:23:56.0328 2804        

22:23:56.0328 2804        OS Version: 6.1.7600 ServicePack: 0.0

22:23:56.0328 2804        Product type: Workstation

22:23:56.0328 2804        ComputerName: RENTIER

22:23:56.0344 2804        UserName: Rene

22:23:56.0344 2804        Windows directory: C:\Windows

22:23:56.0344 2804        System windows directory: C:\Windows

22:23:56.0344 2804        Running under WOW64

22:23:56.0344 2804        Processor architecture: Intel x64

22:23:56.0344 2804        Number of processors: 4

22:23:56.0344 2804        Page size: 0x1000

22:23:56.0344 2804        Boot type: Normal boot

22:23:56.0344 2804        ============================================================

22:23:57.0077 2804        Initialize success

22:25:10.0246 2464        ============================================================

22:25:10.0246 2464        Scan started

22:25:10.0246 2464        Mode: Manual; SigCheck; TDLFS; 

22:25:10.0246 2464        ============================================================

22:25:10.0496 2464        1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

22:25:10.0574 2464        1394ohci - ok

22:25:10.0589 2464        ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

22:25:10.0605 2464        ACPI - ok

22:25:10.0621 2464        AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

22:25:10.0667 2464        AcpiPmi - ok

22:25:10.0683 2464        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

22:25:10.0699 2464        adp94xx - ok

22:25:10.0714 2464        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

22:25:10.0730 2464        adpahci - ok

22:25:10.0745 2464        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

22:25:10.0761 2464        adpu320 - ok

22:25:10.0808 2464        AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys

22:25:10.0933 2464        AFD - ok

22:25:10.0964 2464        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

22:25:10.0979 2464        agp440 - ok

22:25:11.0011 2464        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

22:25:11.0026 2464        aliide - ok

22:25:11.0026 2464        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

22:25:11.0042 2464        amdide - ok

22:25:11.0057 2464        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

22:25:11.0089 2464        AmdK8 - ok

22:25:11.0120 2464        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

22:25:11.0135 2464        AmdPPM - ok

22:25:11.0167 2464        amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys

22:25:11.0182 2464        amdsata - ok

22:25:11.0198 2464        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

22:25:11.0213 2464        amdsbs - ok

22:25:11.0229 2464        amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys

22:25:11.0229 2464        amdxata - ok

22:25:11.0245 2464        AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

22:25:11.0291 2464        AppID - ok

22:25:11.0307 2464        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

22:25:11.0323 2464        arc - ok

22:25:11.0323 2464        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

22:25:11.0338 2464        arcsas - ok

22:25:11.0354 2464        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

22:25:11.0416 2464        AsyncMac - ok

22:25:11.0432 2464        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

22:25:11.0432 2464        atapi - ok

22:25:11.0463 2464        AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

22:25:11.0525 2464        AtiPcie - ok

22:25:11.0557 2464        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

22:25:11.0588 2464        b06bdrv - ok

22:25:11.0603 2464        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

22:25:11.0635 2464        b57nd60a - ok

22:25:11.0666 2464        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

22:25:11.0697 2464        Beep - ok

22:25:11.0744 2464        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

22:25:11.0759 2464        blbdrive - ok

22:25:11.0791 2464        bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

22:25:11.0869 2464        bowser - ok

22:25:11.0869 2464        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:25:11.0900 2464        BrFiltLo - ok

22:25:11.0900 2464        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:25:11.0915 2464        BrFiltUp - ok

22:25:11.0931 2464        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

22:25:11.0978 2464        Brserid - ok

22:25:11.0978 2464        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

22:25:12.0009 2464        BrSerWdm - ok

22:25:12.0009 2464        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:25:12.0040 2464        BrUsbMdm - ok

22:25:12.0040 2464        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

22:25:12.0087 2464        BrUsbSer - ok

22:25:12.0103 2464        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

22:25:12.0118 2464        BTHMODEM - ok

22:25:12.0149 2464        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

22:25:12.0196 2464        cdfs - ok

22:25:12.0227 2464        cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

22:25:12.0274 2464        cdrom - ok

22:25:12.0305 2464        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

22:25:12.0352 2464        circlass - ok

22:25:12.0383 2464        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

22:25:12.0415 2464        CLFS - ok

22:25:12.0415 2464        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

22:25:12.0446 2464        CmBatt - ok

22:25:12.0461 2464        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

22:25:12.0461 2464        cmdide - ok

22:25:12.0477 2464        CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys

22:25:12.0508 2464        CNG - ok

22:25:12.0508 2464        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

22:25:12.0524 2464        Compbatt - ok

22:25:12.0555 2464        CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

22:25:12.0571 2464        CompositeBus - ok

22:25:12.0586 2464        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

22:25:12.0586 2464        crcdisk - ok

22:25:12.0633 2464        CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys

22:25:12.0664 2464        CSC - ok

22:25:12.0711 2464        DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

22:25:12.0805 2464        DfsC - ok

22:25:12.0820 2464        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

22:25:12.0867 2464        discache - ok

22:25:12.0883 2464        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

22:25:12.0898 2464        Disk - ok

22:25:12.0929 2464        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

22:25:12.0976 2464        drmkaud - ok

22:25:13.0039 2464        DualCoreCenter  (4bb346300c499de02f99b8789622ceaa) C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys

22:25:13.0148 2464        DualCoreCenter - ok

22:25:13.0179 2464        DXGKrnl         (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

22:25:13.0257 2464        DXGKrnl - ok

22:25:13.0351 2464        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

22:25:13.0475 2464        ebdrv - ok

22:25:13.0507 2464        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

22:25:13.0522 2464        elxstor - ok

22:25:13.0553 2464        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

22:25:13.0569 2464        ErrDev - ok

22:25:13.0585 2464        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

22:25:13.0616 2464        exfat - ok

22:25:13.0647 2464        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

22:25:13.0678 2464        fastfat - ok

22:25:13.0694 2464        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

22:25:13.0694 2464        fdc - ok

22:25:13.0725 2464        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

22:25:13.0725 2464        FileInfo - ok

22:25:13.0741 2464        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

22:25:13.0787 2464        Filetrace - ok

22:25:13.0787 2464        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

22:25:13.0803 2464        flpydisk - ok

22:25:13.0819 2464        FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

22:25:13.0834 2464        FltMgr - ok

22:25:13.0850 2464        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

22:25:13.0865 2464        FsDepends - ok

22:25:13.0881 2464        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

22:25:13.0897 2464        Fs_Rec - ok

22:25:13.0912 2464        fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys

22:25:13.0928 2464        fvevol - ok

22:25:13.0943 2464        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:25:13.0959 2464        gagp30kx - ok

22:25:14.0006 2464        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

22:25:14.0037 2464        hcw85cir - ok

22:25:14.0068 2464        HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

22:25:14.0131 2464        HdAudAddService - ok

22:25:14.0146 2464        HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:25:14.0177 2464        HDAudBus - ok

22:25:14.0193 2464        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

22:25:14.0209 2464        HidBatt - ok

22:25:14.0224 2464        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

22:25:14.0255 2464        HidBth - ok

22:25:14.0255 2464        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

22:25:14.0302 2464        HidIr - ok

22:25:14.0333 2464        HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

22:25:14.0365 2464        HidUsb - ok

22:25:14.0396 2464        HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

22:25:14.0411 2464        HpSAMD - ok

22:25:14.0443 2464        HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

22:25:14.0536 2464        HTTP - ok

22:25:14.0536 2464        hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

22:25:14.0552 2464        hwpolicy - ok

22:25:14.0567 2464        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

22:25:14.0583 2464        i8042prt - ok

22:25:14.0599 2464        iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys

22:25:14.0630 2464        iaStorV - ok

22:25:14.0645 2464        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

22:25:14.0661 2464        iirsp - ok

22:25:14.0723 2464        IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys

22:25:14.0786 2464        IntcAzAudAddService - ok

22:25:14.0801 2464        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

22:25:14.0817 2464        intelide - ok

22:25:14.0833 2464        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

22:25:14.0848 2464        intelppm - ok

22:25:14.0864 2464        IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:25:14.0895 2464        IpFilterDriver - ok

22:25:14.0895 2464        IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

22:25:14.0926 2464        IPMIDRV - ok

22:25:14.0926 2464        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

22:25:14.0957 2464        IPNAT - ok

22:25:14.0989 2464        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

22:25:15.0004 2464        IRENUM - ok

22:25:15.0020 2464        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

22:25:15.0020 2464        isapnp - ok

22:25:15.0051 2464        iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

22:25:15.0051 2464        iScsiPrt - ok

22:25:15.0082 2464        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

22:25:15.0098 2464        kbdclass - ok

22:25:15.0113 2464        kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

22:25:15.0113 2464        kbdhid - ok

22:25:15.0145 2464        KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys

22:25:15.0145 2464        KSecDD - ok

22:25:15.0176 2464        KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys

22:25:15.0223 2464        KSecPkg - ok

22:25:15.0238 2464        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

22:25:15.0269 2464        ksthunk - ok

22:25:15.0332 2464        LgBttPort       (6377a3efa96e855fdfdf4c4cb1e55bf0) C:\Windows\system32\DRIVERS\lgbtpt64.sys

22:25:15.0425 2464        LgBttPort - ok

22:25:15.0457 2464        LGBusEnum       (3490dca88dac89e53328a6160f26ed09) C:\Windows\system32\DRIVERS\lgbtbs64.sys

22:25:15.0457 2464        LGBusEnum - ok

22:25:15.0488 2464        LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys

22:25:15.0550 2464        LGVirHid - ok

22:25:15.0581 2464        LGVMODEM        (e494371d06d6956469658969633dac06) C:\Windows\system32\DRIVERS\lgvmdm64.sys

22:25:15.0659 2464        LGVMODEM - ok

22:25:15.0691 2464        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

22:25:15.0753 2464        lltdio - ok

22:25:15.0784 2464        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:25:15.0800 2464        LSI_FC - ok

22:25:15.0800 2464        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:25:15.0815 2464        LSI_SAS - ok

22:25:15.0831 2464        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:25:15.0831 2464        LSI_SAS2 - ok

22:25:15.0847 2464        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:25:15.0862 2464        LSI_SCSI - ok

22:25:15.0878 2464        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

22:25:15.0925 2464        luafv - ok

22:25:15.0971 2464        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

22:25:15.0987 2464        megasas - ok

22:25:16.0003 2464        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

22:25:16.0018 2464        MegaSR - ok

22:25:16.0034 2464        mfeapfk         (4dea3f2dc347dea7cb4535680c0e03f1) C:\Windows\system32\drivers\mfeapfk.sys

22:25:16.0112 2464        mfeapfk - ok

22:25:16.0127 2464        mfeavfk         (e555fed8762cbee0a91c47450f81654e) C:\Windows\system32\drivers\mfeavfk.sys

22:25:16.0190 2464        mfeavfk - ok

22:25:16.0205 2464        mfehidk         (f3ce7173922b89cfa909695a489a0e9e) C:\Windows\system32\drivers\mfehidk.sys

22:25:16.0283 2464        mfehidk - ok

22:25:16.0299 2464        mferkdet        (a4f8465b956571ab296eb70c167754db) C:\Windows\system32\drivers\mferkdet.sys

22:25:16.0377 2464        mferkdet - ok

22:25:16.0393 2464        mfetdik         (4339aee8f042ecb4292cd36d84a7cc2f) C:\Windows\system32\drivers\mfetdik.sys

22:25:16.0455 2464        mfetdik - ok

22:25:16.0486 2464        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

22:25:16.0517 2464        Modem - ok

22:25:16.0549 2464        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

22:25:16.0564 2464        monitor - ok

22:25:16.0595 2464        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

22:25:16.0611 2464        mouclass - ok

22:25:16.0627 2464        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

22:25:16.0642 2464        mouhid - ok

22:25:16.0658 2464        mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

22:25:16.0673 2464        mountmgr - ok

22:25:16.0689 2464        mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

22:25:16.0705 2464        mpio - ok

22:25:16.0720 2464        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

22:25:16.0767 2464        mpsdrv - ok

22:25:16.0783 2464        MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

22:25:16.0814 2464        MRxDAV - ok

22:25:16.0845 2464        mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:25:16.0954 2464        mrxsmb - ok

22:25:16.0985 2464        mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:25:17.0079 2464        mrxsmb10 - ok

22:25:17.0095 2464        mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:25:17.0157 2464        mrxsmb20 - ok

22:25:17.0173 2464        msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

22:25:17.0188 2464        msahci - ok

22:25:17.0204 2464        msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

22:25:17.0219 2464        msdsm - ok

22:25:17.0235 2464        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

22:25:17.0266 2464        Msfs - ok

22:25:17.0282 2464        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

22:25:17.0329 2464        mshidkmdf - ok

22:25:17.0344 2464        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

22:25:17.0344 2464        msisadrv - ok

22:25:17.0360 2464        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

22:25:17.0391 2464        MSKSSRV - ok

22:25:17.0407 2464        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

22:25:17.0453 2464        MSPCLOCK - ok

22:25:17.0453 2464        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

22:25:17.0500 2464        MSPQM - ok

22:25:17.0516 2464        MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

22:25:17.0531 2464        MsRPC - ok

22:25:17.0547 2464        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

22:25:17.0547 2464        mssmbios - ok

22:25:17.0563 2464        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

22:25:17.0594 2464        MSTEE - ok

22:25:17.0609 2464        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

22:25:17.0625 2464        MTConfig - ok

22:25:17.0656 2464        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

22:25:17.0672 2464        Mup - ok

22:25:17.0687 2464        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

22:25:17.0719 2464        NativeWifiP - ok

22:25:17.0750 2464        NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

22:25:17.0765 2464        NDIS - ok

22:25:17.0765 2464        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

22:25:17.0797 2464        NdisCap - ok

22:25:17.0828 2464        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

22:25:17.0859 2464        NdisTapi - ok

22:25:17.0875 2464        Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

22:25:17.0906 2464        Ndisuio - ok

22:25:17.0921 2464        NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

22:25:17.0953 2464        NdisWan - ok

22:25:17.0968 2464        NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

22:25:18.0015 2464        NDProxy - ok

22:25:18.0031 2464        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

22:25:18.0077 2464        NetBIOS - ok

22:25:18.0093 2464        NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

22:25:18.0140 2464        NetBT - ok

22:25:18.0171 2464        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

22:25:18.0171 2464        nfrd960 - ok

22:25:18.0202 2464        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

22:25:18.0249 2464        Npfs - ok

22:25:18.0265 2464        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

22:25:18.0311 2464        nsiproxy - ok

22:25:18.0343 2464        Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys

22:25:18.0389 2464        Ntfs - ok

22:25:18.0405 2464        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

22:25:18.0452 2464        Null - ok

22:25:18.0499 2464        NVHDA           (ed9380f201c8126425c09bed96dbe1e5) C:\Windows\system32\drivers\nvhda64v.sys

22:25:18.0577 2464        NVHDA - ok

22:25:18.0795 2464        nvlddmkm        (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:25:18.0982 2464        nvlddmkm - ok

22:25:18.0998 2464        nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys

22:25:19.0013 2464        nvraid - ok

22:25:19.0029 2464        nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys

22:25:19.0045 2464        nvstor - ok

22:25:19.0091 2464        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

22:25:19.0123 2464        nv_agp - ok

22:25:19.0138 2464        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

22:25:19.0185 2464        ohci1394 - ok

22:25:19.0201 2464        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

22:25:19.0216 2464        Parport - ok

22:25:19.0232 2464        partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys

22:25:19.0247 2464        partmgr - ok

22:25:19.0263 2464        pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

22:25:19.0279 2464        pci - ok

22:25:19.0294 2464        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

22:25:19.0294 2464        pciide - ok

22:25:19.0310 2464        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

22:25:19.0325 2464        pcmcia - ok

22:25:19.0341 2464        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

22:25:19.0341 2464        pcw - ok

22:25:19.0372 2464        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

22:25:19.0419 2464        PEAUTH - ok

22:25:19.0466 2464        PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

22:25:19.0497 2464        PptpMiniport - ok

22:25:19.0513 2464        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

22:25:19.0528 2464        Processor - ok

22:25:19.0559 2464        Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

22:25:19.0591 2464        Psched - ok

22:25:19.0637 2464        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

22:25:19.0684 2464        ql2300 - ok

22:25:19.0684 2464        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

22:25:19.0700 2464        ql40xx - ok

22:25:19.0715 2464        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

22:25:19.0747 2464        QWAVEdrv - ok

22:25:19.0778 2464        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

22:25:19.0809 2464        RasAcd - ok

22:25:19.0825 2464        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:25:19.0840 2464        RasAgileVpn - ok

22:25:19.0856 2464        Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:25:19.0903 2464        Rasl2tp - ok

22:25:19.0918 2464        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

22:25:19.0949 2464        RasPppoe - ok

22:25:19.0965 2464        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

22:25:19.0996 2464        RasSstp - ok

22:25:20.0027 2464        rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

22:25:20.0059 2464        rdbss - ok

22:25:20.0074 2464        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

22:25:20.0090 2464        rdpbus - ok

22:25:20.0090 2464        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:25:20.0121 2464        RDPCDD - ok

22:25:20.0168 2464        RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys

22:25:20.0199 2464        RDPDR - ok

22:25:20.0230 2464        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

22:25:20.0277 2464        RDPENCDD - ok

22:25:20.0293 2464        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

22:25:20.0324 2464        RDPREFMP - ok

22:25:20.0339 2464        RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys

22:25:20.0386 2464        RDPWD - ok

22:25:20.0417 2464        rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

22:25:20.0433 2464        rdyboost - ok

22:25:20.0464 2464        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

22:25:20.0511 2464        rspndr - ok

22:25:20.0558 2464        RTL8167         (66f9f7161d147b6486a22feb9425930d) C:\Windows\system32\DRIVERS\Rt64win7.sys

22:25:20.0651 2464        RTL8167 - ok

22:25:20.0714 2464        RushTopDevice2  (f86ed44261ac62e915fb0e4b2133039d) C:\Program Files (x86)\MSI\OverclockingCenter\RushTop64.sys

22:25:20.0792 2464        RushTopDevice2 - ok

22:25:20.0839 2464        RushTopDevice_J (ed4061d042a21961a94bab25fd505f6a) C:\Program Files (x86)\MSI\OverclockingCenter\RushJ64.sys

22:25:20.0885 2464        RushTopDevice_J - ok

22:25:20.0901 2464        s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys

22:25:20.0948 2464        s3cap - ok

22:25:20.0979 2464        sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

22:25:20.0995 2464        sbp2port - ok

22:25:21.0010 2464        scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

22:25:21.0073 2464        scfilter - ok

22:25:21.0104 2464        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:25:21.0135 2464        secdrv - ok

22:25:21.0166 2464        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

22:25:21.0182 2464        Serenum - ok

22:25:21.0197 2464        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

22:25:21.0244 2464        Serial - ok

22:25:21.0260 2464        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

22:25:21.0275 2464        sermouse - ok

22:25:21.0307 2464        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

22:25:21.0322 2464        sffdisk - ok

22:25:21.0338 2464        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

22:25:21.0353 2464        sffp_mmc - ok

22:25:21.0353 2464        sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

22:25:21.0369 2464        sffp_sd - ok

22:25:21.0385 2464        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

22:25:21.0416 2464        sfloppy - ok

22:25:21.0431 2464        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:25:21.0447 2464        SiSRaid2 - ok

22:25:21.0447 2464        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

22:25:21.0463 2464        SiSRaid4 - ok

22:25:21.0478 2464        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

22:25:21.0509 2464        Smb - ok

22:25:21.0556 2464        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

22:25:21.0556 2464        spldr - ok

22:25:21.0603 2464        srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

22:25:21.0728 2464        srv - ok

22:25:21.0759 2464        srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

22:25:21.0915 2464        srv2 - ok

22:25:21.0946 2464        srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

22:25:22.0009 2464        srvnet - ok

22:25:22.0040 2464        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

22:25:22.0055 2464        stexstor - ok

22:25:22.0087 2464        storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys

22:25:22.0087 2464        storflt - ok

22:25:22.0102 2464        storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys

22:25:22.0118 2464        storvsc - ok

22:25:22.0133 2464        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

22:25:22.0149 2464        swenum - ok

22:25:22.0243 2464        Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys

22:25:22.0383 2464        Tcpip - ok

22:25:22.0445 2464        TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys

22:25:22.0492 2464        TCPIP6 - ok

22:25:22.0523 2464        tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

22:25:22.0539 2464        tcpipreg - ok

22:25:22.0555 2464        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

22:25:22.0617 2464        TDPIPE - ok

22:25:22.0633 2464        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

22:25:22.0648 2464        TDTCP - ok

22:25:22.0679 2464        tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

22:25:22.0726 2464        tdx - ok

22:25:22.0742 2464        TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

22:25:22.0742 2464        TermDD - ok

22:25:22.0773 2464        tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:25:22.0804 2464        tssecsrv - ok

22:25:22.0835 2464        tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

22:25:22.0913 2464        tunnel - ok

22:25:22.0913 2464        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

22:25:22.0929 2464        uagp35 - ok

22:25:22.0960 2464        udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

22:25:23.0023 2464        udfs - ok

22:25:23.0054 2464        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

22:25:23.0054 2464        uliagpkx - ok

22:25:23.0085 2464        umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

22:25:23.0147 2464        umbus - ok

22:25:23.0210 2464        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

22:25:23.0257 2464        UmPass - ok

22:25:23.0303 2464        usbbus          (f8527deddf07bf36157d5a2c864effa8) C:\Windows\system32\DRIVERS\lgx64bus.sys

22:25:23.0397 2464        usbbus - ok

22:25:23.0413 2464        usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys

22:25:23.0459 2464        usbccgp - ok

22:25:23.0475 2464        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

22:25:23.0522 2464        usbcir - ok

22:25:23.0553 2464        UsbDiag         (c02b007c2174c4c5f3d6b476c65bc346) C:\Windows\system32\DRIVERS\lgx64diag.sys

22:25:23.0647 2464        UsbDiag - ok

22:25:23.0647 2464        usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys

22:25:23.0678 2464        usbehci - ok

22:25:23.0725 2464        usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys

22:25:23.0771 2464        usbhub - ok

22:25:23.0818 2464        USBModem        (f0a128b233d7edd16e67cb1172d7d7b7) C:\Windows\system32\DRIVERS\lgx64modem.sys

22:25:23.0927 2464        USBModem - ok

22:25:23.0943 2464        usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

22:25:23.0959 2464        usbohci - ok

22:25:23.0974 2464        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

22:25:23.0990 2464        usbprint - ok

22:25:24.0037 2464        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

22:25:24.0037 2464        usbscan - ok

22:25:24.0052 2464        USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:25:24.0068 2464        USBSTOR - ok

22:25:24.0083 2464        usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

22:25:24.0099 2464        usbuhci - ok

22:25:24.0115 2464        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

22:25:24.0130 2464        vdrvroot - ok

22:25:24.0146 2464        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

22:25:24.0161 2464        vga - ok

22:25:24.0177 2464        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

22:25:24.0208 2464        VgaSave - ok

22:25:24.0239 2464        vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

22:25:24.0255 2464        vhdmp - ok

22:25:24.0255 2464        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

22:25:24.0271 2464        viaide - ok

22:25:24.0302 2464        vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys

22:25:24.0317 2464        vmbus - ok

22:25:24.0317 2464        VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys

22:25:24.0333 2464        VMBusHID - ok

22:25:24.0349 2464        volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

22:25:24.0349 2464        volmgr - ok

22:25:24.0380 2464        volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

22:25:24.0411 2464        volmgrx - ok

22:25:24.0427 2464        volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

22:25:24.0442 2464        volsnap - ok

22:25:24.0458 2464        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

22:25:24.0536 2464        vsmraid - ok

22:25:24.0583 2464        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

22:25:24.0614 2464        vwifibus - ok

22:25:24.0629 2464        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

22:25:24.0645 2464        WacomPen - ok

22:25:24.0676 2464        WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

22:25:24.0723 2464        WANARP - ok

22:25:24.0739 2464        Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

22:25:24.0770 2464        Wanarpv6 - ok

22:25:24.0785 2464        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

22:25:24.0801 2464        Wd - ok

22:25:24.0832 2464        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

22:25:24.0848 2464        Wdf01000 - ok

22:25:24.0895 2464        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

22:25:24.0910 2464        WfpLwf - ok

22:25:24.0926 2464        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

22:25:24.0926 2464        WIMMount - ok

22:25:24.0988 2464        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

22:25:25.0004 2464        WinUsb - ok

22:25:25.0019 2464        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

22:25:25.0035 2464        WmiAcpi - ok

22:25:25.0066 2464        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

22:25:25.0097 2464        ws2ifsl - ok

22:25:25.0129 2464        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

22:25:25.0160 2464        WudfPf - ok

22:25:25.0191 2464        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:25:25.0222 2464        WUDFRd - ok

22:25:25.0238 2464        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:25:25.0316 2464        \Device\Harddisk0\DR0 - ok

22:25:25.0316 2464        Boot (0x1200)   (89c6cdc275f1e8e851a73c90e4fc5924) \Device\Harddisk0\DR0\Partition0

22:25:25.0316 2464        \Device\Harddisk0\DR0\Partition0 - ok

22:25:25.0363 2464        Boot (0x1200)   (e03b5a52630bc290d528194c7335495b) \Device\Harddisk0\DR0\Partition1

22:25:25.0363 2464        \Device\Harddisk0\DR0\Partition1 - ok

22:25:25.0363 2464        ============================================================

22:25:25.0363 2464        Scan finished

22:25:25.0363 2464        ============================================================

22:25:25.0378 4412        Detected object count: 0

22:25:25.0378 4412        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Combofix Logfile:

Code:

ComboFix 11-12-21.02 - Rene 21.12.2011  22:43:30.1.4 - x64

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.4095.2820 [GMT 1:00]

ausgeführt von:: c:\users\Rene\Desktop\ComboFix.exe

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Rene\AppData\Local\assembly\tmp

c:\users\Rene\AppData\Roaming\toolplugin\toolbar.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-21 bis 2011-12-21  ))))))))))))))))))))))))))))))

.

.

2011-12-21 21:21 . 2011-12-21 21:21        237        ----a-w-        C:\user.js

2011-12-21 21:21 . 2011-12-21 21:21        --------        d-----w-        c:\program files (x86)\BabylonToolbar

2011-12-21 21:21 . 2011-12-21 21:21        --------        d-----w-        c:\program files (x86)\BrowserCompanion

2011-12-21 21:21 . 2011-12-21 21:21        --------        d-----w-        c:\users\Rene\AppData\Roaming\Babylon

2011-12-21 21:21 . 2011-12-21 21:21        --------        d-----w-        c:\users\Rene\AppData\Local\Babylon

2011-12-21 21:21 . 2011-12-21 21:21        --------        d-----w-        c:\programdata\Babylon

2011-12-21 20:51 . 2011-12-21 20:51        --------        d-----w-        C:\_OTL

2011-12-21 18:49 . 2011-12-21 18:49        --------        d-----w-        c:\program files (x86)\ESET

2011-12-21 16:37 . 2011-12-21 16:37        --------        d-----w-        c:\users\Rene\AppData\Roaming\Malwarebytes

2011-12-21 16:35 . 2011-12-21 16:35        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-21 16:35 . 2011-08-31 16:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-21 16:35 . 2011-12-21 16:35        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-20 17:02 . 2011-12-20 16:31        584192        ----a-w-        c:\windows\system32\OTL.exe

2011-12-20 14:59 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{143AE511-B6EA-4070-9BE3-E2BEB22BDBEB}\mpengine.dll

2011-12-19 18:55 . 2011-12-19 18:55        --------        d-----w-        C:\QUARANTINE

2011-12-19 18:15 . 2011-12-19 18:15        --------        d-----w-        c:\program files\CCleaner

2011-12-14 19:58 . 2011-11-24 05:00        3141632        ----a-w-        c:\windows\system32\win32k.sys

2011-12-14 19:58 . 2011-10-15 06:25        723456        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-14 19:58 . 2011-10-15 05:48        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll

2011-12-14 19:58 . 2011-11-05 05:17        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-14 19:58 . 2011-11-05 04:30        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2011-12-14 19:32 . 2011-12-14 19:32        --------        d-----w-        c:\users\Rene\AppData\Local\Opera

2011-12-14 19:32 . 2011-12-14 19:32        --------        d-----w-        c:\program files (x86)\Opera

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-29 16:24 . 2011-11-09 15:13        1897328        ----a-w-        c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{00cbb66b-1d3b-46d3-9577-323a336acb50}]

2011-10-27 09:25        225584        ----a-w-        c:\program files (x86)\BrowserCompanion\jsloader.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}]

2011-10-27 09:25        141104        ----a-w-        c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"Akamai NetSession Interface"="c:\users\Rene\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]

"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-08-31 124240]

"DelReg"="c:\program files (x86)\MSI\OverclockingCenter\DelReg.exe" [2008-12-04 196608]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Browser companion helper"="c:\program files (x86)\BrowserCompanion\BCHelper.exe" [2011-12-16 187696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

R2 gupdate1cac6169f788cb3;Google Update Service (gupdate1cac6169f788cb3);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-17 133104]

R3 DualCoreCenter;DualCoreCenter;c:\program files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [2008-12-27 44344]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-17 133104]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 RushTopDevice_J;RushTopDevice_J;c:\program files (x86)\MSI\OverclockingCenter\RushJ64.sys [2009-03-05 33080]

R3 RushTopDevice2;RushTopDevice2;c:\program files (x86)\MSI\OverclockingCenter\RushTop64.sys [2008-12-19 75576]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]

S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-08-31 19720]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys [x]

S3 LGBusEnum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys [x]

S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai        REG_MULTI_SZ           Akamai

.

Inhalt des "geplante Tasks" Ordners

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-17 21:12]

.

2011-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-17 21:12]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101241&mntrId=c035aa1c00000000000040618679bfab

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254

Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll

Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll

Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files (x86)\BrowserCompanion\tdataprotocol.dll

FF - ProfilePath - c:\users\Rene\AppData\Roaming\Mozilla\Firefox\Profiles\90f6ghiz.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=101241&mntrId=c035aa1c00000000000040618679bfab

FF - prefs.js: keyword.URL - 

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Browser Companion Helper: bbrs_002@blabbers.com - %profile%\extensions\bbrs_002@blabbers.com

FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com

FF - user.js: extensions.BabylonToolbar_i.id - c035aa1c00000000000040618679bfab

FF - user.js: extensions.BabylonToolbar_i.hardId - c035aa1c00000000000040618679bfab

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15329

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:21

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101241

FF - user.js: extensions.BabylonToolbar_i.babExt - 

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Fraps - c:\fraps\uninstall.exe

AddRemove-LOCO - c:\program files (x86)\Alaplaya\LOCO\uninst.exe

AddRemove-toolplugin - c:\users\Rene\AppData\Local\Temp\WZSE1.TMP\setup.exe

AddRemove-{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1 - c:\program files (x86)\LG Electronics\LG PC Suite III\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-974825803-2640971612-3283644783-1001\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe

c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe

c:\program files (x86)\Windows Media Player\wmplayer.exe

c:\program files\Logitech\GamePanel Software\Applets\LCDMedia.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-12-21  22:52:30 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-12-21 21:52

.

Vor Suchlauf: 11 Verzeichnis(se), 412.552.433.664 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 412.125.491.200 Bytes frei

.

- - End Of File - - B11302D1B03FD1BB3CEC1F47D5E8A501

--- --- ---

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Folder::

c:\program files (x86)\BabylonToolbar

c:\program files (x86)\BrowserCompanion

c:\users\Rene\AppData\Roaming\Babylon

c:\users\Rene\AppData\Local\Babylon

c:\programdata\Babylon

c:\program files (x86)\ICQ6Toolbar
 

Driver::

ICQ Service

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!