Trojaner-Board - Aus Sicherheitsgründen Betriebssystem gesperrt bei aktiver Internetverbindung

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Aus Sicherheitsgründen Betriebssystem gesperrt bei aktiver Internetverbindung (https://www.trojaner-board.de/107730-sicherheitsgruenden-betriebssystem-gesperrt-aktiver-internetverbindung.html)

Aus Sicherheitsgründen Betriebssystem gesperrt bei aktiver Internetverbindung

hey alle zusammen ;)
habe auch bei meiner schwester auf dem rechner das bekannte problem was es hier im board schon öfters gibt...nur bei aktiver internetverbindung kommt dieser "aus sicherheitsgründen wurde das windows system...." und die aufforderung zur ucash etc. bezahlung.

habe jetzt schon in einigen threads was gelesen und somit schon mal diesen OTL scan durchgeführt...
hier die log files!
wie soll ich jetzt weiter verfahren?

danke für eure hilfe! :) umso schneller umso besser ;D
gruß jan

[EDIT]
befinde mich auch grade bei ihr auf dem rechner über den abgesicherten modus mit netzwerkverbindung

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

So hier der Malwarebytes Log....führe jetzt gleich diesen anderen Scan durch und poste auch davon dann die LogFiles

Malwarebytes Log:

Code:

Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.07.03
 

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 8.0.7601.17514

Inspiron :: PC-INSPIRON [Administrator]
 

Schutz: Deaktiviert
 

07.01.2012 16:48:41

mbam-log-2012-01-07 (16-48-41).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 400189

Laufzeit: 51 Minute(n), 53 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{8732675E-D06F-11DE-B6A1-806E6F6E6963} (Trojan.Agent) -> Daten: C:\Users\Inspiron\AppData\Roaming\Microsoft\loadhst.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\Inspiron\AppData\Roaming\Microsoft\loadhst.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

So jetzt hier auch noch den Log des ESEST Scans:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=4cc6acf01bff394284a5e2040ffe8817

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-07 09:10:54

# local_time=2012-01-07 10:10:54 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1797 16775166 100 94 449864 62492080 259442 0

# compatibility_mode=5893 16776574 100 94 12706628 77585109 0 0

# compatibility_mode=8192 67108863 100 0 3826 3826 0 0

# scanned=228360

# found=13

# cleaned=0

# scan_time=15395

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Windows\Installer\d31e80.msi        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

D:\PC-INSPIRON\Backup Set 2011-08-21 194503\Backup Files 2011-09-18 190001\Backup files 3.zip        HTML/Fraud.BD.Gen trojan (unable to clean)        00000000000000000000000000000000        I

D:\PC-INSPIRON\Backup Set 2011-08-21 194503\Backup Files 2011-09-18 190001\Backup files 4.zip        HTML/ScrInject.B.Gen virus (unable to clean)        00000000000000000000000000000000        I

D:\PC-INSPIRON\Backup Set 2011-08-21 194503\Backup Files 2011-09-18 190001\Backup files 5.zip        multiple threats (unable to clean)        00000000000000000000000000000000        I

Wie gehts jetzt weiter?
Gruß, Jan

Hoffe der Thread geht hier nicht unter...deswegen mal eine kleine Erinnerung an mein Anliegen ;) Gruß, Jan

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier der Log:

Code:

OTL logfile created on: 09.01.2012 14:06:46 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Inspiron\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 7,33 Gb Available Physical Memory | 91,59% Memory free

15,99 Gb Paging File | 15,34 Gb Available in Paging File | 95,89% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 689,44 Gb Total Space | 434,86 Gb Free Space | 63,07% Space Free | Partition Type: NTFS

Drive D: | 698,63 Gb Total Space | 14,26 Gb Free Space | 2,04% Space Free | Partition Type: NTFS

 

Computer Name: PC-INSPIRON | User Name: Inspiron | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Inspiron\Desktop\OTL.exe (OldTimer Tools)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)

SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)

SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys ()

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (LVUVC64) Logitech Webcam 200(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)

DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl (CyberLink Corp.)

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\InprocServer32 File not found

IE - HKLM\..\URLSearchHook: {61ab0fb9-46a8-460c-aada-0891fb95562e} - C:\Program Files (x86)\ICQ_Banner_Remover_DE\tbICQ_.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)

IE - HKLM\..\URLSearchHook: {f3416df4-7206-4d5f-bd98-ce349523d8df} - C:\Program Files (x86)\ooVoo_video_chat_German\prxtbooV0.dll (Conduit Ltd.)

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

 

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2489959

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\InprocServer32 File not found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {61ab0fb9-46a8-460c-aada-0891fb95562e} - C:\Program Files (x86)\ICQ_Banner_Remover_DE\tbICQ_.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {f3416df4-7206-4d5f-bd98-ce349523d8df} - C:\Program Files (x86)\ooVoo_video_chat_German\prxtbooV0.dll (Conduit Ltd.)

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "foxsearch"

FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo video chat German Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="

FF - prefs.js..browser.search.order.1: "foxsearch"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"

FF - prefs.js..browser.search.selectedEngine: "foxsearch"

FF - prefs.js..browser.startup.homepage: "hxxp://google.de"

FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {f3416df4-7206-4d5f-bd98-ce349523d8df}:3.3.3.2

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2

FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

 

FF - user.js..browser.search.selectedEngine: "foxsearch"

FF - user.js..browser.search.order.1: "foxsearch"

FF - user.js..browser.search.defaultenginename: "foxsearch"

FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.03 18:54:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.03 18:54:11 | 000,000,000 | ---D | M]

 

[2010.09.29 16:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inspiron\AppData\Roaming\mozilla\Extensions

[2010.09.29 16:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inspiron\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com

[2012.01.07 16:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inspiron\AppData\Roaming\mozilla\Firefox\Profiles\z334o5ou.default\extensions

[2010.11.25 22:32:08 | 000,000,949 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\conduit.xml

[2012.01.06 13:30:05 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-1.xml

[2010.03.28 13:53:03 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-2.xml

[2011.08.31 22:16:45 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-3.xml

[2011.09.07 20:05:43 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-4.xml

[2011.10.03 13:02:15 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-5.xml

[2011.10.07 22:42:34 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-6.xml

[2011.11.30 21:41:36 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-7.xml

[2011.12.04 12:59:23 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-8.xml

[2011.12.23 18:24:33 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-9.xml

[2012.01.04 14:54:58 | 000,000,168 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.gif

[2012.01.04 14:54:58 | 000,000,618 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.src

[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.xml

[2011.12.23 13:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2010.01.25 20:01:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.06.02 18:24:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

() (No name found) -- C:\USERS\INSPIRON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z334O5OU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.11.30 21:41:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll

[2011.10.03 13:02:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.03 13:02:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.10.03 13:02:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.12.06 21:42:48 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src

[2011.10.03 13:02:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.03 13:02:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.03 13:02:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (ICQ Banner Remover DE Toolbar) - {61ab0fb9-46a8-460c-aada-0891fb95562e} - C:\Program Files (x86)\ICQ_Banner_Remover_DE\tbICQ_.dll (Conduit Ltd.)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)

O2 - BHO: (ooVoo video chat German Toolbar) - {f3416df4-7206-4d5f-bd98-ce349523d8df} - C:\Program Files (x86)\ooVoo_video_chat_German\prxtbooV0.dll (Conduit Ltd.)

O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ICQ Banner Remover DE Toolbar) - {61ab0fb9-46a8-460c-aada-0891fb95562e} - C:\Program Files (x86)\ICQ_Banner_Remover_DE\tbICQ_.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Inspiron\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)

O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ooVoo video chat German Toolbar) - {f3416df4-7206-4d5f-bd98-ce349523d8df} - C:\Program Files (x86)\ooVoo_video_chat_German\prxtbooV0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.9\youtubedownloaderToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (ICQ Banner Remover DE Toolbar) - {61AB0FB9-46A8-460C-AADA-0891FB95562E} - C:\Program Files (x86)\ICQ_Banner_Remover_DE\tbICQ_.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Inspiron\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (ooVoo video chat German Toolbar) - {F3416DF4-7206-4D5F-BD98-CE349523D8DF} - C:\Program Files (x86)\ooVoo_video_chat_German\prxtbooV0.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NPSStartup]  File not found

O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [Akamai NetSession Interface] C:\Users\Inspiron\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe (Acresso Corporation)

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [OutlookOnDesktop] C:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe (SMR Computer Services)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk =  File not found

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe File not found

O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe File not found

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe File not found

O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F986819E-7425-4510-BD0C-9CDF1D091C20}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0e1658b6-70f3-11e0-87d9-002564d3ccf9}\Shell - "" = AutoRun

O33 - MountPoints2\{0e1658b6-70f3-11e0-87d9-002564d3ccf9}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O33 - MountPoints2\{76b2016b-dc1e-11de-94c1-002564d3ccf9}\Shell - "" = AutoRun

O33 - MountPoints2\{76b2016b-dc1e-11de-94c1-002564d3ccf9}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: MCODS - Reg Error: Value error.

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)

Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.07 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.01.07 17:50:06 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Inspiron\Desktop\esetsmartinstaller_enu.exe

[2012.01.07 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\Inspiron\AppData\Roaming\Malwarebytes

[2012.01.07 16:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.07 16:46:45 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.01.07 16:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.01.07 16:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.07 16:44:59 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Inspiron\Desktop\mbam-setup-1.60.0.1800.exe

[2012.01.07 16:10:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Inspiron\Desktop\OTL.exe

[2012.01.07 15:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.01.07 15:21:01 | 003,562,624 | ---- | C] (Piriform Ltd) -- C:\Users\Inspiron\Desktop\ccsetup314.exe

[2011.12.27 00:39:26 | 000,000,000 | ---D | C] -- C:\Users\Inspiron\Desktop\Neuer Ordner

[2011.12.23 13:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar

[2011.12.23 13:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot

[2011.12.23 13:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater

[2011.12.17 17:39:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.09 14:03:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.09 14:03:33 | 2146,045,951 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.09 14:02:04 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012.01.09 14:01:33 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.09 14:01:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2012.01.07 17:50:13 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Inspiron\Desktop\esetsmartinstaller_enu.exe

[2012.01.07 17:48:03 | 006,559,576 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.01.07 17:48:03 | 002,343,022 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.01.07 17:48:03 | 001,753,252 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.01.07 17:48:02 | 001,963,402 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.01.07 17:48:02 | 000,005,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.01.07 16:46:46 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.07 16:45:56 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Inspiron\Desktop\mbam-setup-1.60.0.1800.exe

[2012.01.07 16:10:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Inspiron\Desktop\OTL.exe

[2012.01.07 15:50:40 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.01.07 15:23:50 | 003,562,624 | ---- | M] (Piriform Ltd) -- C:\Users\Inspiron\Desktop\ccsetup314.exe

[2012.01.07 15:10:11 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.07 15:01:56 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.07 15:01:56 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.06 22:11:23 | 000,003,272 | ---- | M] () -- C:\bootsqm.dat

[2012.01.01 15:17:23 | 003,032,052 | ---- | M] () -- C:\Users\Inspiron\Desktop\elli.ira.nina.jpg

[2012.01.01 13:53:14 | 000,001,031 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2011.12.18 15:42:33 | 1015,143,134 | ---- | M] () -- C:\Users\Inspiron\Desktop\FiestaOnline_Joker_DE.exe

[2011.12.18 10:34:12 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2011.12.17 20:30:58 | 000,253,134 | ---- | M] () -- C:\Users\Inspiron\Desktop\326484_303349523038675_100000908909144_912820_12538954_o.jpg

[2011.12.17 18:51:03 | 000,031,350 | ---- | M] () -- C:\Users\Inspiron\Desktop\387281_130148157092444_130147970425796_159987_1903593096_n.jpg

[2011.12.17 17:56:10 | 001,057,207 | ---- | M] () -- C:\Users\Inspiron\Desktop\friseur.jpg

[2011.12.15 13:56:03 | 000,361,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.01.07 16:46:46 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.07 15:50:40 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.01.06 22:11:23 | 000,003,272 | ---- | C] () -- C:\bootsqm.dat

[2012.01.01 15:17:23 | 003,032,052 | ---- | C] () -- C:\Users\Inspiron\Desktop\elli.ira.nina.jpg

[2012.01.01 13:53:14 | 000,001,031 | ---- | C] () -- C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2011.12.18 14:31:49 | 1015,143,134 | ---- | C] () -- C:\Users\Inspiron\Desktop\FiestaOnline_Joker_DE.exe

[2011.12.17 20:30:57 | 000,253,134 | ---- | C] () -- C:\Users\Inspiron\Desktop\326484_303349523038675_100000908909144_912820_12538954_o.jpg

[2011.12.17 18:51:02 | 000,031,350 | ---- | C] () -- C:\Users\Inspiron\Desktop\387281_130148157092444_130147970425796_159987_1903593096_n.jpg

[2011.12.17 17:56:10 | 001,057,207 | ---- | C] () -- C:\Users\Inspiron\Desktop\friseur.jpg

[2011.12.17 17:40:06 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2011.12.17 17:39:58 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2011.09.18 20:06:43 | 000,003,584 | ---- | C] () -- C:\Users\Inspiron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.08.10 17:45:00 | 000,000,000 | ---- | C] () -- C:\Users\Inspiron\AppData\Local\{6901109A-6F41-44DB-8FA3-BFDABF908A6C}

[2010.06.02 18:34:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.05.14 20:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2010.05.14 20:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2010.05.14 20:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2010.01.04 19:30:13 | 000,000,670 | ---- | C] () -- C:\Users\Inspiron\AppData\Roaming\DataSafeDotNet.exe

[2009.12.31 17:26:40 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2009.12.31 17:18:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll

[2009.11.13 17:16:44 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2009.11.13 17:16:44 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2010.03.04 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\4shared Desktop

[2011.07.25 21:06:45 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\CoSoSys

[2011.03.28 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.11.06 13:56:56 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Gutscheinmieze

[2011.12.12 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ICQ

[2010.12.06 21:39:07 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ICQLite

[2010.06.25 18:17:52 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Leadertech

[2010.02.03 18:38:46 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\LimeWire

[2010.05.30 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\NCH Swift Sound

[2010.12.21 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ooVoo Details

[2009.12.27 21:27:39 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\OpenOffice.org

[2011.01.06 21:25:27 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\PCDr

[2011.07.06 21:43:05 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\PhotoScape

[2010.06.21 17:43:21 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Samsung

[2011.12.18 10:34:12 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2011.11.23 15:37:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.01.09 14:02:04 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.03.04 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\4shared Desktop

[2010.01.24 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Adobe

[2011.12.03 19:11:35 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Apple Computer

[2011.01.06 16:29:15 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Avira

[2011.07.25 21:06:45 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\CoSoSys

[2009.12.26 14:52:48 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\CyberLink

[2011.05.25 18:55:09 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Dell

[2011.03.28 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.11.06 13:56:56 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Gutscheinmieze

[2011.12.12 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ICQ

[2010.12.06 21:39:07 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ICQLite

[2009.11.27 20:20:41 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Identities

[2010.06.25 18:17:52 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Leadertech

[2010.02.03 18:38:46 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\LimeWire

[2009.11.27 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Macromedia

[2011.01.06 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Macrovision

[2012.01.07 16:46:50 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Media Center Programs

[2012.01.07 17:41:16 | 000,000,000 | --SD | M] -- C:\Users\Inspiron\AppData\Roaming\Microsoft

[2009.11.27 21:29:29 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Mozilla

[2010.05.30 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\NCH Swift Sound

[2010.12.21 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ooVoo Details

[2009.12.27 21:27:39 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\OpenOffice.org

[2011.01.06 21:25:27 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\PCDr

[2011.07.06 21:43:05 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\PhotoScape

[2009.11.27 20:21:09 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Roxio

[2010.06.21 17:43:21 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Samsung

[2011.09.04 21:34:05 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Skype

[2011.09.04 17:11:26 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\skypePM

[2011.04.27 19:55:32 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\U3

[2011.09.12 19:20:40 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\vlc

[2009.11.28 14:36:35 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2010.04.16 14:45:10 | 000,000,670 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\DataSafeDotNet.exe

[2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Inspiron\AppData\Roaming\Gutscheinmieze\uninstall.exe

[2011.07.25 18:47:39 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Inspiron\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2009.12.27 21:26:50 | 007,424,000 | R--- | M] (OpenOffice.org) -- C:\Users\Inspiron\AppData\Roaming\Microsoft\Installer\{D765F1CE-5AE5-4C47-B134-AE58AC474740}\soffice.exe

[2009.11.28 14:22:02 | 000,010,134 | R--- | M] () -- C:\Users\Inspiron\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[2011.12.17 17:38:42 | 054,303,944 | ---- | M] (Dell Inc) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_16_64_02.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\0a1b4253-a379-4585-8817-d5f6900f8eb4\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\0cf7acc3-a393-4a2d-9b69-a80313779c23\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\4fb967c3-79ff-4d3b-a6e9-339d8020bd48\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\5018e354-f05d-4646-8a88-ff0029e83bc7\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\69ea9a61-b4c3-45a9-a8a7-e11da1323d7c\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\7efcf91d-83ff-4a3a-b6b6-6ef72d364366\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\b23899b5-0199-40a4-b599-c03d3629307c\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\b958efa7-081f-4ed6-b876-8d7f19903962\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\f79ec6e2-0af9-4386-8e4a-7465bf326bfd\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\ff99d4a4-a664-409d-baa3-f1d9789239b8\au_5899_rules\AddCertificate.exe

[2010.06.21 17:42:02 | 000,069,632 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

 
 <           >
 

< End of report >

Wie gehts jetzt weiter ;)?
Danke nochmals für die bisherige Hilfe!

Zitat:

2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ICQ Banner Remover DE Toolbar) - {61ab0fb9-46a8-460c-aada-0891fb95562e} - C:\Program Files (x86)\ICQ_Banner_Remover_DE\tbICQ_.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (ooVoo video chat German Toolbar) - {f3416df4-7206-4d5f-bd98-ce349523d8df} - C:\Program Files (x86)\ooVoo_video_chat_German\prxtbooV0.dll (Conduit Ltd.)

Autsch :balla:
Wieso müllst du dir das System mit nutzlosen Toolbars zu?
Deinstalliere über Systemsteuerung unter Software bzw. Programme und Funktionen alles wo Toolbar zu sehen ist. Bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

Werd ich nachher machen danke....Wie gesagt ist der PC meiner Sister ich sag ihr's immer wieder aber wie Schwestern so sind kann man's manchmal nicht ändern, werd aber jetzt zukünftig öfter mal drübergucken ;)

Ansonsten sollte das System also wieder vollständig normal laufen?
Ist der Virus vollständig entfernt oder bedarf es außer der "unnötige Programme Löschung" noch anderer Maßnahmen?

Gruß, Jan

Ich hab mich doch nur zu den Toolbars geäußert!
Mach bitte nach ein neues OTL-Log

Okay ;) Hier der OTL Log nach dem Löschen der Toolbars und unwichtigen Progs:

Code:

OTL logfile created on: 09.01.2012 17:44:26 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Inspiron\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 6,60 Gb Available Physical Memory | 82,47% Memory free

15,99 Gb Paging File | 14,60 Gb Available in Paging File | 91,31% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 689,44 Gb Total Space | 438,45 Gb Free Space | 63,59% Space Free | Partition Type: NTFS

Drive D: | 698,63 Gb Total Space | 13,61 Gb Free Space | 1,95% Space Free | Partition Type: NTFS

 

Computer Name: PC-INSPIRON | User Name: Inspiron | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Inspiron\Desktop\OTL.exe (OldTimer Tools)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)

SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys ()

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (LVUVC64) Logitech Webcam 200(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)

DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl (CyberLink Corp.)

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\InprocServer32 File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

 

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2489959

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\InprocServer32 File not found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {f3416df4-7206-4d5f-bd98-ce349523d8df} - No CLSID value found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "foxsearch"

FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo video chat German Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="

FF - prefs.js..browser.search.order.1: "foxsearch"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"

FF - prefs.js..browser.search.selectedEngine: "foxsearch"

FF - prefs.js..browser.startup.homepage: "hxxp://google.de"

FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {f3416df4-7206-4d5f-bd98-ce349523d8df}:3.3.3.2

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2

FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

 

FF - user.js..browser.search.selectedEngine: "foxsearch"

FF - user.js..browser.search.order.1: "foxsearch"

FF - user.js..browser.search.defaultenginename: "foxsearch"

FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.03 18:54:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.03 18:54:11 | 000,000,000 | ---D | M]

 

[2010.09.29 16:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inspiron\AppData\Roaming\mozilla\Extensions

[2010.09.29 16:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inspiron\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com

[2012.01.07 16:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inspiron\AppData\Roaming\mozilla\Firefox\Profiles\z334o5ou.default\extensions

[2010.11.25 22:32:08 | 000,000,949 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\conduit.xml

[2012.01.06 13:30:05 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-1.xml

[2010.03.28 13:53:03 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-2.xml

[2011.08.31 22:16:45 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-3.xml

[2011.09.07 20:05:43 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-4.xml

[2011.10.03 13:02:15 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-5.xml

[2011.10.07 22:42:34 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-6.xml

[2011.11.30 21:41:36 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-7.xml

[2011.12.04 12:59:23 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-8.xml

[2011.12.23 18:24:33 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-9.xml

[2012.01.04 14:54:58 | 000,000,168 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.gif

[2012.01.04 14:54:58 | 000,000,618 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.src

[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.xml

[2012.01.09 17:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2010.01.25 20:01:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

() (No name found) -- C:\USERS\INSPIRON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z334O5OU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.11.30 21:41:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll

[2011.10.03 13:02:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.03 13:02:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.10.03 13:02:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.12.06 21:42:48 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src

[2011.10.03 13:02:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.03 13:02:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.03 13:02:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NPSStartup]  File not found

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [Akamai NetSession Interface] C:\Users\Inspiron\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler File not found

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [OutlookOnDesktop] C:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe (SMR Computer Services)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk =  File not found

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe File not found

O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F986819E-7425-4510-BD0C-9CDF1D091C20}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0e1658b6-70f3-11e0-87d9-002564d3ccf9}\Shell - "" = AutoRun

O33 - MountPoints2\{0e1658b6-70f3-11e0-87d9-002564d3ccf9}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O33 - MountPoints2\{76b2016b-dc1e-11de-94c1-002564d3ccf9}\Shell - "" = AutoRun

O33 - MountPoints2\{76b2016b-dc1e-11de-94c1-002564d3ccf9}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.09 17:39:22 | 000,000,000 | ---D | C] -- C:\Users\Inspiron\AppData\Roaming\Roxio Log Files

[2012.01.09 16:45:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.01.09 16:41:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2012.01.07 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.01.07 17:50:06 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Inspiron\Desktop\esetsmartinstaller_enu.exe

[2012.01.07 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\Inspiron\AppData\Roaming\Malwarebytes

[2012.01.07 16:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.07 16:46:45 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.01.07 16:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.01.07 16:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.07 16:44:59 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Inspiron\Desktop\mbam-setup-1.60.0.1800.exe

[2012.01.07 16:10:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Inspiron\Desktop\OTL.exe

[2012.01.07 15:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011.12.27 00:39:26 | 000,000,000 | ---D | C] -- C:\Users\Inspiron\Desktop\Neuer Ordner

[2011.12.17 17:39:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.09 17:42:59 | 000,358,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.01.09 17:42:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.09 17:42:35 | 2146,045,951 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.09 17:40:11 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI

[2012.01.09 17:10:31 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.09 16:51:17 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012.01.09 16:46:56 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.09 16:46:56 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.09 16:44:06 | 006,574,118 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.01.09 16:44:06 | 002,347,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.01.09 16:44:06 | 001,967,920 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.01.09 16:44:06 | 001,757,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.01.09 16:44:06 | 000,005,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.01.09 16:39:17 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.09 16:38:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2012.01.07 17:50:13 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Inspiron\Desktop\esetsmartinstaller_enu.exe

[2012.01.07 16:46:46 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.07 16:45:56 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Inspiron\Desktop\mbam-setup-1.60.0.1800.exe

[2012.01.07 16:10:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Inspiron\Desktop\OTL.exe

[2012.01.07 15:50:40 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.01.06 22:11:23 | 000,003,272 | ---- | M] () -- C:\bootsqm.dat

[2012.01.01 15:17:23 | 003,032,052 | ---- | M] () -- C:\Users\Inspiron\Desktop\elli.ira.nina.jpg

[2012.01.01 13:53:14 | 000,001,031 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2011.12.18 10:34:12 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2011.12.17 20:30:58 | 000,253,134 | ---- | M] () -- C:\Users\Inspiron\Desktop\326484_303349523038675_100000908909144_912820_12538954_o.jpg

[2011.12.17 18:51:03 | 000,031,350 | ---- | M] () -- C:\Users\Inspiron\Desktop\387281_130148157092444_130147970425796_159987_1903593096_n.jpg

[2011.12.17 17:56:10 | 001,057,207 | ---- | M] () -- C:\Users\Inspiron\Desktop\friseur.jpg

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.01.09 17:40:11 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI

[2012.01.07 16:46:46 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.07 15:50:40 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.01.06 22:11:23 | 000,003,272 | ---- | C] () -- C:\bootsqm.dat

[2012.01.01 15:17:23 | 003,032,052 | ---- | C] () -- C:\Users\Inspiron\Desktop\elli.ira.nina.jpg

[2012.01.01 13:53:14 | 000,001,031 | ---- | C] () -- C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2011.12.17 20:30:57 | 000,253,134 | ---- | C] () -- C:\Users\Inspiron\Desktop\326484_303349523038675_100000908909144_912820_12538954_o.jpg

[2011.12.17 18:51:02 | 000,031,350 | ---- | C] () -- C:\Users\Inspiron\Desktop\387281_130148157092444_130147970425796_159987_1903593096_n.jpg

[2011.12.17 17:56:10 | 001,057,207 | ---- | C] () -- C:\Users\Inspiron\Desktop\friseur.jpg

[2011.12.17 17:40:06 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2011.12.17 17:39:58 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2011.09.18 20:06:43 | 000,003,584 | ---- | C] () -- C:\Users\Inspiron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.08.10 17:45:00 | 000,000,000 | ---- | C] () -- C:\Users\Inspiron\AppData\Local\{6901109A-6F41-44DB-8FA3-BFDABF908A6C}

[2010.06.02 18:34:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.05.14 20:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2010.05.14 20:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2010.05.14 20:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2010.01.04 19:30:13 | 000,000,670 | ---- | C] () -- C:\Users\Inspiron\AppData\Roaming\DataSafeDotNet.exe

[2009.12.31 17:26:40 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2009.12.31 17:18:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll

[2009.11.13 17:16:44 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2009.11.13 17:16:44 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2010.03.04 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\4shared Desktop

[2011.07.25 21:06:45 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\CoSoSys

[2011.03.28 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.01.09 16:33:40 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Gutscheinmieze

[2011.12.12 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ICQ

[2010.12.06 21:39:07 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ICQLite

[2010.06.25 18:17:52 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Leadertech

[2010.02.03 18:38:46 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\LimeWire

[2010.12.21 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ooVoo Details

[2009.12.27 21:27:39 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\OpenOffice.org

[2011.01.06 21:25:27 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\PCDr

[2011.07.06 21:43:05 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\PhotoScape

[2010.06.21 17:43:21 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Samsung

[2011.12.18 10:34:12 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2011.11.23 15:37:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.01.09 16:51:17 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

 
 ========== Purity Check ==========

 

 
 

< End of report >

Sry das war kein Customscan :(

Oh sorry wusste nicht das ich nochmal den CustomScan machen sollte...
hier jetzt das Log vom gerade durchgeführten CustomScan...

Code:

OTL logfile created on: 09.01.2012 21:23:17 - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Inspiron\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

8,00 Gb Total Physical Memory | 7,20 Gb Available Physical Memory | 90,05% Memory free

15,99 Gb Paging File | 15,26 Gb Available in Paging File | 95,38% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 689,44 Gb Total Space | 438,37 Gb Free Space | 63,58% Space Free | Partition Type: NTFS

Drive D: | 698,63 Gb Total Space | 13,61 Gb Free Space | 1,95% Space Free | Partition Type: NTFS

 

Computer Name: PC-INSPIRON | User Name: Inspiron | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Inspiron\Desktop\OTL.exe (OldTimer Tools)

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (Netzmanager Service) -- C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)

SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)

SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys ()

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (LVUVC64) Logitech Webcam 200(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)

DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)

DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

DRV - ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl (CyberLink Corp.)

DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook:  - No CLSID value found

IE - HKLM\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\InprocServer32 File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

 

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = hxxp://google.icq.com/search/search_frame.php

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2489959

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\InprocServer32 File not found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {f3416df4-7206-4d5f-bd98-ce349523d8df} - No CLSID value found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "foxsearch"

FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo video chat German Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="

FF - prefs.js..browser.search.order.1: "foxsearch"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"

FF - prefs.js..browser.search.selectedEngine: "foxsearch"

FF - prefs.js..browser.startup.homepage: "hxxp://google.de"

FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {f3416df4-7206-4d5f-bd98-ce349523d8df}:3.3.3.2

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2

FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

 

FF - user.js..browser.search.selectedEngine: "foxsearch"

FF - user.js..browser.search.order.1: "foxsearch"

FF - user.js..browser.search.defaultenginename: "foxsearch"

FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

 

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.03 18:54:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.03 18:54:11 | 000,000,000 | ---D | M]

 

[2010.09.29 16:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inspiron\AppData\Roaming\mozilla\Extensions

[2010.09.29 16:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inspiron\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com

[2012.01.07 16:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Inspiron\AppData\Roaming\mozilla\Firefox\Profiles\z334o5ou.default\extensions

[2010.11.25 22:32:08 | 000,000,949 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\conduit.xml

[2012.01.06 13:30:05 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-1.xml

[2010.03.28 13:53:03 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-2.xml

[2011.08.31 22:16:45 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-3.xml

[2011.09.07 20:05:43 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-4.xml

[2011.10.03 13:02:15 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-5.xml

[2011.10.07 22:42:34 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-6.xml

[2011.11.30 21:41:36 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-7.xml

[2011.12.04 12:59:23 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-8.xml

[2011.12.23 18:24:33 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-9.xml

[2012.01.04 14:54:58 | 000,000,168 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.gif

[2012.01.04 14:54:58 | 000,000,618 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.src

[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.xml

[2012.01.09 17:40:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2010.01.25 20:01:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

() (No name found) -- C:\USERS\INSPIRON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z334O5OU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.11.30 21:41:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010.03.19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll

[2011.10.03 13:02:05 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.03 13:02:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.10.03 13:02:05 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.12.06 21:42:48 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src

[2011.10.03 13:02:05 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.03 13:02:05 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.03 13:02:05 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NPSStartup]  File not found

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [Akamai NetSession Interface] C:\Users\Inspiron\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler File not found

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe (Logitech Inc.)

O4 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000..\Run: [OutlookOnDesktop] C:\Program Files (x86)\Outlook on the Desktop\OutlookDesktop.exe (SMR Computer Services)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk =  File not found

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Free YouTube Download - C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe File not found

O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F986819E-7425-4510-BD0C-9CDF1D091C20}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0e1658b6-70f3-11e0-87d9-002564d3ccf9}\Shell - "" = AutoRun

O33 - MountPoints2\{0e1658b6-70f3-11e0-87d9-002564d3ccf9}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O33 - MountPoints2\{76b2016b-dc1e-11de-94c1-002564d3ccf9}\Shell - "" = AutoRun

O33 - MountPoints2\{76b2016b-dc1e-11de-94c1-002564d3ccf9}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: ICQ - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: MCODS - Reg Error: Value error.

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player 9 ActiveX

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)

Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)

Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.01.09 17:39:22 | 000,000,000 | ---D | C] -- C:\Users\Inspiron\AppData\Roaming\Roxio Log Files

[2012.01.09 16:45:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2012.01.09 16:41:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt

[2012.01.07 17:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.01.07 17:50:06 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Inspiron\Desktop\esetsmartinstaller_enu.exe

[2012.01.07 16:46:50 | 000,000,000 | ---D | C] -- C:\Users\Inspiron\AppData\Roaming\Malwarebytes

[2012.01.07 16:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.01.07 16:46:45 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012.01.07 16:46:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.01.07 16:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.01.07 16:44:59 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Inspiron\Desktop\mbam-setup-1.60.0.1800.exe

[2012.01.07 16:10:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Inspiron\Desktop\OTL.exe

[2012.01.07 15:50:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011.12.27 00:39:26 | 000,000,000 | ---D | C] -- C:\Users\Inspiron\Desktop\Neuer Ordner

[2011.12.17 17:39:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.01.09 17:42:59 | 000,358,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.01.09 17:42:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.01.09 17:42:35 | 2146,045,951 | -HS- | M] () -- C:\hiberfil.sys

[2012.01.09 17:40:11 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI

[2012.01.09 17:10:31 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.01.09 16:51:17 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2012.01.09 16:46:56 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.01.09 16:46:56 | 000,014,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.01.09 16:44:06 | 006,574,118 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.01.09 16:44:06 | 002,347,274 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.01.09 16:44:06 | 001,967,920 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.01.09 16:44:06 | 001,757,312 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.01.09 16:44:06 | 000,005,218 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.01.09 16:39:17 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.09 16:38:57 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2012.01.07 17:50:13 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Inspiron\Desktop\esetsmartinstaller_enu.exe

[2012.01.07 16:46:46 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.07 16:45:56 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Inspiron\Desktop\mbam-setup-1.60.0.1800.exe

[2012.01.07 16:10:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Inspiron\Desktop\OTL.exe

[2012.01.07 15:50:40 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.01.06 22:11:23 | 000,003,272 | ---- | M] () -- C:\bootsqm.dat

[2012.01.01 15:17:23 | 003,032,052 | ---- | M] () -- C:\Users\Inspiron\Desktop\elli.ira.nina.jpg

[2012.01.01 13:53:14 | 000,001,031 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2011.12.18 10:34:12 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2011.12.17 20:30:58 | 000,253,134 | ---- | M] () -- C:\Users\Inspiron\Desktop\326484_303349523038675_100000908909144_912820_12538954_o.jpg

[2011.12.17 18:51:03 | 000,031,350 | ---- | M] () -- C:\Users\Inspiron\Desktop\387281_130148157092444_130147970425796_159987_1903593096_n.jpg

[2011.12.17 17:56:10 | 001,057,207 | ---- | M] () -- C:\Users\Inspiron\Desktop\friseur.jpg

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.01.09 17:40:11 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI

[2012.01.07 16:46:46 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.01.07 15:50:40 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.01.06 22:11:23 | 000,003,272 | ---- | C] () -- C:\bootsqm.dat

[2012.01.01 15:17:23 | 003,032,052 | ---- | C] () -- C:\Users\Inspiron\Desktop\elli.ira.nina.jpg

[2012.01.01 13:53:14 | 000,001,031 | ---- | C] () -- C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk

[2011.12.17 20:30:57 | 000,253,134 | ---- | C] () -- C:\Users\Inspiron\Desktop\326484_303349523038675_100000908909144_912820_12538954_o.jpg

[2011.12.17 18:51:02 | 000,031,350 | ---- | C] () -- C:\Users\Inspiron\Desktop\387281_130148157092444_130147970425796_159987_1903593096_n.jpg

[2011.12.17 17:56:10 | 001,057,207 | ---- | C] () -- C:\Users\Inspiron\Desktop\friseur.jpg

[2011.12.17 17:40:06 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2011.12.17 17:39:58 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2011.09.18 20:06:43 | 000,003,584 | ---- | C] () -- C:\Users\Inspiron\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.08.10 17:45:00 | 000,000,000 | ---- | C] () -- C:\Users\Inspiron\AppData\Local\{6901109A-6F41-44DB-8FA3-BFDABF908A6C}

[2010.06.02 18:34:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.05.14 20:56:06 | 010,830,680 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll

[2010.05.14 20:56:06 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

[2010.05.14 20:55:58 | 000,290,648 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll

[2010.01.04 19:30:13 | 000,000,670 | ---- | C] () -- C:\Users\Inspiron\AppData\Roaming\DataSafeDotNet.exe

[2009.12.31 17:26:40 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat

[2009.12.31 17:18:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll

[2009.11.13 17:16:44 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2009.11.13 17:16:44 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2010.03.04 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\4shared Desktop

[2011.07.25 21:06:45 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\CoSoSys

[2011.03.28 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.01.09 16:33:40 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Gutscheinmieze

[2011.12.12 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ICQ

[2010.12.06 21:39:07 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ICQLite

[2010.06.25 18:17:52 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Leadertech

[2010.02.03 18:38:46 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\LimeWire

[2010.12.21 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ooVoo Details

[2009.12.27 21:27:39 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\OpenOffice.org

[2011.01.06 21:25:27 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\PCDr

[2011.07.06 21:43:05 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\PhotoScape

[2010.06.21 17:43:21 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Samsung

[2011.12.18 10:34:12 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2011.11.23 15:37:55 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012.01.09 16:51:17 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.03.04 19:29:51 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\4shared Desktop

[2010.01.24 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Adobe

[2011.12.03 19:11:35 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Apple Computer

[2011.01.06 16:29:15 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Avira

[2011.07.25 21:06:45 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\CoSoSys

[2009.12.26 14:52:48 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\CyberLink

[2011.05.25 18:55:09 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Dell

[2011.03.28 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers

[2012.01.09 16:33:40 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Gutscheinmieze

[2011.12.12 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ICQ

[2010.12.06 21:39:07 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ICQLite

[2009.11.27 20:20:41 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Identities

[2010.06.25 18:17:52 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Leadertech

[2010.02.03 18:38:46 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\LimeWire

[2009.11.27 21:26:42 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Macromedia

[2011.01.06 21:51:43 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Macrovision

[2012.01.07 16:46:50 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Malwarebytes

[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Media Center Programs

[2012.01.07 17:41:16 | 000,000,000 | --SD | M] -- C:\Users\Inspiron\AppData\Roaming\Microsoft

[2009.11.27 21:29:29 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Mozilla

[2010.12.21 18:24:13 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\ooVoo Details

[2009.12.27 21:27:39 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\OpenOffice.org

[2011.01.06 21:25:27 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\PCDr

[2011.07.06 21:43:05 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\PhotoScape

[2009.11.27 20:21:09 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Roxio

[2012.01.09 17:39:22 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Roxio Log Files

[2010.06.21 17:43:21 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Samsung

[2011.09.04 21:34:05 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Skype

[2011.09.04 17:11:26 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\skypePM

[2011.04.27 19:55:32 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\U3

[2011.09.12 19:20:40 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\vlc

[2009.11.28 14:36:35 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2010.04.16 14:45:10 | 000,000,670 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\DataSafeDotNet.exe

[2010.06.10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Inspiron\AppData\Roaming\Gutscheinmieze\uninstall.exe

[2011.07.25 18:47:39 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Inspiron\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe

[2009.12.27 21:26:50 | 007,424,000 | R--- | M] (OpenOffice.org) -- C:\Users\Inspiron\AppData\Roaming\Microsoft\Installer\{D765F1CE-5AE5-4C47-B134-AE58AC474740}\soffice.exe

[2009.11.28 14:22:02 | 000,010,134 | R--- | M] () -- C:\Users\Inspiron\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

[2011.12.17 17:38:42 | 054,303,944 | ---- | M] (Dell Inc) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_16_64_02.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\0a1b4253-a379-4585-8817-d5f6900f8eb4\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\0cf7acc3-a393-4a2d-9b69-a80313779c23\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\4fb967c3-79ff-4d3b-a6e9-339d8020bd48\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\5018e354-f05d-4646-8a88-ff0029e83bc7\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\69ea9a61-b4c3-45a9-a8a7-e11da1323d7c\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\7efcf91d-83ff-4a3a-b6b6-6ef72d364366\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\b23899b5-0199-40a4-b599-c03d3629307c\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\b958efa7-081f-4ed6-b876-8d7f19903962\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\f79ec6e2-0af9-4386-8e4a-7465bf326bfd\au_5899_rules\AddCertificate.exe

[2011.08.10 10:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\Inspiron\AppData\Roaming\PCDr\Update\Rules\ff99d4a4-a664-409d-baa3-f1d9789239b8\au_5899_rules\AddCertificate.exe

[2010.06.21 17:42:02 | 000,069,632 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

FF - prefs.js..browser.search.defaultenginename: "foxsearch"

FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo video chat German Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="

FF - prefs.js..browser.search.order.1: "foxsearch"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"

FF - prefs.js..browser.search.selectedEngine: "foxsearch"

FF - prefs.js..browser.startup.homepage: "http://google.de"

FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/8

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = http://google.icq.com/search/search_frame.php

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2489959

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook:  - No CLSID value found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\InprocServer32 File not found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found

IE - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\URLSearchHook: {f3416df4-7206-4d5f-bd98-ce349523d8df} - No CLSID value found

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3

FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.3

FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - user.js..browser.search.selectedEngine: "foxsearch"

FF - user.js..browser.search.order.1: "foxsearch"

FF - user.js..browser.search.defaultenginename: "foxsearch"

FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

[2010.11.25 22:32:08 | 000,000,949 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\conduit.xml

[2012.01.06 13:30:05 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-1.xml

[2010.03.28 13:53:03 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-2.xml

[2011.08.31 22:16:45 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-3.xml

[2011.09.07 20:05:43 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-4.xml

[2011.10.03 13:02:15 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-5.xml

[2011.10.07 22:42:34 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-6.xml

[2011.11.30 21:41:36 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-7.xml

[2011.12.04 12:59:23 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-8.xml

[2011.12.23 18:24:33 | 000,000,950 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-9.xml

[2012.01.04 14:54:58 | 000,000,168 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.gif

[2012.01.04 14:54:58 | 000,000,618 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.src

[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.xml

[2010.01.25 20:01:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.12.06 21:42:48 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src

O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files (x86)\4shared.com\tb4sha.dll File not found

O3 - HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk =  File not found

O4 - Startup: C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk =  File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{0e1658b6-70f3-11e0-87d9-002564d3ccf9}\Shell - "" = AutoRun

O33 - MountPoints2\{0e1658b6-70f3-11e0-87d9-002564d3ccf9}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

O33 - MountPoints2\{76b2016b-dc1e-11de-94c1-002564d3ccf9}\Shell - "" = AutoRun

O33 - MountPoints2\{76b2016b-dc1e-11de-94c1-002564d3ccf9}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a

[2012.01.09 16:33:40 | 000,000,000 | ---D | M] -- C:\Users\Inspiron\AppData\Roaming\Gutscheinmieze

:Files

C:\Program Files (x86)\Application Updater

C:\Program Files (x86)\Common Files\Spigot

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Sorry dass es so lange gedauerd hat...hier jetzt der Log nach dem OTL Fix:

Code:

All processes killed

========== OTL ==========

Prefs.js: "foxsearch" removed from browser.search.defaultenginename

Prefs.js: "ooVoo video chat German Customized Web Search" removed from browser.search.defaultthis.engineName

Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" removed from browser.search.defaulturl

Prefs.js: "foxsearch" removed from browser.search.order.1

Prefs.js: "chr-greentree_ff&type=937811&ilc=12" removed from browser.search.param.yahoo-fr

Prefs.js: "foxsearch" removed from browser.search.selectedEngine

Prefs.js: "hxxp://google.de" removed from browser.startup.homepage

Prefs.js: youtube2mp3@mondayx.de:1.0.7 removed from extensions.enabledItems

HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Prev Search Bar| /E : value set successfully!

HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\S-1-5-21-3966294909-3972670748-1796578910-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.

Registry value HKEY_USERS\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.

Registry value HKEY_USERS\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f3416df4-7206-4d5f-bd98-ce349523d8df} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f3416df4-7206-4d5f-bd98-ce349523d8df}\ not found.

Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems

Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems

Prefs.js: youtubedownloader@mybrowserbar.com:4.3 removed from extensions.enabledItems

Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL

C:\Users\Inspiron\AppData\Roaming\Mozilla\FireFox\Profiles\z334o5ou.default\user.js moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\conduit.xml moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-1.xml moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-2.xml moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-3.xml moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-4.xml moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-5.xml moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-6.xml moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-7.xml moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-8.xml moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin-9.xml moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.gif moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.src moved successfully.

C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\searchplugins\icqplugin.xml moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.

C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.

C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}\ not found.

Registry value HKEY_USERS\S-1-5-21-3966294909-3972670748-1796578910-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.

File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.

File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.

C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk moved successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e1658b6-70f3-11e0-87d9-002564d3ccf9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e1658b6-70f3-11e0-87d9-002564d3ccf9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e1658b6-70f3-11e0-87d9-002564d3ccf9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e1658b6-70f3-11e0-87d9-002564d3ccf9}\ not found.

File J:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76b2016b-dc1e-11de-94c1-002564d3ccf9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76b2016b-dc1e-11de-94c1-002564d3ccf9}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{76b2016b-dc1e-11de-94c1-002564d3ccf9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{76b2016b-dc1e-11de-94c1-002564d3ccf9}\ not found.

File J:\LaunchU3.exe -a not found.

C:\Users\Inspiron\AppData\Roaming\Gutscheinmieze folder moved successfully.

========== FILES ==========

File\Folder C:\Program Files (x86)\Application Updater not found.

File\Folder C:\Program Files (x86)\Common Files\Spigot not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Inspiron

->Temp folder emptied: 25899248 bytes

->Temporary Internet Files folder emptied: 8004898 bytes

->Java cache emptied: 51699264 bytes

->FireFox cache emptied: 64274829 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 3092289 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1065476 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50702 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 1018705758 bytes

 

Total Files Cleaned = 1.119,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 01112012_152027
 

Files\Folders moved on Reboot...

File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!

C:\Users\Inspiron\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Was nun :)?

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hier der Log vom Kaspersky Tool, das du geposted hast:
(hat 1 Threat gefunden, hab erstmal Skip geklickt, sieht man ja auch im Log, du sagst wie's weiter geht ;))

Code:

17:14:01.0045 5640        TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26

17:14:01.0134 5640        ============================================================

17:14:01.0134 5640        Current date / time: 2012/01/11 17:14:01.0134

17:14:01.0134 5640        SystemInfo:

17:14:01.0134 5640        

17:14:01.0135 5640        OS Version: 6.1.7601 ServicePack: 1.0

17:14:01.0135 5640        Product type: Workstation

17:14:01.0135 5640        ComputerName: PC-INSPIRON

17:14:01.0135 5640        UserName: Inspiron

17:14:01.0135 5640        Windows directory: C:\Windows

17:14:01.0135 5640        System windows directory: C:\Windows

17:14:01.0135 5640        Running under WOW64

17:14:01.0135 5640        Processor architecture: Intel x64

17:14:01.0135 5640        Number of processors: 4

17:14:01.0135 5640        Page size: 0x1000

17:14:01.0135 5640        Boot type: Normal boot

17:14:01.0135 5640        ============================================================

17:14:02.0192 5640        Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000, SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040

17:14:02.0200 5640        Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000, SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040

17:14:02.0270 5640        Initialize success

17:14:16.0698 4708        ============================================================

17:14:16.0698 4708        Scan started

17:14:16.0698 4708        Mode: Manual; SigCheck; TDLFS; 

17:14:16.0698 4708        ============================================================

17:14:17.0238 4708        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

17:14:17.0367 4708        1394ohci - ok

17:14:17.0429 4708        acedrv07        (6e9c8b324980afe454c6f7762e2b4478) C:\Windows\system32\drivers\acedrv07.sys

17:14:17.0450 4708        acedrv07 ( UnsignedFile.Multi.Generic ) - warning

17:14:17.0450 4708        acedrv07 - detected UnsignedFile.Multi.Generic (1)

17:14:17.0490 4708        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

17:14:17.0508 4708        ACPI - ok

17:14:17.0546 4708        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

17:14:17.0580 4708        AcpiPmi - ok

17:14:17.0620 4708        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:14:17.0641 4708        adp94xx - ok

17:14:17.0672 4708        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:14:17.0687 4708        adpahci - ok

17:14:17.0727 4708        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:14:17.0741 4708        adpu320 - ok

17:14:17.0824 4708        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

17:14:17.0852 4708        AFD - ok

17:14:17.0869 4708        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

17:14:17.0879 4708        agp440 - ok

17:14:17.0921 4708        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

17:14:17.0932 4708        aliide - ok

17:14:17.0960 4708        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

17:14:17.0972 4708        amdide - ok

17:14:17.0999 4708        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:14:18.0025 4708        AmdK8 - ok

17:14:18.0041 4708        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:14:18.0065 4708        AmdPPM - ok

17:14:18.0098 4708        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

17:14:18.0111 4708        amdsata - ok

17:14:18.0146 4708        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:14:18.0157 4708        amdsbs - ok

17:14:18.0179 4708        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

17:14:18.0188 4708        amdxata - ok

17:14:18.0287 4708        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

17:14:18.0403 4708        AppID - ok

17:14:18.0448 4708        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:14:18.0460 4708        arc - ok

17:14:18.0476 4708        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:14:18.0486 4708        arcsas - ok

17:14:18.0510 4708        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:14:18.0595 4708        AsyncMac - ok

17:14:18.0614 4708        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

17:14:18.0625 4708        atapi - ok

17:14:18.0694 4708        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

17:14:18.0826 4708        avgntflt - ok

17:14:18.0932 4708        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

17:14:18.0941 4708        avipbb - ok

17:14:18.0991 4708        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:14:19.0032 4708        b06bdrv - ok

17:14:19.0065 4708        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:14:19.0095 4708        b57nd60a - ok

17:14:19.0119 4708        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:14:19.0160 4708        Beep - ok

17:14:19.0194 4708        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:14:19.0216 4708        blbdrive - ok

17:14:19.0269 4708        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

17:14:19.0289 4708        bowser - ok

17:14:19.0305 4708        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:14:19.0351 4708        BrFiltLo - ok

17:14:19.0367 4708        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:14:19.0381 4708        BrFiltUp - ok

17:14:19.0422 4708        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:14:19.0467 4708        Brserid - ok

17:14:19.0485 4708        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:14:19.0514 4708        BrSerWdm - ok

17:14:19.0525 4708        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:14:19.0554 4708        BrUsbMdm - ok

17:14:19.0577 4708        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:14:19.0614 4708        BrUsbSer - ok

17:14:19.0647 4708        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:14:19.0665 4708        BTHMODEM - ok

17:14:19.0699 4708        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:14:19.0733 4708        cdfs - ok

17:14:19.0771 4708        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

17:14:19.0800 4708        cdrom - ok

17:14:19.0843 4708        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:14:19.0870 4708        circlass - ok

17:14:19.0920 4708        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:14:19.0935 4708        CLFS - ok

17:14:19.0979 4708        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:14:19.0990 4708        CmBatt - ok

17:14:20.0056 4708        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

17:14:20.0068 4708        cmdide - ok

17:14:20.0111 4708        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

17:14:20.0140 4708        CNG - ok

17:14:20.0159 4708        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:14:20.0168 4708        Compbatt - ok

17:14:20.0209 4708        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

17:14:20.0233 4708        CompositeBus - ok

17:14:20.0256 4708        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:14:20.0265 4708        crcdisk - ok

17:14:20.0298 4708        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

17:14:20.0347 4708        CSC - ok

17:14:20.0417 4708        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

17:14:20.0457 4708        DfsC - ok

17:14:20.0479 4708        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:14:20.0510 4708        discache - ok

17:14:20.0541 4708        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:14:20.0551 4708        Disk - ok

17:14:20.0605 4708        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:14:20.0624 4708        drmkaud - ok

17:14:20.0650 4708        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

17:14:20.0675 4708        DXGKrnl - ok

17:14:20.0741 4708        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:14:20.0831 4708        ebdrv - ok

17:14:20.0890 4708        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:14:20.0912 4708        elxstor - ok

17:14:20.0947 4708        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

17:14:20.0970 4708        ErrDev - ok

17:14:20.0999 4708        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:14:21.0040 4708        exfat - ok

17:14:21.0060 4708        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:14:21.0115 4708        fastfat - ok

17:14:21.0143 4708        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:14:21.0169 4708        fdc - ok

17:14:21.0203 4708        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:14:21.0213 4708        FileInfo - ok

17:14:21.0247 4708        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:14:21.0288 4708        Filetrace - ok

17:14:21.0305 4708        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:14:21.0317 4708        flpydisk - ok

17:14:21.0388 4708        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

17:14:21.0401 4708        FltMgr - ok

17:14:21.0412 4708        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:14:21.0423 4708        FsDepends - ok

17:14:21.0437 4708        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

17:14:21.0446 4708        Fs_Rec - ok

17:14:21.0476 4708        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:14:21.0490 4708        fvevol - ok

17:14:21.0510 4708        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:14:21.0520 4708        gagp30kx - ok

17:14:21.0599 4708        GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

17:14:21.0607 4708        GEARAspiWDM - ok

17:14:21.0683 4708        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:14:21.0723 4708        hcw85cir - ok

17:14:21.0775 4708        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

17:14:21.0804 4708        HDAudBus - ok

17:14:21.0817 4708        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:14:21.0839 4708        HidBatt - ok

17:14:21.0860 4708        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:14:21.0887 4708        HidBth - ok

17:14:21.0923 4708        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:14:21.0954 4708        HidIr - ok

17:14:21.0992 4708        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

17:14:22.0019 4708        HidUsb - ok

17:14:22.0046 4708        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

17:14:22.0058 4708        HpSAMD - ok

17:14:22.0112 4708        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

17:14:22.0166 4708        HTTP - ok

17:14:22.0203 4708        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

17:14:22.0213 4708        hwpolicy - ok

17:14:22.0250 4708        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

17:14:22.0264 4708        i8042prt - ok

17:14:22.0289 4708        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

17:14:22.0304 4708        iaStorV - ok

17:14:22.0324 4708        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:14:22.0333 4708        iirsp - ok

17:14:22.0417 4708        IntcAzAudAddService (f2b52c7b1c8e6a4fc4c4564f4a421f23) C:\Windows\system32\drivers\RTKVHD64.sys

17:14:22.0470 4708        IntcAzAudAddService - ok

17:14:22.0507 4708        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

17:14:22.0518 4708        intelide - ok

17:14:22.0540 4708        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:14:22.0567 4708        intelppm - ok

17:14:22.0614 4708        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:14:22.0662 4708        IpFilterDriver - ok

17:14:22.0701 4708        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

17:14:22.0713 4708        IPMIDRV - ok

17:14:22.0726 4708        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:14:22.0764 4708        IPNAT - ok

17:14:22.0799 4708        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:14:22.0828 4708        IRENUM - ok

17:14:22.0864 4708        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

17:14:22.0875 4708        isapnp - ok

17:14:22.0911 4708        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

17:14:22.0927 4708        iScsiPrt - ok

17:14:22.0945 4708        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:14:22.0955 4708        kbdclass - ok

17:14:22.0989 4708        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

17:14:23.0015 4708        kbdhid - ok

17:14:23.0053 4708        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

17:14:23.0066 4708        KSecDD - ok

17:14:23.0099 4708        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

17:14:23.0110 4708        KSecPkg - ok

17:14:23.0124 4708        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:14:23.0172 4708        ksthunk - ok

17:14:23.0204 4708        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:14:23.0234 4708        lltdio - ok

17:14:23.0268 4708        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:14:23.0278 4708        LSI_FC - ok

17:14:23.0300 4708        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:14:23.0310 4708        LSI_SAS - ok

17:14:23.0331 4708        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:14:23.0340 4708        LSI_SAS2 - ok

17:14:23.0359 4708        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:14:23.0369 4708        LSI_SCSI - ok

17:14:23.0384 4708        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:14:23.0450 4708        luafv - ok

17:14:23.0520 4708        lvpopf64        (b2085e335f2b57077b0cbadb6f1245cd) C:\Windows\system32\DRIVERS\lvpopf64.sys

17:14:23.0532 4708        lvpopf64 - ok

17:14:23.0584 4708        LVPr2M64        (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

17:14:23.0592 4708        LVPr2M64 - ok

17:14:23.0595 4708        LVPr2Mon        (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

17:14:23.0603 4708        LVPr2Mon - ok

17:14:23.0637 4708        LVRS64          (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys

17:14:23.0647 4708        LVRS64 - ok

17:14:23.0786 4708        LVUVC64         (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys

17:14:23.0950 4708        LVUVC64 - ok

17:14:23.0999 4708        MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys

17:14:24.0009 4708        MBAMProtector - ok

17:14:24.0029 4708        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:14:24.0038 4708        megasas - ok

17:14:24.0055 4708        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:14:24.0067 4708        MegaSR - ok

17:14:24.0097 4708        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:14:24.0139 4708        Modem - ok

17:14:24.0164 4708        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:14:24.0191 4708        monitor - ok

17:14:24.0247 4708        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:14:24.0258 4708        mouclass - ok

17:14:24.0279 4708        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:14:24.0293 4708        mouhid - ok

17:14:24.0331 4708        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

17:14:24.0341 4708        mountmgr - ok

17:14:24.0383 4708        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

17:14:24.0397 4708        mpio - ok

17:14:24.0418 4708        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:14:24.0472 4708        mpsdrv - ok

17:14:24.0508 4708        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

17:14:24.0557 4708        MRxDAV - ok

17:14:24.0593 4708        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:14:24.0617 4708        mrxsmb - ok

17:14:24.0656 4708        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:14:24.0673 4708        mrxsmb10 - ok

17:14:24.0692 4708        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:14:24.0717 4708        mrxsmb20 - ok

17:14:24.0758 4708        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

17:14:24.0770 4708        msahci - ok

17:14:24.0794 4708        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

17:14:24.0808 4708        msdsm - ok

17:14:24.0837 4708        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:14:24.0867 4708        Msfs - ok

17:14:24.0874 4708        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:14:24.0915 4708        mshidkmdf - ok

17:14:24.0949 4708        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

17:14:24.0961 4708        msisadrv - ok

17:14:24.0985 4708        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:14:25.0031 4708        MSKSSRV - ok

17:14:25.0053 4708        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:14:25.0099 4708        MSPCLOCK - ok

17:14:25.0123 4708        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:14:25.0161 4708        MSPQM - ok

17:14:25.0199 4708        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

17:14:25.0213 4708        MsRPC - ok

17:14:25.0223 4708        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

17:14:25.0232 4708        mssmbios - ok

17:14:25.0245 4708        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:14:25.0283 4708        MSTEE - ok

17:14:25.0298 4708        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:14:25.0319 4708        MTConfig - ok

17:14:25.0343 4708        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:14:25.0356 4708        Mup - ok

17:14:25.0381 4708        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:14:25.0402 4708        NativeWifiP - ok

17:14:25.0459 4708        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

17:14:25.0487 4708        NDIS - ok

17:14:25.0503 4708        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:14:25.0533 4708        NdisCap - ok

17:14:25.0559 4708        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:14:25.0598 4708        NdisTapi - ok

17:14:25.0641 4708        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

17:14:25.0673 4708        Ndisuio - ok

17:14:25.0707 4708        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

17:14:25.0755 4708        NdisWan - ok

17:14:25.0786 4708        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

17:14:25.0831 4708        NDProxy - ok

17:14:25.0854 4708        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:14:25.0905 4708        NetBIOS - ok

17:14:25.0940 4708        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

17:14:25.0975 4708        NetBT - ok

17:14:26.0024 4708        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:14:26.0036 4708        nfrd960 - ok

17:14:26.0060 4708        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:14:26.0090 4708        Npfs - ok

17:14:26.0103 4708        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:14:26.0146 4708        nsiproxy - ok

17:14:26.0204 4708        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

17:14:26.0250 4708        Ntfs - ok

17:14:26.0262 4708        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:14:26.0305 4708        Null - ok

17:14:26.0343 4708        NVHDA           (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys

17:14:26.0351 4708        NVHDA - ok

17:14:26.0591 4708        nvlddmkm        (51bd7ef17f0b525994ad5b3748c8288b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

17:14:26.0881 4708        nvlddmkm - ok

17:14:26.0920 4708        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

17:14:26.0933 4708        nvraid - ok

17:14:26.0948 4708        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

17:14:26.0958 4708        nvstor - ok

17:14:27.0000 4708        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

17:14:27.0010 4708        nv_agp - ok

17:14:27.0030 4708        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

17:14:27.0051 4708        ohci1394 - ok

17:14:27.0077 4708        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:14:27.0101 4708        Parport - ok

17:14:27.0140 4708        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

17:14:27.0152 4708        partmgr - ok

17:14:27.0167 4708        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

17:14:27.0178 4708        pci - ok

17:14:27.0210 4708        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

17:14:27.0220 4708        pciide - ok

17:14:27.0239 4708        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:14:27.0254 4708        pcmcia - ok

17:14:27.0275 4708        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:14:27.0287 4708        pcw - ok

17:14:27.0310 4708        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:14:27.0358 4708        PEAUTH - ok

17:14:27.0433 4708        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

17:14:27.0477 4708        PptpMiniport - ok

17:14:27.0492 4708        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:14:27.0511 4708        Processor - ok

17:14:27.0557 4708        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

17:14:27.0602 4708        Psched - ok

17:14:27.0634 4708        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:14:27.0680 4708        ql2300 - ok

17:14:27.0703 4708        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:14:27.0713 4708        ql40xx - ok

17:14:27.0733 4708        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:14:27.0749 4708        QWAVEdrv - ok

17:14:27.0768 4708        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:14:27.0814 4708        RasAcd - ok

17:14:27.0852 4708        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:14:27.0888 4708        RasAgileVpn - ok

17:14:27.0928 4708        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:14:27.0973 4708        Rasl2tp - ok

17:14:27.0992 4708        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:14:28.0032 4708        RasPppoe - ok

17:14:28.0047 4708        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:14:28.0083 4708        RasSstp - ok

17:14:28.0120 4708        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

17:14:28.0158 4708        rdbss - ok

17:14:28.0174 4708        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:14:28.0188 4708        rdpbus - ok

17:14:28.0210 4708        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:14:28.0241 4708        RDPCDD - ok

17:14:28.0278 4708        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

17:14:28.0314 4708        RDPDR - ok

17:14:28.0339 4708        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:14:28.0391 4708        RDPENCDD - ok

17:14:28.0400 4708        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:14:28.0430 4708        RDPREFMP - ok

17:14:28.0443 4708        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

17:14:28.0488 4708        RDPWD - ok

17:14:28.0524 4708        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

17:14:28.0535 4708        rdyboost - ok

17:14:28.0572 4708        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:14:28.0612 4708        rspndr - ok

17:14:28.0666 4708        RTL8167         (f79635bea5ea518a25cbc6271169c0b3) C:\Windows\system32\DRIVERS\Rt64win7.sys

17:14:28.0765 4708        RTL8167 - ok

17:14:28.0803 4708        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

17:14:28.0826 4708        s3cap - ok

17:14:28.0862 4708        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

17:14:28.0872 4708        sbp2port - ok

17:14:28.0898 4708        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

17:14:28.0934 4708        scfilter - ok

17:14:29.0030 4708        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:14:29.0118 4708        secdrv - ok

17:14:29.0145 4708        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:14:29.0158 4708        Serenum - ok

17:14:29.0172 4708        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:14:29.0196 4708        Serial - ok

17:14:29.0227 4708        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:14:29.0239 4708        sermouse - ok

17:14:29.0283 4708        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

17:14:29.0305 4708        sffdisk - ok

17:14:29.0321 4708        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

17:14:29.0347 4708        sffp_mmc - ok

17:14:29.0367 4708        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

17:14:29.0396 4708        sffp_sd - ok

17:14:29.0415 4708        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:14:29.0438 4708        sfloppy - ok

17:14:29.0491 4708        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:14:29.0502 4708        SiSRaid2 - ok

17:14:29.0510 4708        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:14:29.0520 4708        SiSRaid4 - ok

17:14:29.0542 4708        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:14:29.0592 4708        Smb - ok

17:14:29.0626 4708        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:14:29.0635 4708        spldr - ok

17:14:29.0684 4708        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

17:14:29.0716 4708        srv - ok

17:14:29.0754 4708        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

17:14:29.0782 4708        srv2 - ok

17:14:29.0800 4708        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

17:14:29.0827 4708        srvnet - ok

17:14:29.0857 4708        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:14:29.0869 4708        stexstor - ok

17:14:29.0913 4708        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

17:14:29.0923 4708        storflt - ok

17:14:29.0965 4708        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

17:14:29.0976 4708        storvsc - ok

17:14:30.0010 4708        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

17:14:30.0022 4708        swenum - ok

17:14:30.0099 4708        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

17:14:30.0154 4708        Tcpip - ok

17:14:30.0199 4708        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

17:14:30.0235 4708        TCPIP6 - ok

17:14:30.0268 4708        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

17:14:30.0314 4708        tcpipreg - ok

17:14:30.0336 4708        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:14:30.0372 4708        TDPIPE - ok

17:14:30.0380 4708        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

17:14:30.0416 4708        TDTCP - ok

17:14:30.0450 4708        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

17:14:30.0495 4708        tdx - ok

17:14:30.0512 4708        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

17:14:30.0522 4708        TermDD - ok

17:14:30.0544 4708        TFsExDisk - ok

17:14:30.0586 4708        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:14:30.0620 4708        tssecsrv - ok

17:14:30.0666 4708        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

17:14:30.0714 4708        TsUsbFlt - ok

17:14:30.0765 4708        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

17:14:30.0800 4708        tunnel - ok

17:14:30.0821 4708        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:14:30.0830 4708        uagp35 - ok

17:14:30.0870 4708        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

17:14:30.0917 4708        udfs - ok

17:14:30.0960 4708        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

17:14:30.0970 4708        uliagpkx - ok

17:14:31.0008 4708        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

17:14:31.0031 4708        umbus - ok

17:14:31.0048 4708        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:14:31.0067 4708        UmPass - ok

17:14:31.0103 4708        USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

17:14:31.0128 4708        USBAAPL64 - ok

17:14:31.0183 4708        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

17:14:31.0215 4708        usbaudio - ok

17:14:31.0237 4708        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys

17:14:31.0269 4708        usbccgp - ok

17:14:31.0318 4708        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

17:14:31.0345 4708        usbcir - ok

17:14:31.0359 4708        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

17:14:31.0383 4708        usbehci - ok

17:14:31.0412 4708        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

17:14:31.0433 4708        usbhub - ok

17:14:31.0473 4708        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

17:14:31.0492 4708        usbohci - ok

17:14:31.0515 4708        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:14:31.0531 4708        usbprint - ok

17:14:31.0547 4708        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:14:31.0582 4708        USBSTOR - ok

17:14:31.0602 4708        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

17:14:31.0621 4708        usbuhci - ok

17:14:31.0653 4708        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

17:14:31.0664 4708        vdrvroot - ok

17:14:31.0682 4708        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:14:31.0697 4708        vga - ok

17:14:31.0722 4708        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:14:31.0751 4708        VgaSave - ok

17:14:31.0770 4708        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

17:14:31.0781 4708        vhdmp - ok

17:14:31.0802 4708        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

17:14:31.0811 4708        viaide - ok

17:14:31.0850 4708        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

17:14:31.0864 4708        vmbus - ok

17:14:31.0884 4708        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

17:14:31.0911 4708        VMBusHID - ok

17:14:31.0954 4708        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

17:14:31.0966 4708        volmgr - ok

17:14:32.0031 4708        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

17:14:32.0049 4708        volmgrx - ok

17:14:32.0087 4708        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

17:14:32.0102 4708        volsnap - ok

17:14:32.0135 4708        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:14:32.0148 4708        vsmraid - ok

17:14:32.0168 4708        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

17:14:32.0191 4708        vwifibus - ok

17:14:32.0207 4708        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:14:32.0233 4708        WacomPen - ok

17:14:32.0295 4708        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:14:32.0343 4708        WANARP - ok

17:14:32.0347 4708        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:14:32.0376 4708        Wanarpv6 - ok

17:14:32.0402 4708        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:14:32.0412 4708        Wd - ok

17:14:32.0463 4708        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:14:32.0486 4708        Wdf01000 - ok

17:14:32.0536 4708        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:14:32.0571 4708        WfpLwf - ok

17:14:32.0610 4708        WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

17:14:32.0620 4708        WimFltr - ok

17:14:32.0635 4708        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:14:32.0644 4708        WIMMount - ok

17:14:32.0709 4708        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

17:14:32.0733 4708        WinUsb - ok

17:14:32.0780 4708        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

17:14:32.0792 4708        WmiAcpi - ok

17:14:32.0813 4708        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:14:32.0843 4708        ws2ifsl - ok

17:14:32.0892 4708        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

17:14:32.0935 4708        WudfPf - ok

17:14:32.0957 4708        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:14:33.0000 4708        WUDFRd - ok

17:14:33.0071 4708        {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} (74983addca2d9618512c088d856d6615) C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl

17:14:33.0081 4708        {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok

17:14:33.0093 4708        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:14:33.0207 4708        \Device\Harddisk0\DR0 - ok

17:14:33.0233 4708        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

17:14:33.0300 4708        \Device\Harddisk1\DR1 - ok

17:14:33.0303 4708        Boot (0x1200)   (61f3e3292fc34abf898c53f01af9784b) \Device\Harddisk0\DR0\Partition0

17:14:33.0303 4708        \Device\Harddisk0\DR0\Partition0 - ok

17:14:33.0328 4708        Boot (0x1200)   (9dee4891ae7ad69ee51b5e41cfbde259) \Device\Harddisk0\DR0\Partition1

17:14:33.0329 4708        \Device\Harddisk0\DR0\Partition1 - ok

17:14:33.0332 4708        Boot (0x1200)   (e800faee2bd07c1d5bbc6307c648010e) \Device\Harddisk1\DR1\Partition0

17:14:33.0332 4708        \Device\Harddisk1\DR1\Partition0 - ok

17:14:33.0333 4708        ============================================================

17:14:33.0333 4708        Scan finished

17:14:33.0333 4708        ============================================================

17:14:33.0346 5080        Detected object count: 1

17:14:33.0346 5080        Actual detected object count: 1

17:15:24.0909 5080        acedrv07 ( UnsignedFile.Multi.Generic ) - skipped by user

17:15:24.0909 5080        acedrv07 ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hier der ComboFix Log:

Code:

ComboFix 12-01-10.02 - Inspiron 11.01.2012  17:36:42.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8190.6086 [GMT 1:00]

ausgeführt von:: c:\users\Inspiron\Desktop\OTL Scans etc\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\IsUn0407.exe

c:\windows\system32\java.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-11 bis 2012-01-11  ))))))))))))))))))))))))))))))

.

.

2012-01-11 16:46 . 2012-01-11 16:46        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-01-11 14:40 . 2012-01-11 14:40        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-01-11 14:37 . 2011-10-26 05:25        1572864        ----a-w-        c:\windows\system32\quartz.dll

2012-01-11 14:37 . 2011-10-26 04:32        1328128        ----a-w-        c:\windows\SysWow64\quartz.dll

2012-01-11 14:37 . 2011-10-26 05:25        366592        ----a-w-        c:\windows\system32\qdvd.dll

2012-01-11 14:37 . 2011-10-26 04:32        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll

2012-01-11 14:37 . 2011-11-17 06:41        1731920        ----a-w-        c:\windows\system32\ntdll.dll

2012-01-11 14:37 . 2011-11-17 05:38        1292080        ----a-w-        c:\windows\SysWow64\ntdll.dll

2012-01-11 14:37 . 2011-11-19 14:58        77312        ----a-w-        c:\windows\system32\packager.dll

2012-01-11 14:37 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\SysWow64\packager.dll

2012-01-11 14:20 . 2012-01-11 14:20        --------        d-----w-        C:\_OTL

2012-01-09 16:39 . 2012-01-09 16:39        --------        d-----w-        c:\users\Inspiron\AppData\Roaming\Roxio Log Files

2012-01-09 15:41 . 2012-01-09 15:41        --------        d-----w-        c:\windows\system32\appmgmt

2012-01-07 16:50 . 2012-01-07 16:50        --------        d-----w-        c:\program files (x86)\ESET

2012-01-07 15:46 . 2012-01-07 15:46        --------        d-----w-        c:\users\Inspiron\AppData\Roaming\Malwarebytes

2012-01-07 15:46 . 2012-01-07 15:46        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-01-07 15:46 . 2012-01-07 15:46        --------        d-----w-        c:\programdata\Malwarebytes

2012-01-07 15:46 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-01-07 14:50 . 2012-01-07 14:50        --------        d-----w-        c:\program files\CCleaner

2011-12-14 11:20 . 2011-10-26 05:21        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-14 11:12 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys

2011-12-14 11:12 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-14 11:12 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll

2011-12-14 11:11 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-14 11:11 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-04 13:49 . 2009-12-31 16:18        125440        ----a-w-        c:\windows\system32\drivers\acedrv07.sys

2011-11-10 04:54 . 2010-06-24 09:16        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx

2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Akamai NetSession Interface"="c:\users\Inspiron\AppData\Local\Akamai\netsession_win.exe" [2011-12-12 3305760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-12 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2009-08-17 165104]

.

c:\users\Inspiron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Logitech . Produktregistrierung.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

Netzmanager.lnk - c:\program files\Netzmanager\netzmanager.exe [2009-11-25 1529856]

OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 136176]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 136176]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2010/10/25 20:40];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [2009-05-11 14:59 146928]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2009-08-17 656624]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

S3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 16:30]

.

2012-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-26 16:30]

.

2011-12-18 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]

.

2012-01-11 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-03 7834656]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-26 16327712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = 

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Free YouTube Download - c:\users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to Mp3 Converter - c:\users\Inspiron\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\z334o5ou.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

Wow6432Node-HKCU-Run-ISUSPM - c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe

Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe

Wow6432Node-HKLM-Run-NPSStartup - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)

WebBrowser-{F3416DF4-7206-4D5F-BD98-CE349523D8DF} - (no file)

HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe

AddRemove-Akamai - c:\program files (x86)\common files\akamai\uninstall.exe

AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe

AddRemove-Tierpension - c:\windows\IsUn0407.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe

c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2012-01-11  18:00:40 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-01-11 17:00

.

Vor Suchlauf: 14 Verzeichnis(se), 472.278.839.296 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 471.661.240.320 Bytes frei

.

- - End Of File - - EFFE604CF39B6F99D8AA66DF7165C6FF

Und nun ;)?
+ was ist mit dem Threat den Kaspersky gefunden hatte? war es richtig dass ich das geskiped habe?
+ der avira online guard / online schutz ist nicht mehr aktiv und zeigt lediglich an, dass es sich um einen unbekannten fehler handelt (als hilfe gibts nur man soll sich an den support wenden)...wie bekomm ich den wieder aktiviert?

Wir sind noch in der Bereinigung, heb dir die Fragen für später auf

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Hier der Log

Code:

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software

Run date: 2012-01-11 19:00:03

-----------------------------

19:00:03.133    OS Version: Windows x64 6.1.7601 Service Pack 1

19:00:03.133    Number of processors: 4 586 0x170A

19:00:03.133    ComputerName: PC-INSPIRON  UserName: Inspiron

19:00:16.762    Initialize success

19:03:38.500    AVAST engine defs: 12011101

19:05:50.233    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

19:05:50.235    Disk 0 Vendor: ST3750528AS CC45 Size: 715404MB BusType: 3

19:05:50.237    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-2

19:05:50.239    Disk 1 Vendor: ST3750528AS CC45 Size: 715404MB BusType: 3

19:05:50.253    Disk 0 MBR read successfully

19:05:50.255    Disk 0 MBR scan

19:05:50.272    Disk 0 Windows 7 default MBR code

19:05:50.275    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       78 MB offset 63

19:05:50.295    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS         9342 MB offset 161792

19:05:50.312    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       705982 MB offset 19294208

19:05:50.317    Service scanning

19:05:56.902    Modules scanning

19:05:56.906    Disk 0 trace - called modules:

19:05:56.929    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys 

19:05:56.933    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007dbf060]

19:05:56.938    3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8007b084d0]

19:05:56.943    5 ACPI.sys[fffff88000d867a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b05060]

19:06:06.170    AVAST engine scan C:\Windows

19:06:09.296    File: C:\Windows\PEV.exe  **INFECTED** Win32:Rootkit-gen [Rtk]

19:06:13.370    AVAST engine scan C:\Windows\system32

19:08:13.677    AVAST engine scan C:\Windows\system32\drivers

19:08:24.773    AVAST engine scan C:\Users\Inspiron

19:35:10.773    AVAST engine scan C:\ProgramData

19:39:01.913    Scan finished successfully

19:40:18.158    Disk 0 MBR has been saved successfully to "C:\Users\Inspiron\Desktop\MBR.dat"

19:40:18.163    The log file has been saved successfully to "C:\Users\Inspiron\Desktop\aswMBR.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Malewarebytes Log (Rest folgt morgen, habe heute leider keine Zeit mehr...)

Code:

Malwarebytes Anti-Malware (Test) 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.11.06
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Inspiron :: PC-INSPIRON [Administrator]
 

Schutz: Aktiviert
 

11.01.2012 20:10:49

mbam-log-2012-01-11 (20-10-49).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 397710

Laufzeit: 54 Minute(n), 13 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

SuperAntiSpyware Log:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 01/12/2012 at 04:04 PM
 

Application Version : 5.0.1142
 

Core Rules Database Version : 8126

Trace Rules Database Version: 5938
 

Scan type       : Complete Scan

Total Scan Time : 01:37:20
 

Operating System Information

Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 667

Memory threats detected   : 0

Registry items scanned    : 71718

Registry threats detected : 0

File items scanned        : 238770

File threats detected     : 21
 

Adware.Tracking Cookie

        C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Cookies\GJQ65F5S.txt [ /cdn.at.atwola.com ]

        C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Cookies\Q0FMI39W.txt [ /tacoda.at.atwola.com ]

        C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Cookies\3A806I3V.txt [ /mediaplex.com ]

        C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Cookies\6EN4I6T6.txt [ /atwola.com ]

        C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Cookies\69VDLFO7.txt [ /ar.atwola.com ]

        C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Cookies\NM8VQ607.txt [ /icqbannerremoverde.ourtoolbar.com ]

        C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Cookies\NHMT48AH.txt [ /at.atwola.com ]

        C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Cookies\E78O3CSD.txt [ /advertising.com ]

        C:\Users\Inspiron\AppData\Roaming\Microsoft\Windows\Cookies\1O72KXQH.txt [ /apmebf.com ]

        C:\USERS\INSPIRON\Cookies\Q0FMI39W.txt [ Cookie:inspiron@tacoda.at.atwola.com/ ]

        C:\USERS\INSPIRON\Cookies\6EN4I6T6.txt [ Cookie:inspiron@atwola.com/ ]

        C:\USERS\INSPIRON\Cookies\NHMT48AH.txt [ Cookie:inspiron@at.atwola.com/ ]

        C:\USERS\INSPIRON\Cookies\1O72KXQH.txt [ Cookie:inspiron@apmebf.com/ ]

        .doubleclick.net [ C:\USERS\INSPIRON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z334O5OU.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\INSPIRON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z334O5OU.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\INSPIRON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z334O5OU.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\INSPIRON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z334O5OU.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\INSPIRON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z334O5OU.DEFAULT\COOKIES.SQLITE ]

        .xiti.com [ C:\USERS\INSPIRON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z334O5OU.DEFAULT\COOKIES.SQLITE ]

        www.finduny.com [ C:\USERS\INSPIRON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z334O5OU.DEFAULT\COOKIES.SQLITE ]

        .microsoftconsumermarketing.112.2o7.net [ C:\USERS\INSPIRON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z334O5OU.DEFAULT\COOKIES.SQLITE ]

Threats entfernen oder einfach skippen und den ESET Scan machen?

Das sind nur Cookies aber die können weg.

Alles klar wurde gemacht. Der letzte Scan (ESET) kommt morgen gegen Nachmittag / Abend, dann kanns weiter gehen ;)

Habe den ESET Scan gemacht, er hatte auch irgendwas gefunden, habs gefinished wie letztes mal und dann den Befehl im Windows-Run eingegeben den du geposted hast.

Bekomme jedoch den alten Log vom 7.1. angezeigt....hab auch im ESET Ordner geguckt, da ist nur ein log.txt drin und das ist der vom 7.1.

Wo finde ich jetzt den von heute?
Der Scan war vollstädnig abgeschlossen etc. habe nichts anders gemacht als beim letzten Mal und auch nix vorzeitig beendet o.Ä.

Gruß,
Jan

[EDIT]
...falls es in irgendeiner Weise helfen sollte kann ich mich erinnern dass zwei der 3 gefundenen Threats im namen etwa so aussahen "HTML/(irgendein Text) trojan" und der andere "HTML/(irgendein Text) virus" ...vom 3. hab ich leider keine Ahnung mehr / an den Namen des 3. kann ich mich nicht mehr erinnern sorry :/

[EDIT2]
habs durch die windowssuche mit änderungsdatum von heute doch noch in der virtual storage gefunden

hier der log

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=4cc6acf01bff394284a5e2040ffe8817

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-07 09:10:54

# local_time=2012-01-07 10:10:54 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1797 16775166 100 94 449864 62492080 259442 0

# compatibility_mode=5893 16776574 100 94 12706628 77585109 0 0

# compatibility_mode=8192 67108863 100 0 3826 3826 0 0

# scanned=228360

# found=13

# cleaned=0

# scan_time=15395

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe        probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

C:\Windows\Installer\d31e80.msi        a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)        00000000000000000000000000000000        I

D:\PC-INSPIRON\Backup Set 2011-08-21 194503\Backup Files 2011-09-18 190001\Backup files 3.zip        HTML/Fraud.BD.Gen trojan (unable to clean)        00000000000000000000000000000000        I

D:\PC-INSPIRON\Backup Set 2011-08-21 194503\Backup Files 2011-09-18 190001\Backup files 4.zip        HTML/ScrInject.B.Gen virus (unable to clean)        00000000000000000000000000000000        I

D:\PC-INSPIRON\Backup Set 2011-08-21 194503\Backup Files 2011-09-18 190001\Backup files 5.zip        multiple threats (unable to clean)        00000000000000000000000000000000        I

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=4cc6acf01bff394284a5e2040ffe8817

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-12 07:29:07

# local_time=2012-01-12 08:29:07 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1797 16775165 100 94 107803 62933348 90620 0

# compatibility_mode=5893 16776574 100 94 13147896 78026377 0 0

# compatibility_mode=8192 67108863 100 0 445094 445094 0 0

# scanned=116

# found=0

# cleaned=0

# scan_time=20

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=4cc6acf01bff394284a5e2040ffe8817

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-14 02:19:25

# local_time=2012-01-14 03:19:25 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1797 16775165 100 94 246212 63071757 229029 0

# compatibility_mode=5893 16776574 100 94 13286305 78164786 0 0

# compatibility_mode=8192 67108863 100 0 583503 583503 0 0

# scanned=222819

# found=3

# cleaned=0

# scan_time=15829

D:\PC-INSPIRON\Backup Set 2011-08-21 194503\Backup Files 2011-09-18 190001\Backup files 3.zip        HTML/Fraud.BD.Gen trojan (unable to clean)        00000000000000000000000000000000        I

D:\PC-INSPIRON\Backup Set 2011-08-21 194503\Backup Files 2011-09-18 190001\Backup files 4.zip        HTML/ScrInject.B.Gen virus (unable to clean)        00000000000000000000000000000000        I

D:\PC-INSPIRON\Backup Set 2011-08-21 194503\Backup Files 2011-09-18 190001\Backup files 5.zip        multiple threats (unable to clean)        00000000000000000000000000000000        I

Das sind Fehlalarme.
Rechner soweit wieder im Lot?

Ja läuft alles ganz normal.
Das einzige was noch nicht läuft ist der Online Schutz / AntiVir WebGuard von Avira.
Ansonsten hät ich dann nur noch die Fragen von Seite 2 dieses Threads, wo du gesagt hast ich soll sie mir für später aufheben ;)

Zitat:

+ was ist mit dem Threat den Kaspersky gefunden hatte? war es richtig dass ich das geskiped habe?
+ der avira online guard / online schutz ist nicht mehr aktiv und zeigt lediglich an, dass es sich um einen unbekannten fehler handelt (als hilfe gibts nur man soll sich an den support wenden)...wie bekomm ich den wieder aktiviert?

1.) Kannst du ignorieren ist ein Treiber. Es ist dir ausdrücklich erlaubt auch eigene Recherchen anzustellen, es ist nun wirklich einfach nach dem Dateinamen zu googlen
2.) Den Webschutz von Avira kannst du eh knicken, das braucht nun wirklich keiner. Überleg dir gut, ob du in Zukunft weiterhin bei AntiVir bleiben willst. Die haben eine sehr fragwürdige Entscheidung getroffen, was nicht gerade seriös wirkt => http://www.trojaner-board.de/100374-...e-und-ask.html

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Alles klar, habe alles aktualisiert etc. und bedanke mich nochmal vielmals für die Hilfe! Ist ein wirklich klasse Forum hier, großen Respekt wie gesittet und geordnet hier alles abläuft und wie kompetent und schnell einem weitergeholfen wird.

Danke nochmal und hoffentlich auf kein ;) baldiges Wiedersehen :D

Gruß & das Beste für die Zukunft,
Jan