Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Weißer Bildschirm nach Bootvorgang ins Win 7 (https://www.trojaner-board.de/136356-weisser-bildschirm-bootvorgang-ins-win-7-a.html)

Detnaw86 10.06.2013 21:26
Weißer Bildschirm nach Bootvorgang ins Win 7
 
Hallo Leute

Habe gestern den PC (Windows 7 Rechner) meiner Schwägerin zur Untersuchung bekommen, weil sie schon ein Weilchen das Problem hat, dass nach dem Bootvorgang, wenn eigentlich der Desktop aufgebaut werden sollte, der Cursor erscheint, aber der Bildschirm nur weiß wird.

Habe gleich in eurem Forum gesucht und habe daher noch nichts eigenmächtig unternommen, außer den Abgesicherten Modus, aber kurz nach Erscheinen des Desktops, fährt sich der PC automatisch wieder herunter.

Ich hoffe ich habe alles Wichtige erwähnt, ihr könnt mir helfen und ich stelle mich nicht allzu dämlich an :)
Bin meistens erst spät Abends wieder erreichbar, also bitte nicht wundern, wenn ein Weilchen keine Antwort kommt.

LG Daniel

PS: Eine Frage vorneweg, wenn ich die Log Files einfügen möchte, muss ich dann die "[Table]-Code einfügen" Funktion benutzen?

markusg 10.06.2013 21:31
Hi, ja währe nett.

Detnaw86 11.06.2013 07:04
Hallo Markus

Ok werde versuchen die Log Files der einzellnen Säuberungsschritte so zu posten.
Mit welcher Software beginnen wir am besten bei diesem Problem?

markusg 11.06.2013 11:25
a ich dachte du hast schon logs, da du gefragt hast, wie du sie einfügst.
kommst du an nen pc mit brenner?
download:
http://filepony.de/download-otlpe/
und brenne es mit ISOBurner auf eine CD.
ISO Burner - Download - Filepony
isoburner anleitung:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html
• Wenn der Download fertig ist mache ein doppel Klick auf die OTLPENet.exe, was ISOBurner öffnet um es auf die CD zu brennen.
Starte dein System neu und boote von der CD die du gerade erstellt hast.
Wenn du nicht weist wie du deinen Computer dazu bringst von der CD zu booten,
http://www.trojaner-board.de/81857-c...cd-booten.html

• Dein System sollte jetzt einen REATOGO-X-PE Desktop anzeigen.
• Mache einen doppel Klick auf das OTLPE Icon.
• Wenn du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
• Wenn du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg
Textbox.
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

Detnaw86 11.06.2013 16:15
So weit so gut, jedoch hast du geschrieben, poste beide logs.
Ich habe aber jetzt nur das OTL.txt Log, oder sollte da noch irgendwo eins sein?

OTL Logfile:
Code:
OTL logfile created on: 6/11/2013 8:03:18 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Ultimate  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files
Drive C: | 100.00 Mb Total Space | 74.17 Mb Free Space | 74.17% Space Free | Partition Type: NTFS
Drive D: | 7.52 Gb Total Space | 7.45 Gb Free Space | 99.07% Space Free | Partition Type: NTFS
Drive I: | 465.66 Gb Total Space | 409.16 Gb Free Space | 87.87% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/15 06:27:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/01 21:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand] -- I:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe -- (BBUpdate)
SRV - [2013/04/01 21:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto] -- I:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.exe -- (BBSvc)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- I:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- I:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto] -- I:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2012/10/28 15:57:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- I:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- I:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System] -- I:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System] -- I:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot] -- I:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System] -- I:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto] -- I:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 18:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System] -- I:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto] -- I:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 18:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System] -- I:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/10/15 12:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System] -- I:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2011/11/28 13:26:19 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot] -- I:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/10/10 06:12:08 | 000,271,360 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/09/19 06:09:17 | 000,018,048 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/02/21 15:33:47 | 000,431,672 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- I:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Daniela_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\Daniela_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\Daniela_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\Daniela_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 A0 62 47 A9 F6 CB 01  [binary data]
IE - HKU\Daniela_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: I:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: I:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: I:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/03/09 10:31:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 15:57:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/28 15:57:07 | 000,000,000 | ---D | M]
 
[2012/03/13 02:13:35 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Daniela\AppData\Roaming\Mozilla\Extensions
[2013/05/26 09:50:24 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\iymeoaaj.default\extensions
[2012/03/13 02:15:47 | 000,000,000 | ---D | M] (webmiles-Sammelfreund) -- I:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\iymeoaaj.default\extensions\sammelfreund@webmiles.de
[2012/10/28 15:57:06 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2013/05/27 04:19:08 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\updated\extensions
[2013/05/27 04:19:14 | 000,000,000 | ---D | M] (Default) -- I:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2013/03/09 10:31:17 | 000,000,000 | ---D | M] (avast! WebRep) -- I:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/10/28 15:57:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- I:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/08 06:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- I:\Program Files\mozilla firefox\plugins\npmidas.dll
[2012/02/16 07:02:53 | 000,001,392 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/16 12:04:23 | 000,002,465 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 07:02:53 | 000,001,153 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/04/09 07:30:28 | 000,002,047 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/16 07:02:53 | 000,006,805 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/16 07:02:53 | 000,001,178 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/16 07:02:53 | 000,001,105 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - I:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - I:\Program Files\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - I:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - I:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - I:\Program Files\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [avast] I:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [facemoods] I:\Program Files\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe (facemoods.com)
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: I:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Daniela_ON_I Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Daniela_ON_I Winlogon: Shell - (C:\Users\Daniela\AppData\Roaming\AltShell.dat) - I:\Users\Daniela\AppData\Roaming\AltShell.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ca358540-3df2-11e0-a77f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ca358540-3df2-11e0-a77f-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Setupx.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - I:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - I:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - I:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - I:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - I:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[1 I:\Windows\*.tmp files -> I:\Windows\*.tmp -> ]
[1 I:\Program Files\*.tmp files -> I:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/10 16:20:10 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2013/06/10 16:19:50 | 000,000,004 | ---- | M] () -- I:\Users\Daniela\AppData\Roaming\AltShell.ini
[2013/06/10 16:19:30 | 000,001,096 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/10 16:19:20 | 2407,407,616 | -HS- | M] () -- I:\hiberfil.sys
[2013/06/09 08:45:08 | 000,412,744 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2013/06/07 07:12:59 | 000,016,944 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 07:12:59 | 000,016,944 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 12:03:10 | 000,001,100 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/31 08:27:03 | 000,000,884 | ---- | M] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/15 06:27:34 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 06:27:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\System32\FlashPlayerCPLApp.cpl
[1 I:\Windows\*.tmp files -> I:\Windows\*.tmp -> ]
[1 I:\Program Files\*.tmp files -> I:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/31 08:15:36 | 000,000,004 | ---- | C] () -- I:\Users\Daniela\AppData\Roaming\AltShell.ini
[2012/05/10 05:15:50 | 000,032,608 | ---- | C] () -- I:\Windows\king-uninstall.exe
[2012/04/03 13:55:12 | 000,033,134 | ---- | C] () -- I:\Users\Daniela\AppData\Roaming\UserTile.png
[2011/11/27 05:06:27 | 000,000,000 | ---- | C] () -- I:\Users\Daniela\AppData\Local\{D5A7741F-B6C4-456D-B90B-6495F111FBDC}
[2011/09/19 06:09:22 | 000,271,360 | ---- | C] () -- I:\Windows\System32\drivers\atksgt.sys
[2011/09/19 06:09:17 | 000,018,048 | ---- | C] () -- I:\Windows\System32\drivers\lirsgt.sys
[2011/08/26 07:04:28 | 000,000,000 | ---- | C] () -- I:\Users\Daniela\AppData\Local\{190476E7-FA41-451A-9F24-7A47B4B85B68}
[2011/06/12 07:32:23 | 000,011,264 | ---- | C] () -- I:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 05:34:50 | 000,000,049 | ---- | C] () -- I:\Windows\NeroDigital.ini
[2011/02/21 15:30:32 | 000,031,232 | ---- | C] () -- I:\Users\Daniela\AppData\Roaming\AltShell.dat
[2009/07/14 04:47:43 | 000,647,138 | ---- | C] () -- I:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- I:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,127,198 | ---- | C] () -- I:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- I:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,412,744 | ---- | C] () -- I:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,609,896 | ---- | C] () -- I:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- I:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,104,214 | ---- | C] () -- I:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- I:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- I:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- I:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- I:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- I:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- I:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/07/29 12:48:20 | 000,000,000 | ---D | M] -- I:\ProgramData\1912 Titanic Mystery
[2011/07/30 07:48:10 | 000,000,000 | ---D | M] -- I:\ProgramData\20000Leagues
[2011/02/21 15:53:24 | 000,000,000 | ---D | M] -- I:\ProgramData\ACD Systems
[2011/08/01 08:15:25 | 000,000,000 | ---D | M] -- I:\ProgramData\AdventureChronicles1
[2011/08/05 08:42:12 | 000,000,000 | ---D | M] -- I:\ProgramData\Alawar Stargaze
[2011/02/21 15:07:23 | 000,000,000 | ---D | M] -- I:\ProgramData\Alwil Software
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2012/02/22 03:19:56 | 000,000,000 | ---D | M] -- I:\ProgramData\AVAST Software
[2011/08/20 07:01:18 | 000,000,000 | ---D | M] -- I:\ProgramData\Becky Brogan
[2011/08/20 10:49:22 | 000,000,000 | ---D | M] -- I:\ProgramData\Big Fish Games
[2012/06/09 16:11:43 | 000,000,000 | ---D | M] -- I:\ProgramData\Christmasville
[2011/02/21 15:33:15 | 000,000,000 | ---D | M] -- I:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2012/08/03 15:02:12 | 000,000,000 | ---D | M] -- I:\ProgramData\Flood Light Games
[2012/11/17 14:35:08 | 000,000,000 | ---D | M] -- I:\ProgramData\Floodlight Games
[2011/07/30 03:50:58 | 000,000,000 | ---D | M] -- I:\ProgramData\FloodLightGames
[2011/05/07 05:12:16 | 000,000,000 | ---D | M] -- I:\ProgramData\GameHouse
[2011/08/13 13:36:38 | 000,000,000 | ---D | M] -- I:\ProgramData\Gamers Digital
[2013/05/29 13:59:07 | 000,000,000 | ---D | M] -- I:\ProgramData\GARTEN8C
[2011/08/21 13:16:04 | 000,000,000 | ---D | M] -- I:\ProgramData\JollyBear
[2012/05/12 15:42:48 | 000,000,000 | ---D | M] -- I:\ProgramData\JoyBits
[2011/08/17 09:58:38 | 000,000,000 | ---D | M] -- I:\ProgramData\Meridian93
[2011/08/23 02:01:51 | 000,000,000 | ---D | M] -- I:\ProgramData\Merscom
[2011/04/12 12:59:00 | 000,000,000 | ---D | M] -- I:\ProgramData\oNh01804oAiOb01804
[2011/08/17 13:22:43 | 000,000,000 | ---D | M] -- I:\ProgramData\Particles
[2011/08/19 11:51:48 | 000,000,000 | ---D | M] -- I:\ProgramData\PoBros
[2011/08/07 07:22:07 | 000,000,000 | ---D | M] -- I:\ProgramData\Product
[2011/08/07 07:22:07 | 000,000,000 | ---D | M] -- I:\ProgramData\QuickClick
[2011/09/18 11:43:02 | 000,000,000 | ---D | M] -- I:\ProgramData\Solidshield
[2011/08/17 15:06:16 | 000,000,000 | ---D | M] -- I:\ProgramData\sowhat
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü
[2011/08/14 04:55:22 | 000,000,000 | ---D | M] -- I:\ProgramData\TeleportGamesLtd
[2012/11/23 12:48:55 | 000,000,000 | ---D | M] -- I:\ProgramData\TEMP
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2012/01/11 07:34:03 | 000,000,000 | ---D | M] -- I:\ProgramData\tmp
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen
[2011/04/27 13:04:44 | 000,000,000 | ---D | M] -- I:\ProgramData\Zylom
[2013/04/23 08:30:08 | 000,032,632 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/12/12 10:18:50 | 000,000,000 | -HSD | M] -- I:\$Recycle.Bin
[2012/08/02 14:35:37 | 000,000,000 | ---D | M] -- I:\BigFishGamesCache
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\Documents and Settings
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\Dokumente und Einstellungen
[2011/02/21 15:46:18 | 000,000,000 | RH-D | M] -- I:\MSOCache
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- I:\PerfLogs
[2013/05/14 04:58:19 | 000,000,000 | R--D | M] -- I:\Program Files
[2012/11/17 14:35:08 | 000,000,000 | -H-D | M] -- I:\ProgramData
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\Programme
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\Recovery
[2013/05/25 09:57:45 | 000,000,000 | -HSD | M] -- I:\System Volume Information
[2011/02/21 15:00:56 | 000,000,000 | R--D | M] -- I:\Users
[2013/05/31 08:44:55 | 000,000,000 | ---D | M] -- I:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- I:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- I:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- I:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- I:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- I:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- I:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- I:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- I:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- I:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- I:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- I:\Windows\System32\user32.dll
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- I:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- I:\Windows\System32\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- I:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- I:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- I:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- I:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- I:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- I:\Windows\system32\fontext.dll
[2010/07/27 10:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- I:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> I:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 96 bytes -> I:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 95 bytes -> I:\ProgramData\TEMP:E32966C0
@Alternate Data Stream - 148 bytes -> I:\ProgramData\TEMP:51A20D23
@Alternate Data Stream - 148 bytes -> I:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 147 bytes -> I:\ProgramData\TEMP:140AD176
@Alternate Data Stream - 146 bytes -> I:\ProgramData\TEMP:CC4C59B4
@Alternate Data Stream - 145 bytes -> I:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 145 bytes -> I:\ProgramData\TEMP:89C28CF6
@Alternate Data Stream - 145 bytes -> I:\ProgramData\TEMP:3D186293
@Alternate Data Stream - 144 bytes -> I:\ProgramData\TEMP:C6920A5D
@Alternate Data Stream - 144 bytes -> I:\ProgramData\TEMP:53DF4438
@Alternate Data Stream - 143 bytes -> I:\ProgramData\TEMP:E7B4296D
@Alternate Data Stream - 142 bytes -> I:\ProgramData\TEMP:94874C0A
@Alternate Data Stream - 141 bytes -> I:\ProgramData\TEMP:E9FAC3AB
@Alternate Data Stream - 141 bytes -> I:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 141 bytes -> I:\ProgramData\TEMP:89CF6F9C
@Alternate Data Stream - 140 bytes -> I:\ProgramData\TEMP:7E082023
@Alternate Data Stream - 140 bytes -> I:\ProgramData\TEMP:75978481
@Alternate Data Stream - 139 bytes -> I:\ProgramData\TEMP:4B1195DD
@Alternate Data Stream - 138 bytes -> I:\ProgramData\TEMP:A5584049
@Alternate Data Stream - 138 bytes -> I:\ProgramData\TEMP:5E413CD6
@Alternate Data Stream - 137 bytes -> I:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 137 bytes -> I:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 136 bytes -> I:\ProgramData\TEMP:80F63EC3
@Alternate Data Stream - 135 bytes -> I:\ProgramData\TEMP:C6D0ABC3
@Alternate Data Stream - 134 bytes -> I:\ProgramData\TEMP:EDC744FB
@Alternate Data Stream - 134 bytes -> I:\ProgramData\TEMP:61B54B15
@Alternate Data Stream - 134 bytes -> I:\ProgramData\TEMP:0F3F6B1E
@Alternate Data Stream - 133 bytes -> I:\ProgramData\TEMP:7BFAAE70
@Alternate Data Stream - 133 bytes -> I:\ProgramData\TEMP:0E684AC9
@Alternate Data Stream - 132 bytes -> I:\ProgramData\TEMP:551BED5F
@Alternate Data Stream - 132 bytes -> I:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 131 bytes -> I:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 131 bytes -> I:\ProgramData\TEMP:C5E2BAEE
@Alternate Data Stream - 131 bytes -> I:\ProgramData\TEMP:B38BEEEE
@Alternate Data Stream - 131 bytes -> I:\ProgramData\TEMP:A9562832
@Alternate Data Stream - 131 bytes -> I:\ProgramData\TEMP:26FBC1F9
@Alternate Data Stream - 130 bytes -> I:\ProgramData\TEMP:B3196E8D
@Alternate Data Stream - 130 bytes -> I:\ProgramData\TEMP:9B721CFF
@Alternate Data Stream - 129 bytes -> I:\ProgramData\TEMP:A2FF62A6
@Alternate Data Stream - 129 bytes -> I:\ProgramData\TEMP:80EA2EA3
@Alternate Data Stream - 128 bytes -> I:\ProgramData\TEMP:4E243396
@Alternate Data Stream - 128 bytes -> I:\ProgramData\TEMP:45F3AD49
@Alternate Data Stream - 128 bytes -> I:\ProgramData\TEMP:3B812EE0
@Alternate Data Stream - 127 bytes -> I:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 127 bytes -> I:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 126 bytes -> I:\ProgramData\TEMP:BF640EE5
@Alternate Data Stream - 126 bytes -> I:\ProgramData\TEMP:71AEFFEB
@Alternate Data Stream - 126 bytes -> I:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 126 bytes -> I:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 125 bytes -> I:\ProgramData\TEMP:E895790F
@Alternate Data Stream - 125 bytes -> I:\ProgramData\TEMP:C72A744C
@Alternate Data Stream - 125 bytes -> I:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 124 bytes -> I:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 123 bytes -> I:\ProgramData\TEMP:67CF910D
@Alternate Data Stream - 123 bytes -> I:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 123 bytes -> I:\ProgramData\TEMP:070D9534
@Alternate Data Stream - 120 bytes -> I:\ProgramData\TEMP:E3B5F2D1
@Alternate Data Stream - 119 bytes -> I:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 119 bytes -> I:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 118 bytes -> I:\ProgramData\TEMP:FD000392
@Alternate Data Stream - 118 bytes -> I:\ProgramData\TEMP:E83EE313
@Alternate Data Stream - 118 bytes -> I:\ProgramData\TEMP:D9F34335
@Alternate Data Stream - 115 bytes -> I:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 114 bytes -> I:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 111 bytes -> I:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 109 bytes -> I:\ProgramData\TEMP:2E49FF93
@Alternate Data Stream - 109 bytes -> I:\ProgramData\TEMP:22313216
@Alternate Data Stream - 108 bytes -> I:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 108 bytes -> I:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 107 bytes -> I:\ProgramData\TEMP:523B97A0
@Alternate Data Stream - 107 bytes -> I:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 105 bytes -> I:\ProgramData\TEMP:92A815D8
@Alternate Data Stream - 105 bytes -> I:\ProgramData\TEMP:225CD7D5
< End of report >
--- --- ---


Vielen Dank im Voraus

markusg 11.06.2013 17:44
ok.
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O20 - HKU\Daniela_ON_I Winlogon: Shell - (C:\Users\Daniela\AppData\Roaming\AltShell.dat) - I:\Users\Daniela\AppData\Roaming\AltShell.dat ()
[2013/06/10 16:19:50 | 000,000,004 | ---- | M] () -- I:\Users\Daniela\AppData\Roaming\AltShell.ini
:Files
:Commands
[EMPTYFLASH]
[emptytemp]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Detnaw86 11.06.2013 19:16
Ok, ist erledigt, Windows bootet wieder und endlich kein Weißer Screen mehr, war schon etwas nervig :)

Die OTL.txt hat sich glaub ich nicht geändert, aber hier das Log File

OTL Logfile:
Code:
OTL logfile created on: 6/11/2013 8:03:18 PM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
Windows 7 Ultimate  (Version = 6.1.7600) - Type = System
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = I: | %SystemRoot% = I:\Windows | %ProgramFiles% = I:\Program Files
Drive C: | 100.00 Mb Total Space | 74.17 Mb Free Space | 74.17% Space Free | Partition Type: NTFS
Drive D: | 7.52 Gb Total Space | 7.45 Gb Free Space | 99.07% Space Free | Partition Type: NTFS
Drive I: | 465.66 Gb Total Space | 409.16 Gb Free Space | 87.87% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - [2013/05/15 06:27:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- I:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/01 21:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand] -- I:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe -- (BBUpdate)
SRV - [2013/04/01 21:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto] -- I:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.exe -- (BBSvc)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- I:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- I:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/30 18:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto] -- I:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2012/10/28 15:57:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand] -- I:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- I:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- I:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled] -- I:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System] -- I:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System] -- I:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,199,320 | ---- | M] (AVAST Software) [Kernel | Boot] -- I:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System] -- I:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto] -- I:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 18:51:56 | 000,106,560 | ---- | M] (AVAST Software) [Kernel | System] -- I:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto] -- I:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/30 18:51:56 | 000,020,624 | ---- | M] (AVAST Software) [Kernel | System] -- I:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2012/10/15 12:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System] -- I:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV - [2011/11/28 13:26:19 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot] -- I:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011/10/10 06:12:08 | 000,271,360 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/09/19 06:09:17 | 000,018,048 | ---- | M] () [Kernel | Auto] -- I:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/02/21 15:33:47 | 000,431,672 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- I:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- I:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- I:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand] -- I:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Daniela_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\Daniela_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\Daniela_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\Daniela_ON_I\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 A0 62 47 A9 F6 CB 01  [binary data]
IE - HKU\Daniela_ON_I\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: I:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: I:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: I:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: I:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: I:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: I:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: I:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: I:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: I:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/03/09 10:31:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/28 15:57:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/28 15:57:07 | 000,000,000 | ---D | M]
 
[2012/03/13 02:13:35 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Daniela\AppData\Roaming\Mozilla\Extensions
[2013/05/26 09:50:24 | 000,000,000 | ---D | M] (No name found) -- I:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\iymeoaaj.default\extensions
[2012/03/13 02:15:47 | 000,000,000 | ---D | M] (webmiles-Sammelfreund) -- I:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\iymeoaaj.default\extensions\sammelfreund@webmiles.de
[2012/10/28 15:57:06 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\extensions
[2013/05/27 04:19:08 | 000,000,000 | ---D | M] (No name found) -- I:\Program Files\Mozilla Firefox\updated\extensions
[2013/05/27 04:19:14 | 000,000,000 | ---D | M] (Default) -- I:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2013/03/09 10:31:17 | 000,000,000 | ---D | M] (avast! WebRep) -- I:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/10/28 15:57:10 | 000,261,600 | ---- | M] (Mozilla Foundation) -- I:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/08 06:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- I:\Program Files\mozilla firefox\plugins\npmidas.dll
[2012/02/16 07:02:53 | 000,001,392 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/16 12:04:23 | 000,002,465 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 07:02:53 | 000,001,153 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/04/09 07:30:28 | 000,002,047 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/16 07:02:53 | 000,006,805 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/16 07:02:53 | 000,001,178 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/16 07:02:53 | 000,001,105 | ---- | M] () -- I:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - I:\Windows\System32\drivers\etc\hosts
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - I:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - I:\Program Files\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - I:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - I:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - I:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - I:\Program Files\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll (facemoods.com)
O4 - HKLM..\Run: [avast] I:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [facemoods] I:\Program Files\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe (facemoods.com)
O4 - HKU\LocalService_ON_I..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_I..\RunOnce: [mctadmin] I:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: I:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O20 - HKLM Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - I:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Daniela_ON_I Winlogon: Shell - (explorer.exe) - I:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Daniela_ON_I Winlogon: Shell - (C:\Users\Daniela\AppData\Roaming\AltShell.dat) - I:\Users\Daniela\AppData\Roaming\AltShell.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - I:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ca358540-3df2-11e0-a77f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ca358540-3df2-11e0-a77f-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Setupx.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - I:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - I:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - I:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - I:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - I:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - I:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[1 I:\Windows\*.tmp files -> I:\Windows\*.tmp -> ]
[1 I:\Program Files\*.tmp files -> I:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/10 16:20:10 | 000,067,584 | --S- | M] () -- I:\Windows\bootstat.dat
[2013/06/10 16:19:50 | 000,000,004 | ---- | M] () -- I:\Users\Daniela\AppData\Roaming\AltShell.ini
[2013/06/10 16:19:30 | 000,001,096 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/10 16:19:20 | 2407,407,616 | -HS- | M] () -- I:\hiberfil.sys
[2013/06/09 08:45:08 | 000,412,744 | ---- | M] () -- I:\Windows\System32\FNTCACHE.DAT
[2013/06/07 07:12:59 | 000,016,944 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 07:12:59 | 000,016,944 | -H-- | M] () -- I:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/31 12:03:10 | 000,001,100 | ---- | M] () -- I:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/31 08:27:03 | 000,000,884 | ---- | M] () -- I:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/15 06:27:34 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\System32\FlashPlayerApp.exe
[2013/05/15 06:27:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- I:\Windows\System32\FlashPlayerCPLApp.cpl
[1 I:\Windows\*.tmp files -> I:\Windows\*.tmp -> ]
[1 I:\Program Files\*.tmp files -> I:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/31 08:15:36 | 000,000,004 | ---- | C] () -- I:\Users\Daniela\AppData\Roaming\AltShell.ini
[2012/05/10 05:15:50 | 000,032,608 | ---- | C] () -- I:\Windows\king-uninstall.exe
[2012/04/03 13:55:12 | 000,033,134 | ---- | C] () -- I:\Users\Daniela\AppData\Roaming\UserTile.png
[2011/11/27 05:06:27 | 000,000,000 | ---- | C] () -- I:\Users\Daniela\AppData\Local\{D5A7741F-B6C4-456D-B90B-6495F111FBDC}
[2011/09/19 06:09:22 | 000,271,360 | ---- | C] () -- I:\Windows\System32\drivers\atksgt.sys
[2011/09/19 06:09:17 | 000,018,048 | ---- | C] () -- I:\Windows\System32\drivers\lirsgt.sys
[2011/08/26 07:04:28 | 000,000,000 | ---- | C] () -- I:\Users\Daniela\AppData\Local\{190476E7-FA41-451A-9F24-7A47B4B85B68}
[2011/06/12 07:32:23 | 000,011,264 | ---- | C] () -- I:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/01 05:34:50 | 000,000,049 | ---- | C] () -- I:\Windows\NeroDigital.ini
[2011/02/21 15:30:32 | 000,031,232 | ---- | C] () -- I:\Users\Daniela\AppData\Roaming\AltShell.dat
[2009/07/14 04:47:43 | 000,647,138 | ---- | C] () -- I:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- I:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,127,198 | ---- | C] () -- I:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- I:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- I:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,412,744 | ---- | C] () -- I:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,609,896 | ---- | C] () -- I:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- I:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,104,214 | ---- | C] () -- I:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- I:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- I:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- I:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- I:\Windows\System32\PrintBrmUi.exe
[2009/07/13 20:02:54 | 000,245,248 | ---- | C] () -- I:\Windows\System32\DShowRdpFilter.dll
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- I:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- I:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- I:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- I:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011/07/29 12:48:20 | 000,000,000 | ---D | M] -- I:\ProgramData\1912 Titanic Mystery
[2011/07/30 07:48:10 | 000,000,000 | ---D | M] -- I:\ProgramData\20000Leagues
[2011/02/21 15:53:24 | 000,000,000 | ---D | M] -- I:\ProgramData\ACD Systems
[2011/08/01 08:15:25 | 000,000,000 | ---D | M] -- I:\ProgramData\AdventureChronicles1
[2011/08/05 08:42:12 | 000,000,000 | ---D | M] -- I:\ProgramData\Alawar Stargaze
[2011/02/21 15:07:23 | 000,000,000 | ---D | M] -- I:\ProgramData\Alwil Software
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Application Data
[2012/02/22 03:19:56 | 000,000,000 | ---D | M] -- I:\ProgramData\AVAST Software
[2011/08/20 07:01:18 | 000,000,000 | ---D | M] -- I:\ProgramData\Becky Brogan
[2011/08/20 10:49:22 | 000,000,000 | ---D | M] -- I:\ProgramData\Big Fish Games
[2012/06/09 16:11:43 | 000,000,000 | ---D | M] -- I:\ProgramData\Christmasville
[2011/02/21 15:33:15 | 000,000,000 | ---D | M] -- I:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Documents
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Dokumente
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Favorites
[2012/08/03 15:02:12 | 000,000,000 | ---D | M] -- I:\ProgramData\Flood Light Games
[2012/11/17 14:35:08 | 000,000,000 | ---D | M] -- I:\ProgramData\Floodlight Games
[2011/07/30 03:50:58 | 000,000,000 | ---D | M] -- I:\ProgramData\FloodLightGames
[2011/05/07 05:12:16 | 000,000,000 | ---D | M] -- I:\ProgramData\GameHouse
[2011/08/13 13:36:38 | 000,000,000 | ---D | M] -- I:\ProgramData\Gamers Digital
[2013/05/29 13:59:07 | 000,000,000 | ---D | M] -- I:\ProgramData\GARTEN8C
[2011/08/21 13:16:04 | 000,000,000 | ---D | M] -- I:\ProgramData\JollyBear
[2012/05/12 15:42:48 | 000,000,000 | ---D | M] -- I:\ProgramData\JoyBits
[2011/08/17 09:58:38 | 000,000,000 | ---D | M] -- I:\ProgramData\Meridian93
[2011/08/23 02:01:51 | 000,000,000 | ---D | M] -- I:\ProgramData\Merscom
[2011/04/12 12:59:00 | 000,000,000 | ---D | M] -- I:\ProgramData\oNh01804oAiOb01804
[2011/08/17 13:22:43 | 000,000,000 | ---D | M] -- I:\ProgramData\Particles
[2011/08/19 11:51:48 | 000,000,000 | ---D | M] -- I:\ProgramData\PoBros
[2011/08/07 07:22:07 | 000,000,000 | ---D | M] -- I:\ProgramData\Product
[2011/08/07 07:22:07 | 000,000,000 | ---D | M] -- I:\ProgramData\QuickClick
[2011/09/18 11:43:02 | 000,000,000 | ---D | M] -- I:\ProgramData\Solidshield
[2011/08/17 15:06:16 | 000,000,000 | ---D | M] -- I:\ProgramData\sowhat
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Start Menu
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Startmenü
[2011/08/14 04:55:22 | 000,000,000 | ---D | M] -- I:\ProgramData\TeleportGamesLtd
[2012/11/23 12:48:55 | 000,000,000 | ---D | M] -- I:\ProgramData\TEMP
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\ProgramData\Templates
[2012/01/11 07:34:03 | 000,000,000 | ---D | M] -- I:\ProgramData\tmp
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\ProgramData\Vorlagen
[2011/04/27 13:04:44 | 000,000,000 | ---D | M] -- I:\ProgramData\Zylom
[2013/04/23 08:30:08 | 000,032,632 | ---- | M] () -- I:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/12/12 10:18:50 | 000,000,000 | -HSD | M] -- I:\$Recycle.Bin
[2012/08/02 14:35:37 | 000,000,000 | ---D | M] -- I:\BigFishGamesCache
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- I:\Documents and Settings
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\Dokumente und Einstellungen
[2011/02/21 15:46:18 | 000,000,000 | RH-D | M] -- I:\MSOCache
[2009/07/13 22:37:05 | 000,000,000 | ---D | M] -- I:\PerfLogs
[2013/05/14 04:58:19 | 000,000,000 | R--D | M] -- I:\Program Files
[2012/11/17 14:35:08 | 000,000,000 | -H-D | M] -- I:\ProgramData
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\Programme
[2011/02/21 15:00:20 | 000,000,000 | -HSD | M] -- I:\Recovery
[2013/05/25 09:57:45 | 000,000,000 | -HSD | M] -- I:\System Volume Information
[2011/02/21 15:00:56 | 000,000,000 | R--D | M] -- I:\Users
[2013/05/31 08:44:55 | 000,000,000 | ---D | M] -- I:\Windows
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- I:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- I:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- I:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- I:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- I:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- I:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- I:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- I:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- I:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- I:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- I:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- I:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- I:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- I:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- I:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- I:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- I:\Windows\System32\user32.dll
[2009/07/13 21:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- I:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\System32\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- I:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- I:\Windows\System32\winlogon.exe
[2009/10/28 02:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- I:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 01:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- I:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 21:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- I:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- I:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/13 19:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- I:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:21 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- I:\Windows\system32\fontext.dll
[2010/07/27 10:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- I:\Windows\system32\shell32.dll
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> I:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 96 bytes -> I:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 95 bytes -> I:\ProgramData\TEMP:E32966C0
@Alternate Data Stream - 148 bytes -> I:\ProgramData\TEMP:51A20D23
@Alternate Data Stream - 148 bytes -> I:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 147 bytes -> I:\ProgramData\TEMP:140AD176
@Alternate Data Stream - 146 bytes -> I:\ProgramData\TEMP:CC4C59B4
@Alternate Data Stream - 145 bytes -> I:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 145 bytes -> I:\ProgramData\TEMP:89C28CF6
@Alternate Data Stream - 145 bytes -> I:\ProgramData\TEMP:3D186293
@Alternate Data Stream - 144 bytes -> I:\ProgramData\TEMP:C6920A5D
@Alternate Data Stream - 144 bytes -> I:\ProgramData\TEMP:53DF4438
@Alternate Data Stream - 143 bytes -> I:\ProgramData\TEMP:E7B4296D
@Alternate Data Stream - 142 bytes -> I:\ProgramData\TEMP:94874C0A
@Alternate Data Stream - 141 bytes -> I:\ProgramData\TEMP:E9FAC3AB
@Alternate Data Stream - 141 bytes -> I:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 141 bytes -> I:\ProgramData\TEMP:89CF6F9C
@Alternate Data Stream - 140 bytes -> I:\ProgramData\TEMP:7E082023
@Alternate Data Stream - 140 bytes -> I:\ProgramData\TEMP:75978481
@Alternate Data Stream - 139 bytes -> I:\ProgramData\TEMP:4B1195DD
@Alternate Data Stream - 138 bytes -> I:\ProgramData\TEMP:A5584049
@Alternate Data Stream - 138 bytes -> I:\ProgramData\TEMP:5E413CD6
@Alternate Data Stream - 137 bytes -> I:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 137 bytes -> I:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 136 bytes -> I:\ProgramData\TEMP:80F63EC3
@Alternate Data Stream - 135 bytes -> I:\ProgramData\TEMP:C6D0ABC3
@Alternate Data Stream - 134 bytes -> I:\ProgramData\TEMP:EDC744FB
@Alternate Data Stream - 134 bytes -> I:\ProgramData\TEMP:61B54B15
@Alternate Data Stream - 134 bytes -> I:\ProgramData\TEMP:0F3F6B1E
@Alternate Data Stream - 133 bytes -> I:\ProgramData\TEMP:7BFAAE70
@Alternate Data Stream - 133 bytes -> I:\ProgramData\TEMP:0E684AC9
@Alternate Data Stream - 132 bytes -> I:\ProgramData\TEMP:551BED5F
@Alternate Data Stream - 132 bytes -> I:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 131 bytes -> I:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 131 bytes -> I:\ProgramData\TEMP:C5E2BAEE
@Alternate Data Stream - 131 bytes -> I:\ProgramData\TEMP:B38BEEEE
@Alternate Data Stream - 131 bytes -> I:\ProgramData\TEMP:A9562832
@Alternate Data Stream - 131 bytes -> I:\ProgramData\TEMP:26FBC1F9
@Alternate Data Stream - 130 bytes -> I:\ProgramData\TEMP:B3196E8D
@Alternate Data Stream - 130 bytes -> I:\ProgramData\TEMP:9B721CFF
@Alternate Data Stream - 129 bytes -> I:\ProgramData\TEMP:A2FF62A6
@Alternate Data Stream - 129 bytes -> I:\ProgramData\TEMP:80EA2EA3
@Alternate Data Stream - 128 bytes -> I:\ProgramData\TEMP:4E243396
@Alternate Data Stream - 128 bytes -> I:\ProgramData\TEMP:45F3AD49
@Alternate Data Stream - 128 bytes -> I:\ProgramData\TEMP:3B812EE0
@Alternate Data Stream - 127 bytes -> I:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 127 bytes -> I:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 126 bytes -> I:\ProgramData\TEMP:BF640EE5
@Alternate Data Stream - 126 bytes -> I:\ProgramData\TEMP:71AEFFEB
@Alternate Data Stream - 126 bytes -> I:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 126 bytes -> I:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 125 bytes -> I:\ProgramData\TEMP:E895790F
@Alternate Data Stream - 125 bytes -> I:\ProgramData\TEMP:C72A744C
@Alternate Data Stream - 125 bytes -> I:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 124 bytes -> I:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 123 bytes -> I:\ProgramData\TEMP:67CF910D
@Alternate Data Stream - 123 bytes -> I:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 123 bytes -> I:\ProgramData\TEMP:070D9534
@Alternate Data Stream - 120 bytes -> I:\ProgramData\TEMP:E3B5F2D1
@Alternate Data Stream - 119 bytes -> I:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 119 bytes -> I:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 118 bytes -> I:\ProgramData\TEMP:FD000392
@Alternate Data Stream - 118 bytes -> I:\ProgramData\TEMP:E83EE313
@Alternate Data Stream - 118 bytes -> I:\ProgramData\TEMP:D9F34335
@Alternate Data Stream - 115 bytes -> I:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 114 bytes -> I:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 111 bytes -> I:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 109 bytes -> I:\ProgramData\TEMP:2E49FF93
@Alternate Data Stream - 109 bytes -> I:\ProgramData\TEMP:22313216
@Alternate Data Stream - 108 bytes -> I:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 108 bytes -> I:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 107 bytes -> I:\ProgramData\TEMP:523B97A0
@Alternate Data Stream - 107 bytes -> I:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 105 bytes -> I:\ProgramData\TEMP:92A815D8
@Alternate Data Stream - 105 bytes -> I:\ProgramData\TEMP:225CD7D5
< End of report >
--- --- ---



Und hier noch die Log Datei nach dem Fix

========== OTL ==========
Registry value HKEY_USERS\Daniela_ON_I\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Daniela\AppData\Roaming\AltShell.dat deleted successfully.
I:\Users\Daniela\AppData\Roaming\AltShell.dat moved successfully.
I:\Users\Daniela\AppData\Roaming\AltShell.ini moved successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Daniela
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Daniela
User: Default
User: Default User
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38263585 bytes
Total Files Cleaned = 36.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 06112013_235753


Versuche gerade den Upload der MovedFiles.zip, aber der Upload antwortet nicht, also es steht die ganze Zeit "Warten auf upload.trojaner-forum.de..."

Timeout kommt zwar auch keiner, aber keine Ahnung ob ich noch warten soll, oder lieber nochmal versuchen.

Schonmal danke soweit, bin sehr froh dass es euch gibt, ich als Halb-Laie wäre mit dem Ding nicht zurecht gekommen, auch wenn es noch ein weiter Weg ist :dankeschoen:

markusg 11.06.2013 19:20
File-Upload.net - Ihr kostenloser File Hoster!
da hochladen, wenns nicht geht, und link als Private Nachicht an mich

Detnaw86 11.06.2013 19:27
Jetzt hat es plötzlich bei eurem Upload Channel geklappt.

markusg 12.06.2013 14:46
thx.
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Detnaw86 12.06.2013 20:25
Dankeschön.

Hier die Log Datei:

01:08:43.0557 2516 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:08:43.0573 2516 ============================================================
01:08:43.0573 2516 Current date / time: 2013/06/13 01:08:43.0573
01:08:43.0573 2516 SystemInfo:
01:08:43.0573 2516
01:08:43.0573 2516 OS Version: 6.1.7600 ServicePack: 0.0
01:08:43.0573 2516 Product type: Workstation
01:08:43.0573 2516 ComputerName: DANIELA-PC
01:08:43.0573 2516 UserName: Daniela
01:08:43.0573 2516 Windows directory: C:\Windows
01:08:43.0573 2516 System windows directory: C:\Windows
01:08:43.0573 2516 Processor architecture: Intel x86
01:08:43.0573 2516 Number of processors: 2
01:08:43.0573 2516 Page size: 0x1000
01:08:43.0573 2516 Boot type: Normal boot
01:08:43.0573 2516 ============================================================
01:08:44.0743 2516 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
01:08:44.0774 2516 Drive \Device\Harddisk5\DR5 - Size: 0x1E1509000 (7.52 Gb), SectorSize: 0x200, Cylinders: 0x3D5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:08:44.0774 2516 ============================================================
01:08:44.0774 2516 \Device\Harddisk0\DR0:
01:08:44.0790 2516 MBR partitions:
01:08:44.0790 2516 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
01:08:44.0790 2516 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
01:08:44.0790 2516 \Device\Harddisk5\DR5:
01:08:44.0790 2516 MBR partitions:
01:08:44.0790 2516 ============================================================
01:08:44.0805 2516 C: <-> \Device\Harddisk0\DR0\Partition2
01:08:44.0805 2516 ============================================================
01:08:44.0805 2516 Initialize success
01:08:44.0805 2516 ============================================================
01:09:02.0199 0472 ============================================================
01:09:02.0199 0472 Scan started
01:09:02.0199 0472 Mode: Manual; SigCheck; TDLFS;
01:09:02.0199 0472 ============================================================
01:09:03.0837 0472 ================ Scan system memory ========================
01:09:03.0837 0472 System memory - ok
01:09:03.0837 0472 ================ Scan services =============================
01:09:03.0946 0472 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
01:09:04.0071 0472 1394ohci - ok
01:09:04.0102 0472 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
01:09:04.0118 0472 ACPI - ok
01:09:04.0149 0472 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
01:09:04.0180 0472 AcpiPmi - ok
01:09:04.0274 0472 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
01:09:04.0290 0472 AdobeARMservice - ok
01:09:04.0352 0472 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
01:09:04.0368 0472 AdobeFlashPlayerUpdateSvc - ok
01:09:04.0399 0472 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
01:09:04.0414 0472 adp94xx - ok
01:09:04.0446 0472 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
01:09:04.0461 0472 adpahci - ok
01:09:04.0477 0472 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
01:09:04.0492 0472 adpu320 - ok
01:09:04.0524 0472 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:09:04.0555 0472 AeLookupSvc - ok
01:09:04.0617 0472 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys
01:09:04.0664 0472 AFD - ok
01:09:04.0695 0472 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
01:09:04.0711 0472 agp440 - ok
01:09:04.0711 0472 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
01:09:04.0726 0472 aic78xx - ok
01:09:04.0742 0472 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
01:09:04.0789 0472 ALG - ok
01:09:04.0820 0472 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
01:09:04.0820 0472 aliide - ok
01:09:04.0836 0472 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
01:09:04.0851 0472 amdagp - ok
01:09:04.0851 0472 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
01:09:04.0867 0472 amdide - ok
01:09:04.0882 0472 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:09:04.0914 0472 AmdK8 - ok
01:09:04.0945 0472 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
01:09:04.0976 0472 AmdPPM - ok
01:09:05.0007 0472 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
01:09:05.0007 0472 amdsata - ok
01:09:05.0038 0472 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
01:09:05.0054 0472 amdsbs - ok
01:09:05.0070 0472 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
01:09:05.0070 0472 amdxata - ok
01:09:05.0085 0472 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
01:09:05.0132 0472 AppID - ok
01:09:05.0148 0472 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:09:05.0194 0472 AppIDSvc - ok
01:09:05.0210 0472 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
01:09:05.0257 0472 Appinfo - ok
01:09:05.0288 0472 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
01:09:05.0304 0472 AppMgmt - ok
01:09:05.0319 0472 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
01:09:05.0319 0472 arc - ok
01:09:05.0335 0472 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
01:09:05.0350 0472 arcsas - ok
01:09:05.0397 0472 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
01:09:05.0460 0472 aswFsBlk - ok
01:09:05.0506 0472 [ CCAFDA4AB7F3738142B3BA7DA311FFB0 ] aswFW C:\Windows\system32\drivers\aswFW.sys
01:09:05.0538 0472 aswFW - ok
01:09:05.0584 0472 [ E2FEE0486D68BF85355D3EDA1A24FF68 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys
01:09:05.0772 0472 aswKbd - ok
01:09:05.0818 0472 [ 62F9DCEC95F91B8E0203E85D344A7E65 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
01:09:05.0834 0472 aswMonFlt - ok
01:09:05.0850 0472 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys
01:09:05.0865 0472 aswNdis - ok
01:09:05.0896 0472 [ DCF8B68A3A6217F87CA7FA95F535B47E ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys
01:09:05.0912 0472 aswNdis2 - ok
01:09:05.0943 0472 [ 81F638A2DD94ABBF0B43880AB38D8DBD ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
01:09:05.0959 0472 aswRdr - ok
01:09:06.0006 0472 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
01:09:06.0037 0472 aswSnx - ok
01:09:06.0052 0472 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\Windows\system32\drivers\aswSP.sys
01:09:06.0084 0472 aswSP - ok
01:09:06.0099 0472 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
01:09:06.0115 0472 aswTdi - ok
01:09:06.0130 0472 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:09:06.0177 0472 AsyncMac - ok
01:09:06.0224 0472 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\DRIVERS\atapi.sys
01:09:06.0240 0472 atapi - ok
01:09:06.0302 0472 [ 6E996CF8459A2594E0E9609D0E34D41F ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
01:09:06.0302 0472 atksgt ( UnsignedFile.Multi.Generic ) - warning
01:09:06.0302 0472 atksgt - detected UnsignedFile.Multi.Generic (1)
01:09:06.0333 0472 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:09:06.0396 0472 AudioEndpointBuilder - ok
01:09:06.0411 0472 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
01:09:06.0442 0472 Audiosrv - ok
01:09:06.0520 0472 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
01:09:06.0536 0472 avast! Antivirus - ok
01:09:06.0583 0472 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\Alwil Software\Avast5\afwServ.exe
01:09:06.0614 0472 avast! Firewall - ok
01:09:06.0614 0472 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:09:06.0645 0472 AxInstSV - ok
01:09:06.0692 0472 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
01:09:06.0739 0472 b06bdrv - ok
01:09:06.0770 0472 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
01:09:06.0817 0472 b57nd60x - ok
01:09:06.0942 0472 [ 4AA81E69A0A99035392880DBC953B1A1 ] BBSvc C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.exe
01:09:06.0957 0472 BBSvc - ok
01:09:07.0004 0472 [ 49CBA45AB82D25A6FFC4ECB3307BC9E7 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe
01:09:07.0020 0472 BBUpdate - ok
01:09:07.0051 0472 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
01:09:07.0066 0472 BDESVC - ok
01:09:07.0113 0472 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
01:09:07.0176 0472 Beep - ok
01:09:07.0207 0472 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
01:09:07.0254 0472 BFE - ok
01:09:07.0300 0472 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
01:09:07.0363 0472 BITS - ok
01:09:07.0410 0472 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
01:09:07.0456 0472 blbdrive - ok
01:09:07.0503 0472 [ FCAFAEF6798D7B51FF029F99A9898961 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:09:07.0550 0472 bowser - ok
01:09:07.0597 0472 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:09:07.0628 0472 BrFiltLo - ok
01:09:07.0659 0472 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:09:07.0706 0472 BrFiltUp - ok
01:09:07.0737 0472 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
01:09:07.0784 0472 Browser - ok
01:09:07.0800 0472 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
01:09:07.0815 0472 Brserid - ok
01:09:07.0831 0472 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
01:09:07.0862 0472 BrSerWdm - ok
01:09:07.0878 0472 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
01:09:07.0893 0472 BrUsbMdm - ok
01:09:07.0909 0472 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
01:09:07.0940 0472 BrUsbSer - ok
01:09:07.0971 0472 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:09:08.0002 0472 BTHMODEM - ok
01:09:08.0034 0472 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
01:09:08.0080 0472 bthserv - ok
01:09:08.0127 0472 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:09:08.0158 0472 cdfs - ok
01:09:08.0205 0472 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:09:08.0221 0472 cdrom - ok
01:09:08.0236 0472 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
01:09:08.0299 0472 CertPropSvc - ok
01:09:08.0314 0472 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
01:09:08.0330 0472 circlass - ok
01:09:08.0361 0472 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
01:09:08.0377 0472 CLFS - ok
01:09:08.0439 0472 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:09:08.0439 0472 clr_optimization_v2.0.50727_32 - ok
01:09:08.0470 0472 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:09:08.0486 0472 CmBatt - ok
01:09:08.0502 0472 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
01:09:08.0517 0472 cmdide - ok
01:09:08.0564 0472 [ 1B675691ED940766149C93E8F4488D68 ] CNG C:\Windows\system32\Drivers\cng.sys
01:09:08.0595 0472 CNG - ok
01:09:08.0611 0472 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:09:08.0626 0472 Compbatt - ok
01:09:08.0626 0472 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
01:09:08.0642 0472 CompositeBus - ok
01:09:08.0642 0472 COMSysApp - ok
01:09:08.0658 0472 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
01:09:08.0658 0472 crcdisk - ok
01:09:08.0689 0472 [ 9C231178CE4FB385F4B54B0A9080B8A4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:09:08.0736 0472 CryptSvc - ok
01:09:08.0767 0472 [ 27C9490BDD0AE48911AB8CF1932591ED ] CSC C:\Windows\system32\drivers\csc.sys
01:09:08.0814 0472 CSC - ok
01:09:08.0845 0472 [ 56FB5F222EA30D3D3FC459879772CB73 ] CscService C:\Windows\System32\cscsvc.dll
01:09:08.0892 0472 CscService - ok
01:09:08.0938 0472 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
01:09:09.0001 0472 DcomLaunch - ok
01:09:09.0048 0472 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
01:09:09.0110 0472 defragsvc - ok
01:09:09.0172 0472 [ 8E09E52EE2E3CEB199EF3DD99CF9E3FB ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:09:09.0235 0472 DfsC - ok
01:09:09.0266 0472 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
01:09:09.0313 0472 Dhcp - ok
01:09:09.0344 0472 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
01:09:09.0406 0472 discache - ok
01:09:09.0438 0472 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
01:09:09.0453 0472 Disk - ok
01:09:09.0469 0472 [ D0722E963D3C6145446874241401B209 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:09:09.0516 0472 Dnscache - ok
01:09:09.0547 0472 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
01:09:09.0594 0472 dot3svc - ok
01:09:09.0625 0472 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
01:09:09.0640 0472 DPS - ok
01:09:09.0672 0472 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:09:09.0703 0472 drmkaud - ok
01:09:09.0781 0472 [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:09:09.0796 0472 DXGKrnl - ok
01:09:09.0796 0472 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
01:09:09.0843 0472 EapHost - ok
01:09:09.0937 0472 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
01:09:10.0015 0472 ebdrv - ok
01:09:10.0046 0472 [ F42309C4191C506B71DB5D1126D26318 ] EFS C:\Windows\System32\lsass.exe
01:09:10.0093 0472 EFS - ok
01:09:10.0140 0472 [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:09:10.0186 0472 ehRecvr - ok
01:09:10.0218 0472 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
01:09:10.0264 0472 ehSched - ok
01:09:10.0296 0472 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
01:09:10.0327 0472 elxstor - ok
01:09:10.0342 0472 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
01:09:10.0389 0472 ErrDev - ok
01:09:10.0436 0472 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
01:09:10.0498 0472 EventSystem - ok
01:09:10.0514 0472 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
01:09:10.0530 0472 exfat - ok
01:09:10.0545 0472 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:09:10.0592 0472 fastfat - ok
01:09:10.0623 0472 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
01:09:10.0670 0472 Fax - ok
01:09:10.0701 0472 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:09:10.0732 0472 fdc - ok
01:09:10.0764 0472 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
01:09:10.0810 0472 fdPHost - ok
01:09:10.0842 0472 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
01:09:10.0857 0472 FDResPub - ok
01:09:10.0888 0472 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:09:10.0904 0472 FileInfo - ok
01:09:10.0904 0472 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:09:10.0935 0472 Filetrace - ok
01:09:10.0951 0472 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:09:10.0982 0472 flpydisk - ok
01:09:11.0013 0472 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:09:11.0029 0472 FltMgr - ok
01:09:11.0044 0472 [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache C:\Windows\system32\FntCache.dll
01:09:11.0091 0472 FontCache - ok
01:09:11.0154 0472 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:09:11.0169 0472 FontCache3.0.0.0 - ok
01:09:11.0185 0472 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:09:11.0200 0472 FsDepends - ok
01:09:11.0216 0472 [ A574B4360E438977038AAE4BF60D79A2 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:09:11.0216 0472 Fs_Rec - ok
01:09:11.0247 0472 [ DAFBD9FE39197495AED6D51F3B85B5D2 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:09:11.0263 0472 fvevol - ok
01:09:11.0278 0472 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
01:09:11.0294 0472 gagp30kx - ok
01:09:11.0325 0472 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
01:09:11.0356 0472 gpsvc - ok
01:09:11.0403 0472 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
01:09:11.0419 0472 gupdate - ok
01:09:11.0450 0472 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
01:09:11.0450 0472 gupdatem - ok
01:09:11.0481 0472 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
01:09:11.0497 0472 gusvc - ok
01:09:11.0512 0472 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
01:09:11.0544 0472 hcw85cir - ok
01:09:11.0590 0472 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:09:11.0637 0472 HdAudAddService - ok
01:09:11.0668 0472 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:09:11.0700 0472 HDAudBus - ok
01:09:11.0731 0472 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
01:09:11.0762 0472 HidBatt - ok
01:09:11.0793 0472 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:09:11.0840 0472 HidBth - ok
01:09:11.0871 0472 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
01:09:11.0902 0472 HidIr - ok
01:09:11.0949 0472 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
01:09:11.0965 0472 hidserv - ok
01:09:11.0996 0472 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:09:11.0996 0472 HidUsb - ok
01:09:12.0012 0472 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:09:12.0043 0472 hkmsvc - ok
01:09:12.0058 0472 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:09:12.0090 0472 HomeGroupListener - ok
01:09:12.0136 0472 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:09:12.0183 0472 HomeGroupProvider - ok
01:09:12.0214 0472 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
01:09:12.0230 0472 HpSAMD - ok
01:09:12.0261 0472 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:09:12.0324 0472 HTTP - ok
01:09:12.0355 0472 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:09:12.0370 0472 hwpolicy - ok
01:09:12.0402 0472 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:09:12.0433 0472 i8042prt - ok
01:09:12.0464 0472 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
01:09:12.0495 0472 iaStorV - ok
01:09:12.0542 0472 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:09:12.0573 0472 idsvc - ok
01:09:12.0948 0472 [ A79416044080F5ADE931517C45BE9D58 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
01:09:13.0057 0472 igfx - ok
01:09:13.0104 0472 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
01:09:13.0104 0472 iirsp - ok
01:09:13.0135 0472 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
01:09:13.0244 0472 IKEEXT - ok
01:09:13.0353 0472 [ 3914EA9111DBEFFAF1C68200817768AD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
01:09:13.0416 0472 IntcAzAudAddService - ok
01:09:13.0431 0472 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
01:09:13.0431 0472 intelide - ok
01:09:13.0462 0472 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:09:13.0478 0472 intelppm - ok
01:09:13.0509 0472 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:09:13.0556 0472 IPBusEnum - ok
01:09:13.0587 0472 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:09:13.0618 0472 IpFilterDriver - ok
01:09:13.0634 0472 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:09:13.0665 0472 iphlpsvc - ok
01:09:13.0681 0472 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
01:09:13.0696 0472 IPMIDRV - ok
01:09:13.0728 0472 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:09:13.0774 0472 IPNAT - ok
01:09:13.0790 0472 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:09:13.0806 0472 IRENUM - ok
01:09:13.0821 0472 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
01:09:13.0837 0472 isapnp - ok
01:09:13.0852 0472 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
01:09:13.0868 0472 iScsiPrt - ok
01:09:13.0899 0472 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:09:13.0915 0472 kbdclass - ok
01:09:13.0930 0472 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:09:13.0946 0472 kbdhid - ok
01:09:13.0977 0472 [ F42309C4191C506B71DB5D1126D26318 ] KeyIso C:\Windows\system32\lsass.exe
01:09:13.0993 0472 KeyIso - ok
01:09:14.0024 0472 [ E36A061EC11B373826905B21BE10948F ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:09:14.0040 0472 KSecDD - ok
01:09:14.0071 0472 [ 365C6154BBBC5377173F1CA7BFB6CC59 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:09:14.0071 0472 KSecPkg - ok
01:09:14.0133 0472 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
01:09:14.0196 0472 KtmRm - ok
01:09:14.0320 0472 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
01:09:14.0352 0472 LanmanServer - ok
01:09:14.0367 0472 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:09:14.0414 0472 LanmanWorkstation - ok
01:09:14.0461 0472 [ 975B6CF65F44E95883F3855BAE8CECAF ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
01:09:14.0508 0472 lirsgt ( UnsignedFile.Multi.Generic ) - warning
01:09:14.0508 0472 lirsgt - detected UnsignedFile.Multi.Generic (1)
01:09:14.0570 0472 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:09:14.0632 0472 lltdio - ok
01:09:14.0695 0472 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:09:14.0742 0472 lltdsvc - ok
01:09:14.0804 0472 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
01:09:14.0866 0472 lmhosts - ok
01:09:14.0898 0472 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
01:09:14.0913 0472 LSI_FC - ok
01:09:14.0944 0472 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
01:09:14.0960 0472 LSI_SAS - ok
01:09:14.0960 0472 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:09:14.0976 0472 LSI_SAS2 - ok
01:09:14.0991 0472 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:09:15.0007 0472 LSI_SCSI - ok
01:09:15.0038 0472 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
01:09:15.0085 0472 luafv - ok
01:09:15.0194 0472 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
01:09:15.0225 0472 McComponentHostService - ok
01:09:15.0256 0472 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:09:15.0272 0472 Mcx2Svc - ok
01:09:15.0288 0472 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
01:09:15.0303 0472 megasas - ok
01:09:15.0303 0472 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
01:09:15.0319 0472 MegaSR - ok
01:09:15.0366 0472 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
01:09:15.0366 0472 Microsoft Office Groove Audit Service - ok
01:09:15.0397 0472 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
01:09:15.0412 0472 MMCSS - ok
01:09:15.0428 0472 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
01:09:15.0475 0472 Modem - ok
01:09:15.0522 0472 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:09:15.0553 0472 monitor - ok
01:09:15.0584 0472 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:09:15.0600 0472 mouclass - ok
01:09:15.0615 0472 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:09:15.0615 0472 mouhid - ok
01:09:15.0631 0472 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:09:15.0646 0472 mountmgr - ok
01:09:15.0693 0472 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:09:15.0709 0472 MozillaMaintenance - ok
01:09:15.0724 0472 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
01:09:15.0740 0472 mpio - ok
01:09:15.0756 0472 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:09:15.0802 0472 mpsdrv - ok
01:09:15.0849 0472 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
01:09:15.0880 0472 MpsSvc - ok
01:09:15.0896 0472 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:09:15.0912 0472 MRxDAV - ok
01:09:15.0958 0472 [ F1B6AA08497EA86CA6EF6F7A08B0BFB8 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:09:15.0974 0472 mrxsmb - ok
01:09:16.0005 0472 [ 5613358B4050F46F5A9832DA8050D6E4 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:09:16.0021 0472 mrxsmb10 - ok
01:09:16.0036 0472 [ 25C9792778D80FEB4C8201E62281BFDF ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:09:16.0052 0472 mrxsmb20 - ok
01:09:16.0083 0472 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
01:09:16.0083 0472 msahci - ok
01:09:16.0099 0472 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
01:09:16.0114 0472 msdsm - ok
01:09:16.0130 0472 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
01:09:16.0177 0472 MSDTC - ok
01:09:16.0192 0472 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:09:16.0224 0472 Msfs - ok
01:09:16.0224 0472 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:09:16.0270 0472 mshidkmdf - ok
01:09:16.0302 0472 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
01:09:16.0317 0472 msisadrv - ok
01:09:16.0333 0472 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:09:16.0364 0472 MSiSCSI - ok
01:09:16.0364 0472 msiserver - ok
01:09:16.0380 0472 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:09:16.0442 0472 MSKSSRV - ok
01:09:16.0473 0472 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:09:16.0489 0472 MSPCLOCK - ok
01:09:16.0504 0472 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:09:16.0536 0472 MSPQM - ok
01:09:16.0551 0472 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:09:16.0551 0472 MsRPC - ok
01:09:16.0567 0472 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:09:16.0567 0472 mssmbios - ok
01:09:16.0582 0472 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:09:16.0598 0472 MSTEE - ok
01:09:16.0614 0472 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
01:09:16.0629 0472 MTConfig - ok
01:09:16.0645 0472 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
01:09:16.0660 0472 Mup - ok
01:09:16.0676 0472 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
01:09:16.0738 0472 napagent - ok
01:09:16.0801 0472 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:09:16.0832 0472 NativeWifiP - ok
01:09:16.0879 0472 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:09:16.0910 0472 NDIS - ok
01:09:16.0926 0472 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:09:16.0972 0472 NdisCap - ok
01:09:17.0004 0472 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:09:17.0019 0472 NdisTapi - ok
01:09:17.0050 0472 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:09:17.0066 0472 Ndisuio - ok
01:09:17.0082 0472 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:09:17.0113 0472 NdisWan - ok
01:09:17.0113 0472 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:09:17.0144 0472 NDProxy - ok
01:09:17.0206 0472 [ A0101E836D2A39682E134C47B1565256 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
01:09:17.0238 0472 Nero BackItUp Scheduler 3 - ok
01:09:17.0253 0472 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:09:17.0284 0472 NetBIOS - ok
01:09:17.0331 0472 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:09:17.0378 0472 NetBT - ok
01:09:17.0409 0472 [ F42309C4191C506B71DB5D1126D26318 ] Netlogon C:\Windows\system32\lsass.exe
01:09:17.0425 0472 Netlogon - ok
01:09:17.0456 0472 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
01:09:17.0503 0472 Netman - ok
01:09:17.0534 0472 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
01:09:17.0581 0472 netprofm - ok
01:09:17.0612 0472 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:09:17.0628 0472 NetTcpPortSharing - ok
01:09:17.0643 0472 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
01:09:17.0643 0472 nfrd960 - ok
01:09:17.0659 0472 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
01:09:17.0690 0472 NlaSvc - ok
01:09:17.0737 0472 [ 6EF0506CE1F553E9BD085645933C8686 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
01:09:17.0768 0472 NMIndexingService - ok
01:09:17.0799 0472 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:09:17.0815 0472 Npfs - ok
01:09:17.0830 0472 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
01:09:17.0862 0472 nsi - ok
01:09:17.0877 0472 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:09:17.0940 0472 nsiproxy - ok
01:09:18.0002 0472 [ 3795DCD21F740EE799FB7223234215AF ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:09:18.0033 0472 Ntfs - ok
01:09:18.0049 0472 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
01:09:18.0096 0472 Null - ok
01:09:18.0127 0472 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
01:09:18.0127 0472 nvraid - ok
01:09:18.0158 0472 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
01:09:18.0158 0472 nvstor - ok
01:09:18.0174 0472 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
01:09:18.0189 0472 nv_agp - ok
01:09:18.0252 0472 [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:09:18.0267 0472 odserv - ok
01:09:18.0283 0472 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
01:09:18.0330 0472 ohci1394 - ok
01:09:18.0345 0472 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:09:18.0361 0472 ose - ok
01:09:18.0392 0472 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

LG Daniel

markusg 12.06.2013 20:30
hi dein log is ja vollkommen unformatiert hängs mal als datei an

Detnaw86 12.06.2013 20:35
Darf ich sie als 7z anhängen?
Da die TXT Datei zu groß ist um sie anzuhängen (97KB erlaubt, hat aber 127KB)

markusg 12.06.2013 20:38
dann teile sie oder packe sieb

Detnaw86 12.06.2013 20:44
Liste der Anhänge anzeigen (Anzahl: 1)
Ok, hab sie geteilt.

markusg 12.06.2013 20:48
Hi
tdss killer nach anleitung starten, scannen.
TDSS File System
wählen, delete wählen.
neustarten, tdss killer nach anleitung ausführen, neues Log posten oder anhängen

Detnaw86 12.06.2013 21:11
Liste der Anhänge anzeigen (Anzahl: 2)
Hallo,
ist soweit erledigt.

Logs im Anhang.

markusg 12.06.2013 21:13
Hi,
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Detnaw86 13.06.2013 19:53
Liste der Anhänge anzeigen (Anzahl: 1)
So Combofix ist auch durch.

Combofix Logfile:
Code:
ComboFix 13-06-13.01 - Daniela 14.06.2013  20:26:57.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.43.1031.18.3061.2215 [GMT 2:00]
ausgeführt von:: c:\users\Daniela\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.4\uninstall.exe
c:\program files\facemoods.com\sqlite3.dll
c:\users\Daniela\evmbzvaiasjw.exe.vir
c:\users\Daniela\jubmbefvjeqvqxtftre.exe.vir
c:\users\Daniela\owxtlarcgzl.exe.vir
c:\users\Daniela\tlrbkcjwbzxrwnpqense.exe.vir
c:\users\Daniela\uzkyrdknkzdutfg.exe.vir
c:\users\Daniela\zwzthytbtof.exe.vir
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-05-14 bis 2013-06-14  ))))))))))))))))))))))))))))))
.
.
2013-06-14 18:32 . 2013-06-14 18:43        --------        d-----w-        c:\users\Daniela\AppData\Local\temp
2013-06-14 18:32 . 2013-06-14 18:32        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-06-12 23:53 . 2013-06-12 23:53        --------        d-----w-        C:\TDSSKiller_Quarantine
2013-06-12 03:57 . 2013-06-11 22:04        --------        d-----w-        C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 10:27 . 2012-04-02 17:13        71048        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 10:27 . 2012-04-02 17:13        692104        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-05-27 08:19 . 2013-05-27 08:19        263064        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50        121528        ----a-w-        c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10        576976        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10        576976        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10        576976        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10        576976        ----a-w-        c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06        958576        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-05 17:04        35736        ----a-w-        c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 11:51        202024        ----a-w-        c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20        1305408        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47        31016        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25        1828136        ----a-w-        c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57        153136        ----a-w-        c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.233.0\SeaPort.exe [2013-04-02 240264]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 RTL8187B;RTL8187B Drahtlos-802.11b/g-USB 2.0-Netzwerkadapter (54 MBit/s) von Realtek;c:\windows\system32\DRIVERS\RTL8187B.sys [2009-07-13 347136]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12112]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2012-10-30 133912]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.233.0\BBSvc.exe [2013-04-02 193672]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-05-27 13:03        1165776        ----a-w-        c:\program files\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 10:27]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 19:07]
.
2013-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-21 19:07]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\iymeoaaj.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.4\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.032"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.abr"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ani"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.arw"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bay"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bmp"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.bw"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cr2"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.crw"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cs1"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.cur"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dcr"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dcx"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dib"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djv"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.djvu"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.dng"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.emf"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.eps"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.erf"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fff"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.fpx"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.gif"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.hdr"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icl"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.icn"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iff"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ilbm"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.int"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.inta"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.iw4"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2c"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.j2k"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jbr"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jfif"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jif"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jp2"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpc"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpe"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpeg"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1749957628-620747233-1596779431-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpg"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpk"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.jpx"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.kdc"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.lbm"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mef"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mos"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.mrw"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.nef"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.orf"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pbm"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pbr"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pcd"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pct"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pcx"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pef"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pgm"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pic"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pict"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pix"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.png"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ppm"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.psd"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.psp"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pspbrush"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.pspimage"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.raf"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ras"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.raw"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rgb"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rgba"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rle"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.rsb"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sgi"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.sr2"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.srf"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tga"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.thm"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tif"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.tiff"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttc"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.ttf"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.v20po"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.v20pp"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v20ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.v20ppf"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbm"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wbmp"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.wmf"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xbm"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xif"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xmp"
.
[HKEY_USERS\S-1-5-21-1749957628-620747233-1596779431-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 2.0.xpm"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-06-14  20:46:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-06-14 18:46
.
Vor Suchlauf: 8 Verzeichnis(se), 439.662.489.600 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 440.443.899.904 Bytes frei
.
- - End Of File - - B713B8032D44F89DAB4D6BAE3B4C7C19
--- --- ---
A36C5E4F47E84449FF07ED3517B43A31
[/TABLE]

Habe die TXT Datei zur Sicherheit auch noch angehängt, für den Fall, dass die Formatierung nicht hinhaut.

markusg 13.06.2013 19:55
wieso nutzt du eig, mal so aus interesse, avast 5, gibt schon Version 8 :-)
aber dazu später.
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Detnaw86 13.06.2013 21:11
Ich schätze das Ding wurde allgemein seit 2-3 Jahren nicht mehr mit Updates versorgt :)

 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.06.13.07
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Daniela :: DANIELA-PC [Administrator]
14.06.2013 21:12:28
mbam-log-2013-06-14 (21-12-28).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\
Aktivierte Suchlaufeinstellungen: Speicher
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 341917
Laufzeit: 54 Minute(n), 36 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 8
C:\Qoobox\Quarantine\C\Users\Daniela\evmbzvaiasjw.exe.vir.vir (Trojan.Bublik) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Daniela\jubmbefvjeqvqxtftre.exe.vir.vir (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Daniela\owxtlarcgzl.exe.vir.vir (Trojan.Bublik) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Daniela\tlrbkcjwbzxrwnpqense.exe.vir.vir (Spyware.Zbot.11CR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Daniela\uzkyrdknkzdutfg.exe.vir.vir (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Daniela\zwzthytbtof.exe.vir.vir (Spyware.Zbot.11CR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06112013_235753\I_Users\Daniela\AppData\Roaming\AltShell.dat (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Daniela\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)

Soll ich das Ding (Malwarbytes Anti-Malware) nochmal durchlaufen lassen?

markusg 13.06.2013 21:42
wieso entfernst du immer die textformatierung und machst n fließtext, bitte noch mal richtig posten kanns so schlecht auswerten

Detnaw86 14.06.2013 11:11
Liste der Anhänge anzeigen (Anzahl: 1)
So ich versuchs nochmal, weiß zwar nicht genau wie ichs falsch mache, aber zur Not hänge ich die TXT wieder an.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.06.13.07
Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Daniela :: DANIELA-PC [Administrator]
14.06.2013 21:12:28
mbam-log-2013-06-14 (21-12-28).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\
Aktivierte Suchlaufeinstellungen: Speicher
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 341917
Laufzeit: 54 Minute(n), 36 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 8
C:\Qoobox\Quarantine\C\Users\Daniela\evmbzvaiasjw.exe.vir.vir (Trojan.Bublik) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Daniela\jubmbefvjeqvqxtftre.exe.vir.vir (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Daniela\owxtlarcgzl.exe.vir.vir (Trojan.Bublik) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Daniela\tlrbkcjwbzxrwnpqense.exe.vir.vir (Spyware.Zbot.11CR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Daniela\uzkyrdknkzdutfg.exe.vir.vir (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Users\Daniela\zwzthytbtof.exe.vir.vir (Spyware.Zbot.11CR) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\06112013_235753\I_Users\Daniela\AppData\Roaming\AltShell.dat (Trojan.Winlock) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Daniela\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (PUP.FunMoods) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)

markusg 14.06.2013 12:27
dann häng sie mal an

Detnaw86 14.06.2013 13:06
Liste der Anhänge anzeigen (Anzahl: 1)
Hab sie beim letzten Post schon angehängt gehabt.

markusg 14.06.2013 13:13
sorry übersehen und jetzt schau dir mal bitte den text aus der txt an, und dann das gepostete, is viel ordendlicher :-)
versuch das nächste mal din code taks:
Code:
lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Detnaw86 14.06.2013 16:21
Liste der Anhänge anzeigen (Anzahl: 1)
Ich hoffe es ist dir übersichtlich genug.
Ich denke die ganzen Schrott Spiele sind ihr nicht mehr wichtig.
Hauptsache die Mühle läuft wieder.

Code:
3D-Garten 8.0        DiComp        26.12.2011        1,18GB        8.0 unnötig
A Vampire Tale                11.07.2012 unnötig               
ACDSee Pro 2        ACD Systems International        21.02.2011        73,5MB        2.0.239 notwendig
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        14.06.2013        6,00MB        11.7.700.224 notwendig
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        15.05.2013        6,00MB        11.7.700.202 notwendig
Adobe Reader X (10.1.1) - Deutsch        Adobe Systems Incorporated        09.01.2012        165MB        10.1.1 notwendig
Adobe Shockwave Player 11.6        Adobe Systems, Inc.        10.09.2011                11.6.1.629 notwendig
Adobe SVG Viewer 3.0                20.02.2012                3.0 unbekannt
Amazon MP3-Downloader 1.0.17        Amazon Services LLC        22.01.2013                1.0.17 notwendig
ANNO 1503 GOLD                22.09.2011                1.05.00 unnötig
Anno 1701        Sunflowers        10.10.2011                1.00 unnötig
avast! Internet Security        AVAST Software        14.06.2013                8.0.1489.0 notwendig
Big Fish Games: Game Manager                20.08.2011                3.0.1.60 unnötig
Bing Bar        Microsoft Corporation        20.05.2013        456KB        7.2.233.0 unnötig
CCleaner        Piriform        24.05.2013                4.02 notwendig
Club der Ermittlerinnen: Dunkelgraue Schatten                11.07.2012        unnötig       
Club der Ermittlerinnen: Kleine dunkle Lügen                11.07.2012        unnötig
Club der Ermittlerinnen: Tod in Scharlach                11.07.2012        unnötig
DAEMON Tools Lite        DT Soft Ltd        21.02.2011                4.40.2.0131 notwendig
DIE SIEDLER - Das Erbe der Könige - Gold Edition        Blue Byte        08.09.2011                1.00.0000 unnötig
Google Chrome        Google Inc.        21.02.2011                27.0.1453.110 notwendig
Google Drive        Google, Inc.        04.05.2013        28,8MB        1.9.4536.8202 unbekannt
Google Toolbar for Internet Explorer        Google Inc.        16.12.2012                7.4.3607.2246 unnötig
Intel(R) Graphics Media Accelerator Driver        Intel Corporation        21.02.2011        54,2MB        8.15.10.1912 notwendig
Java(TM) 6 Update 31        Oracle        20.02.2012        95,1MB        6.0.310 unbekannt
king.com (remove only)        Midasplayer Ltd (king.com)        10.05.2012 unbekannt (keine Ahnung was das sein soll)
Malwarebytes Anti-Malware Version 1.75.0.1300        Malwarebytes Corporation        14.06.2013        19,2MB        1.75.0.1300 notwendig
Microsoft Office Enterprise 2007        Microsoft Corporation        21.02.2011                12.0.4518.1014 notwendig
Microsoft Silverlight        Microsoft Corporation        03.07.2012        60,4MB        4.1.10329.0 unbekannt
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        21.09.2011        348KB        8.0.59193 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        12.12.2011        242KB        9.0.30729 notwendig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        21.02.2011        596KB        9.0.30729.4148 notwendig
Mozilla Firefox 19.0.2 (x86 de)        Mozilla        13.06.2013        43,7MB        19.0.2 notwendig
Mozilla Maintenance Service        Mozilla        13.06.2013        330KB        19.0.2 unbekannt
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        23.02.2011        1,27MB        4.20.9870.0 unbekannt
Nero 8        Nero AG        21.02.2011        106MB        8.0.182 notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        21.02.2011                6.0.1.5910 notwendig
SCHLECKER Foto Digital Service                12.12.2011 unnötig
Tropico 3 1.00        Kalypso Media        11.11.2011                1.00 unnötig

markusg 14.06.2013 17:56
deinstaliere:
3D
A Vampire
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:
Anno : beide
Big
Bing
Club : alle
DIE SIEDLER
Google Drive
Google Toolbar
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
king.com
SCHLECKER
Tropico
Öffne bitte CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Detnaw86 15.06.2013 19:29
So die nächste Log Datei.

Code:
# AdwCleaner v2.303 - Datei am 16/06/2013 um 20:23:48 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate  (32 bits)
# Benutzer : Daniela - DANIELA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Daniela\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Ordner Gelöscht : C:\Users\Daniela\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\Daniela\AppData\Roaming\Funmoods

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\facemoods.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\facemoods.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoods_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v19.0.2 (de)

Datei : C:\Users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\iymeoaaj.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v27.0.1453.110

Datei : C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.26] : icon_url = "hxxp://facemoods.com/favicon.ico",
Gelöscht [l.29] : keyword = "facemoods.com",
Gelöscht [l.33] : search_url = "hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4",
Gelöscht [l.2102] : homepage = "hxxp://start.facemoods.com/?a=gppc",

*************************

AdwCleaner[S1].txt - [5220 octets] - [16/06/2013 20:23:48]

########## EOF - C:\AdwCleaner[S1].txt - [5280 octets] ##########

markusg 15.06.2013 19:32
Hi,
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.

wenn du denkst, fertig zu sein, rechtsklick computer, eigenschaften, prüfe ob das Servicepack1 (sp1) instaliert ist, bei Erfolg bzw problemen, melden

Detnaw86 16.06.2013 17:34
Sooo, nun nach 6 Neustarts, über 140 neu installierten Updates, gibts endlich keine neuen wichtigen Updates mehr und nur mehr eine Language Packs als optionale Updates.

Service Pack 1 ist drauf und PC läuft eigentlich wieder sehr gut.

Vielen Dank soweit. :daumenhoc

markusg 16.06.2013 17:55
Hi,
Hitman Pro - Download - Filepony

Hitmanpro laden, doppelklicken, scan klicken.
Nichts löschen, auf weiter klicken.
Log speichern und posten, bzw als XML exportieren, packen und anhängen

Detnaw86 17.06.2013 20:14
Hallo

Log ist erstellt, konnte es nicht als XML exportieren, hat irgendwie nicht funktioniert, aber ich poste das Log.

Code:
HitmanPro 3.7.6.201
www.hitmanpro.com

  Computer name . . . . : DANIELA-PC
  Windows . . . . . . . : 6.1.1.7601.X86/2
  User name . . . . . . : Daniela-PC\Daniela
  UAC . . . . . . . . . : Disabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-06-18 21:05:21
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 2m 21s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 48

  Objects scanned . . . : 1.330.404
  Files scanned . . . . : 12.029
  Remnants scanned  . . : 268.343 files / 1.050.032 keys

Miniport ____________________________________________________________________

  Primary
      DriverObject . . . : 86688CD8
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 00000000 +0
      IRP_MJ_SCSI  . . . : 8595E1E8 +0
  Solution
      DriverObject . . . : 86688CD8
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 00000000 +0
      IRP_MJ_SCSI  . . . : 8B90C44E \SystemRoot\system32\drivers\ataport.SYS+25678

Cookies _____________________________________________________________________

  C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
  C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Cookies:apmebf.com
  C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
  C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
  C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
  C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.etracker.de

markusg 18.06.2013 11:56
ok,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Detnaw86 18.06.2013 15:53
Ist erledigt.
Hier die OTL.txt

Code:
OTL logfile created on: 19.06.2013 16:30:44 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Daniela\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,21% Memory free
5,98 Gb Paging File | 5,14 Gb Available in Paging File | 85,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 420,92 Gb Free Space | 90,39% Space Free | Partition Type: NTFS
Drive E: | 7,52 Gb Total Space | 7,38 Gb Free Space | 98,11% Space Free | Partition Type: NTFS
 
Computer Name: DANIELA-PC | User Name: Daniela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.18 16:27:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe
PRC - [2013.06.17 16:03:16 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2013.05.09 10:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\afwServ.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.27 10:19:13 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.05.09 10:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
SRV - [2012.03.08 18:32:24 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Daniela\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (ai3p4tea)
DRV - [2013.06.16 11:55:27 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2013.05.09 10:59:10 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013.05.09 10:59:10 | 000,368,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013.05.09 10:59:10 | 000,174,664 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013.05.09 10:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013.05.09 10:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013.05.09 10:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013.05.09 10:59:09 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2013.05.09 10:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013.05.09 10:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2013.05.09 10:59:08 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2013.05.09 10:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011.11.28 19:26:19 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)
DRV - [2011.09.19 12:09:17 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.02.21 21:33:47 | 000,431,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:02:53 | 000,347,136 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 79 A0 62 47 A9 F6 CB 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: sammelfreund%40webmiles.de:1.20
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013.06.14 21:14:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.27 10:19:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.16 12:09:56 | 000,000,000 | ---D | M]
 
[2012.03.13 08:13:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\mozilla\Extensions
[2013.05.26 15:50:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniela\AppData\Roaming\mozilla\Firefox\Profiles\iymeoaaj.default\extensions
[2012.03.13 08:15:47 | 000,000,000 | ---D | M] (webmiles-Sammelfreund) -- C:\Users\Daniela\AppData\Roaming\mozilla\Firefox\Profiles\iymeoaaj.default\extensions\sammelfreund@webmiles.de
[2013.05.27 10:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.06.14 21:14:33 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2013.05.27 10:19:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.16 18:04:23 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: king.com - Game controller for firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmidas.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Grass = C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\
CHR - Extension: Google Mail = C:\Users\Daniela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013.06.14 20:43:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - Startup: C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62CED231-D657-4254-8B15-43522EFE8045}: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{828C2A78-B5CC-44E8-B811-9F77C84CEB9C}: NameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.19 16:30:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe
[2013.06.18 21:05:01 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.18 21:04:40 | 009,171,472 | ---- | C] (SurfRight B.V.) -- C:\Users\Daniela\Desktop\HitmanPro.exe
[2013.06.17 14:56:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013.06.17 14:55:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013.06.17 11:58:09 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
[2013.06.17 11:46:38 | 000,000,000 | ---D | C] -- C:\Windows\de
[2013.06.17 11:45:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013.06.17 11:44:45 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013.06.17 11:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.06.17 11:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013.06.17 11:32:43 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Local\Windows Live
[2013.06.17 11:32:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013.06.17 11:31:01 | 000,000,000 | ---D | C] -- C:\Windows\en-US
[2013.06.17 11:31:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\en
[2013.06.17 11:31:01 | 000,000,000 | ---D | C] -- C:\Windows\System32\0409
[2013.06.17 11:31:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US
[2013.06.17 11:26:17 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\System32\drivers\en-US\pscr.sys.mui
[2013.06.17 11:26:09 | 000,032,256 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\en-US\yk62x86.sys.mui
[2013.06.17 11:25:16 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrSerIb.sys.mui
[2013.06.17 11:25:16 | 000,009,728 | ---- | C] (Agere Systems) -- C:\Windows\System32\drivers\en-US\ltmdmnt.sys.mui
[2013.06.17 11:25:13 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrSerId.sys.mui
[2013.06.17 11:25:13 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\System32\drivers\en-US\BrParwdm.sys.mui
[2013.06.16 12:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013.06.16 12:35:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.06.16 12:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.06.16 11:52:48 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2013.06.15 17:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.06.15 17:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.06.14 21:10:11 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Roaming\Malwarebytes
[2013.06.14 21:10:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.06.14 21:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.14 21:10:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.06.14 21:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.06.14 21:09:51 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Local\Programs
[2013.06.14 20:43:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.14 20:32:37 | 000,000,000 | ---D | C] -- C:\Users\Daniela\AppData\Local\temp
[2013.06.14 20:32:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.14 20:25:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.14 20:25:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.14 20:25:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.14 20:24:46 | 005,080,197 | R--- | C] (Swearware) -- C:\Users\Daniela\Desktop\ComboFix.exe
[2013.06.14 20:17:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.14 20:17:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.13 01:53:24 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.06.12 05:57:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.27 10:19:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.19 16:31:59 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.19 16:31:59 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.19 16:31:59 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.19 16:31:59 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.19 16:27:54 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.19 16:27:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.19 16:27:15 | 2407,407,616 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.18 21:04:58 | 009,171,472 | ---- | M] (SurfRight B.V.) -- C:\Users\Daniela\Desktop\HitmanPro.exe
[2013.06.18 21:03:11 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.18 20:39:44 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.18 20:39:44 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.18 16:27:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniela\Desktop\OTL.exe
[2013.06.17 16:52:44 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.06.17 16:03:50 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.06.17 11:43:33 | 000,000,020 | ---- | M] () -- C:\Windows\öâ
[2013.06.16 12:38:05 | 000,648,201 | ---- | M] () -- C:\Users\Daniela\Desktop\adwcleaner.exe
[2013.06.16 12:09:56 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.16 11:55:27 | 000,271,360 | ---- | M] () -- C:\Windows\System32\drivers\atksgt.sys
[2013.06.15 17:10:20 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.14 21:14:36 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.06.14 21:10:03 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.14 20:43:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.06.13 20:20:12 | 005,080,197 | R--- | M] (Swearware) -- C:\Users\Daniela\Desktop\ComboFix.exe
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.17 16:03:50 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.06.17 14:16:43 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.06.17 14:16:10 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.06.17 11:59:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2013.06.17 11:59:22 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2013.06.17 11:57:43 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2013.06.17 11:57:37 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml
[2013.06.17 11:57:20 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml
[2013.06.17 11:44:26 | 000,001,251 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2013.06.17 11:43:57 | 000,001,320 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2013.06.17 11:43:32 | 000,000,020 | ---- | C] () -- C:\Windows\öâ
[2013.06.17 11:42:59 | 000,001,404 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013.06.17 11:42:15 | 000,002,432 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.06.16 12:37:57 | 000,648,201 | ---- | C] () -- C:\Users\Daniela\Desktop\adwcleaner.exe
[2013.06.16 12:09:56 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.06.16 12:09:56 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.06.15 17:10:20 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.06.14 21:14:37 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.06.14 21:14:36 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.06.14 21:10:03 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.14 20:25:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.14 20:25:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.14 20:25:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.14 20:25:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.14 20:25:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.05.10 11:15:50 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe
[2012.04.03 19:55:12 | 000,033,134 | ---- | C] () -- C:\Users\Daniela\AppData\Roaming\UserTile.png
[2011.11.27 11:06:27 | 000,000,000 | ---- | C] () -- C:\Users\Daniela\AppData\Local\{D5A7741F-B6C4-456D-B90B-6495F111FBDC}
[2011.09.19 12:09:22 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.09.19 12:09:17 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.08.26 13:04:28 | 000,000,000 | ---- | C] () -- C:\Users\Daniela\AppData\Local\{190476E7-FA41-451A-9F24-7A47B4B85B68}
[2011.06.12 13:32:23 | 000,011,264 | ---- | C] () -- C:\Users\Daniela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.07.30 13:48:10 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\20000Leagues
[2011.07.27 19:34:44 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\2monkeys
[2011.08.01 10:03:41 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\A Gypsy's Tale - Der Turm des Schicksals
[2011.08.01 12:04:07 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Abra Academy
[2011.08.01 12:05:20 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Abra Academy2
[2011.02.21 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\ACD Systems
[2013.01.22 10:39:57 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Amazon
[2011.08.12 14:17:44 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Az-Art
[2011.08.01 15:15:09 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Azuaz Games
[2011.08.23 08:14:43 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\BloodTies
[2011.08.20 07:55:28 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Boomzap
[2011.08.24 08:23:58 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\BrokenHearts
[2012.05.07 15:42:54 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Brunhilda_bfg
[2011.08.19 16:47:26 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\casanova
[2012.05.10 07:57:53 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Cat's Eye Games
[2011.08.16 12:43:59 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\cerasus.media
[2013.06.16 20:22:23 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\DAEMON Tools Lite
[2011.08.12 15:29:45 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\EleFun Games
[2011.08.17 19:23:13 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\FBI
[2012.08.03 21:02:12 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Flood Light Games
[2012.11.17 20:35:08 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Floodlight Games
[2011.07.30 09:50:58 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\FloodLightGames
[2011.07.27 20:34:56 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\FlyWheelGames
[2011.08.13 19:36:38 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Gamers Digital
[2011.08.10 21:38:23 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\HdO Adventure
[2011.08.22 10:37:54 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\HitPoint Studios
[2012.06.07 21:45:05 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\JoyBits
[2012.05.09 10:31:08 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\MagicIndie
[2011.08.17 21:20:11 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\MAI
[2011.08.17 15:58:26 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Meridian93
[2011.08.23 08:01:51 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Merscom
[2012.06.22 21:07:39 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PlayFavoriteGames
[2011.08.19 17:51:48 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\PoBros
[2011.08.14 10:55:22 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\TeleportGamesLtd
[2011.07.30 17:01:32 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\ThreeDays2
[2011.07.29 18:48:54 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\TitanicMystery
[2011.11.11 15:46:35 | 000,000,000 | ---D | M] -- C:\Users\Daniela\AppData\Roaming\Tropico 3
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.06.14 20:43:26 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2013.06.16 11:55:56 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.02.21 21:00:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.02.21 21:46:18 | 000,000,000 | R--D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.06.17 11:43:32 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.06.18 21:05:01 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.02.21 21:00:20 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.06.14 20:46:25 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.02.21 21:00:20 | 000,000,000 | ---D | M] -- C:\Recovery
[2013.06.19 16:32:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2013.06.13 01:53:24 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine
[2011.02.21 21:00:56 | 000,000,000 | R--D | M] -- C:\Users
[2013.06.17 16:00:54 | 000,000,000 | ---D | M] -- C:\Windows
[2013.06.12 00:04:16 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.02.21 21:08:01 | 000,001,096 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.02.21 21:08:02 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\erdnt\cache\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\erdnt\cache\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\erdnt\cache\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\erdnt\cache\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\erdnt\cache\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.02.21 21:33:47 | 000,431,672 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.06.19 16:38:18 | 003,932,160 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat
[2013.06.12 05:57:53 | 000,094,208 | -H-- | M] () -- C:\Users\Daniela\ntuser.dat.LOG
[2013.06.19 16:38:17 | 000,262,144 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat.LOG1
[2011.02.21 21:00:56 | 000,000,000 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat.LOG2
[2011.02.21 21:01:41 | 000,065,536 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2011.02.21 21:01:41 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2011.02.21 21:01:41 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.03.01 17:37:41 | 000,065,536 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{f6dfcf4c-825c-11e2-b796-93a256f68196}.TM.blf
[2013.03.01 17:37:41 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{f6dfcf4c-825c-11e2-b796-93a256f68196}.TMContainer00000000000000000001.regtrans-ms
[2013.03.01 17:37:41 | 000,524,288 | -HS- | M] () -- C:\Users\Daniela\ntuser.dat{f6dfcf4c-825c-11e2-b796-93a256f68196}.TMContainer00000000000000000002.regtrans-ms
[2011.02.21 21:00:56 | 000,000,020 | -HS- | M] () -- C:\Users\Daniela\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:E32966C0
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:51A20D23
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:164561C8
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:140AD176
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CC4C59B4
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:EF5B3572
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:89C28CF6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3D186293
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:C6920A5D
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:53DF4438
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E7B4296D
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:94874C0A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E9FAC3AB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:E690114B
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:89CF6F9C
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:7E082023
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:75978481
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:4B1195DD
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:A5584049
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5E413CD6
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:E14FA16F
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:80F63EC3
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C6D0ABC3
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EDC744FB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:61B54B15
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:0F3F6B1E
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:7BFAAE70
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0E684AC9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:551BED5F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:2C678471
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C5E2BAEE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B38BEEEE
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:A9562832
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:26FBC1F9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B3196E8D
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:9B721CFF
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:A2FF62A6
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:80EA2EA3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4E243396
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:45F3AD49
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B812EE0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:BF640EE5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:71AEFFEB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E895790F
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:C72A744C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:7A0EFE63
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:67CF910D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:070D9534
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E3B5F2D1
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:FD000392
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E83EE313
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:D9F34335
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2E49FF93
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:523B97A0
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:92A815D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:225CD7D5

< End of report >

Und hier ist die Extras.txt

Code:
OTL Extras logfile created on: 19.06.2013 16:30:44 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Daniela\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,16 Gb Available Physical Memory | 72,21% Memory free
5,98 Gb Paging File | 5,14 Gb Available in Paging File | 85,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 420,92 Gb Free Space | 90,39% Space Free | Partition Type: NTFS
Drive E: | 7,52 Gb Total Space | 7,38 Gb Free Space | 98,11% Space Free | Partition Type: NTFS
 
Computer Name: DANIELA-PC | User Name: Daniela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 2.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee Pro\2.0\ACDSeeQVPro2.exe" "%1" (ACD Systems)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0028F916-4753-491F-B34F-6BE479E16102}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{04B492AD-118A-44CF-9F44-15A3982C1640}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{07935028-C848-43B5-9593-3F73EFED2AA4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E4D3DD5-F590-4114-9E4F-118C53B68909}" = lport=445 | protocol=6 | dir=in | app=system |
"{1FF84F30-A269-494A-B6A7-0B8E1A82FBD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{28BBBB51-F643-4291-88D5-AEC5ECD01772}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{290BBA44-C965-43E5-9B6E-04D2D51B3F57}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40743579-ED3A-48FB-A92C-2FF4E44A6CC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{66DFB84A-A35A-4F73-B47D-23D54696301E}" = rport=137 | protocol=17 | dir=out | app=system |
"{6EA4D132-9AC6-4BD8-B955-1A775457538A}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72CCB97B-0734-471B-B86D-EC702280C62F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{75BFCDCF-99F2-4CDA-AF2C-C222C0B52CC0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7B5C9659-A99F-43E0-9DA2-3EAF52F332F9}" = rport=138 | protocol=17 | dir=out | app=system |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{7E80F93A-BB78-4F17-9449-EF11307FA0C4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7FBC108F-E99B-4246-9701-5A68A976732A}" = lport=137 | protocol=17 | dir=in | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DE04424-3DFE-4B46-A258-355915DD0EFC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{96210F69-2470-413A-A0AB-A818B1AE1AEE}" = rport=445 | protocol=6 | dir=out | app=system |
"{A661A455-C529-4758-B821-721F063C01D8}" = lport=138 | protocol=17 | dir=in | app=system |
"{AC30C631-71EC-4160-8303-0E5224E228A6}" = lport=139 | protocol=6 | dir=in | app=system |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B50B741D-65DD-4967-800D-228F1BD66B15}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDA26217-6C7B-4A43-864C-67D82736BEF5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E29B1A5E-E801-4088-A476-C7B8972481FF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED11AA9E-90D7-4C65-A3AD-A8CC61CC5779}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F425C42E-AB48-41C7-A9EE-D1ABEC6970C0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC1593AC-6CCE-4D2A-9757-3D34486454CE}" = rport=10243 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0330540A-CD18-4D90-AD20-FA71D6AA4F23}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EB25F21-F61E-4606-AAE5-D5D663601158}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{23983B2C-32BA-41E8-AD68-171B8803EB49}" = protocol=6 | dir=out | app=system |
"{27DD9543-27CE-4CEA-85D3-8FEFB5F449CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2FBA386E-A2F2-4025-919C-10BD72E1114F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{37C6282F-1CD0-4481-9130-5060E517940D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4A42540C-D9D0-407E-B879-7D6ACB939453}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4C649C31-5EA9-4CF0-8875-E35BA744C9F2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{4DDBEFDC-FDDD-4541-9F7F-10CD08C39DCD}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5B0EA460-E511-48E7-9F70-FD8C7CF46C92}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{677CA858-69E4-4B2D-8A0C-D60509E26287}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6ECBD5AC-B2E4-4996-9C98-8228F2F9B22D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93FBEC4C-96B4-40D0-97DE-85C78F8F1328}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A6746434-13B5-46EF-A696-BAB9FF5B806B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AE5B45D4-C701-4E92-992C-2DF89154D3CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{C6180AD0-1389-467C-99D3-A438EF7C6886}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CABEC072-0082-4458-A45E-D0B7A87F26D6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ED85AF26-882D-44E9-9C71-408FAE796BE3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F23A9574-658C-4D5A-8A86-570BAE83171A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}" = ACDSee Pro 2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"avast" = avast! Internet Security
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.03.2013 02:41:29 | Computer Name = Daniela-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mcuicnt.exe, Version: 4.0.228.0,
Zeitstempel: 0x4d50670d  Name des fehlerhaften Moduls: ieframe.dll, Version: 8.0.7600.16723,
 Zeitstempel: 0x4d103a37  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00127638  ID des fehlerhaften
 Prozesses: 0x510  Startzeit der fehlerhaften Anwendung: 0x01ce17d2ffb618a2  Pfad der
 fehlerhaften Anwendung: C:\Program Files\McAfee Security Scan\3.0.318\mcuicnt.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\System32\ieframe.dll  Berichtskennung: 60486c63-83cd-11e2-b9c2-ef9fba954e98
 
Error - 04.03.2013 04:09:27 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\anno
 1701\Tools\Tages\DrvSetup_x64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.03.2013 06:36:44 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\anno
 1701\Tools\Tages\DrvSetup_x64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.03.2013 04:46:24 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\anno
 1701\Tools\Tages\DrvSetup_x64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.03.2013 04:46:41 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\anno
 1701\Tools\Tages\DrvSetup_x64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12.03.2013 06:13:42 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\anno
 1701\Tools\Tages\DrvSetup_x64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 13.03.2013 08:54:31 | Computer Name = Daniela-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c2f29  Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7600.16723,
 Zeitstempel: 0x4d103aab  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e64f  ID des fehlerhaften
 Prozesses: 0xcdc  Startzeit der fehlerhaften Anwendung: 0x01ce1fe3bf8fe326  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\System32\msxml3.dll  Berichtskennung: 254372c8-8bdd-11e2-b91d-9571d6fc48aa
 
Error - 13.03.2013 12:46:10 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\anno
 1701\Tools\Tages\DrvSetup_x64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.03.2013 03:29:43 | Computer Name = Daniela-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 8.0.7600.16722,
 Zeitstempel: 0x4d0c2f29  Name des fehlerhaften Moduls: msxml3.dll, Version: 8.110.7600.16723,
 Zeitstempel: 0x4d103aab  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e64f  ID des fehlerhaften
 Prozesses: 0xfd8  Startzeit der fehlerhaften Anwendung: 0x01ce2083ae6e045d  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad des
 fehlerhaften Moduls: C:\Windows\System32\msxml3.dll  Berichtskennung: efea1315-8c78-11e2-85ef-b6464dda0cbf
 
Error - 14.03.2013 04:01:00 | Computer Name = Daniela-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\anno
 1701\Tools\Tages\DrvSetup_x64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ OSession Events ]
Error - 16.03.2012 13:26:42 | Computer Name = Daniela-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 5275 seconds with 2400 seconds of active time.  This session ended with a
 crash.
 
[ System Events ]
Error - 17.06.2013 10:52:00 | Computer Name = Daniela-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 17.06.2013 10:52:00 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1275
 
Error - 17.06.2013 12:16:43 | Computer Name = Daniela-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 17.06.2013 12:16:43 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1275
 
Error - 17.06.2013 12:25:08 | Computer Name = Daniela-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 17.06.2013 12:25:08 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1275
 
Error - 18.06.2013 14:32:08 | Computer Name = Daniela-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 18.06.2013 14:32:08 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1275
 
Error - 19.06.2013 10:27:36 | Computer Name = Daniela-PC | Source = Application Popup | ID = 875
Description = Treiber atksgt.sys konnte nicht geladen werden.
 
Error - 19.06.2013 10:27:36 | Computer Name = Daniela-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1275
 
 
< End of report >

markusg 18.06.2013 17:20
Hi,
lösche alle anderen suchanbieter, außer google:
https://support.google.com/websearch/answer/464?hl=de
im Crhome.
neustarten gucken ob die Einstellung übernommen wurde

otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.
b

Detnaw86 18.06.2013 19:58
So alles erledigt.
Browser sind jetzt alle frei von Sinnlosigkeits-Searchbars und sämtlichem Zeug. Starten auch schön schnell.
Google als einziger Suchanbieter sollte auch funktionieren.

Im Großen und Ganzen läuft er sehr gut.

Hier das Log File:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Daniela
->Temp folder emptied: 80182579 bytes
->Temporary Internet Files folder emptied: 27077780 bytes
->Java cache emptied: 1130499 bytes
->FireFox cache emptied: 75883472 bytes
->Google Chrome cache emptied: 6240482 bytes
->Flash cache emptied: 630 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3217892 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 185,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 06192013_204933

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

markusg 18.06.2013 20:00
Also, wenn ich les im großen und ganzen, klingt das für mich, als läufts noch nich, also, wenn was zu meckern is, sags, wenn du schon mal da bist :-)

Detnaw86 18.06.2013 20:37
Sorry, schlecht Wortwahl, aber wenn ich sage, er läuft perfekt, ist es auch gelogen ;)
Ein PC läuft nie perfekt :)

Nein bin sehr zufrieden und sehr dankbar für den Aufwand den du/ihr hier betreibt um anderen Leuten zu helfen :daumenhoc :applaus:

Ich hoffe nur dass meine Schwägerin den PC ab jetzt ein wenig sauber hält, nicht dass wir uns bald wieder schreiben müssen.

markusg 18.06.2013 20:41
Hi,
na ich frag nur sicherheitshalber, soll sich ja keiner beschweren, was ja ok ist, wenn notwendig.
würd das Gerät noch gern absichern:
Öffne OTL, berienigen, PC startet neu, Remover werden gelöscht.
Lösche übrig gebliebene Logs, Setups, von uns verwendete Programme.
PC absichern:
währ dann vllt gut, wenn du die Neuerungen mit ihr durchgehst
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
http://support.google.com/chrome/bin...&answer=118663
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

Detnaw86 30.06.2013 13:34
Hallo Markus

Ich hoffe du hattest einen schönen Urlaub.

Der PC läuft sehr gut, habe ihn nun auch wieder zurückgebracht.
Die aktuelle AVAST Version ist nun installiert.

Die Update Checker Software läuft und auch die Panda USB Überwachungssoftware ist aktiv.

Benutzerkontensteuerung ist auf Hoch.

Einzig und allein die Sandbox ist nicht so gut angekommen.
Wäre zwar eine hohe Sicherungsstufe gewesen für den PC, aber die Benutzer sind nicht allzu zufrieden damit (zu kompliziert :)

Aber ich hoffe der Rest schützt die Kiste jetzt mal eine Zeit lang vor neuerlichem Viren/Trojaner Befall.

Backup wird auch noch gemacht.

Vielen Dank soweit.

LG Daniel

markusg 04.07.2013 14:14
was ist da kompliziert?
ich möchte erst mal anhand einer checkliste prüfen ob du alles hast.

- instalieren von optionalen und wichtigen updates.
- konfigurieren von windows updates.
- dep für alle prozesse aktivieren.
- sehop aktivieren.
- chrome instalieren.

- autorun deaktivieren.
- panda vaccine instalieren.
- secunia instalieren.
- file hippo instalieren.
beachte:
secunia und file hippo bieten englische updates, überall wo du auf die nutzeroberfläche zugreifst, wie zb reader, browser, etc benötigst du deutsche updates, also hier die hersteller seiten in den favoriten deines browsers speichern und wenn ein update gezeigt wird, von dort hohlen, bei java, flash quicktime, ist es egal ob deutsch oder englisch.
- backup software instalieren, backup und rettungsdvd erstellen.
hier ne kurze anleitung:
Anleitung: Systemabbild mit Paragon Drive Backup - NETZWELT

- wenn du onlinebanking machst, kann ich noch kurz was über die vorteile von card reader und banking software sagen.
- passwort manager instaliert.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:53 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19