Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.08.2011, 20:38   #1
Gringo0602
 
jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Ausrufezeichen

jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd



Hallo erstmal,

ich habe letztens mein Avira AntiVir durchsuchen lassen und dann wurde da ganz oft angezeigt: C:\ Users\NAME\jload9B.dll ist ein trojanisches Pferd(ich weiss leider nicht mehr die genaue Virusmeldung, aber diese stand so in der Quarantäne drin).
Ich habe gelesen " trojanisches Pferd " und habs sofort in die Quarantäne geschoben. Die meldung kam dann noch ca. 10 mal und ich habs immer wieder in die quarantäne verschoben.

Das aller gleiche war mit der " scanndiskwg90.dll ". Auch hier kam die meldung, dass die DLL ein trojanisches pferd ist, öfters. Wie beim letzten mal hab ich die DLL in die quarantäne verschoben.

Soweit ich weiss habe ich keine DLL's downgeloaden und daher weiß ich auch nicht warum die Meldung dann plötzlich (ich habe nämlich meinen PC schon seit einem Jahr) auftrat

Seit dem kommt nach dem Starten meines Computers immer diese Fehlermeldung:
RUNDLL
C:\Program~3\MICROS~1\Windows\STARTM~1\Programs
\Startup\SCANND~1DLL
Das angegebene Modul wurde nicht gefunden.

Nur weiss ich jetzt leider nicht was, bzw. ob, die SCANND~1DLL mit den jload9B.dll und scanndiskwg90.dll zu tun hat.

Logisch wäre es für mich, wenn ich die jload9B.dll und die scanndiskwg90.dll einfach wiederherstellen würde, aber ich habe mich bisher nicht getraut, weil ich mir nicht sicher bin, was dann alles passieren könnte

Ich habe mich heute dort informiert: hxxp://forum.chip.de/windows-7/scan-1-dll-konnte-geladen-1523888.html ( tut mir leid aber das http am anfang wandelt sich immer in hxxp um ), aber ich bin daraus nicht schlau geworden

Ich habe Windows 7 64 Bit

Bisher hat der Verlust der beiden DLL's oder die Fehlermeldung der SCANND~1DLL noch nichts ausgemacht bzw. keine verherende Schäden angerichtet,aber ich hoffe ihr könnt mir trotzdem irgendwie weiter helfen

LG Gringo0602

Alt 12.08.2011, 00:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Standard

jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Danach OTL-Custom:


CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________

Alt 12.08.2011, 02:51   #3
Gringo0602
 
jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Standard

jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd



ich hab jetzt diesen Malwarebytes Vollscan gemacht. Als es fertig gescannt hat, bin ich auf speichere logdatei gegangen. Ich füg das zeugs jetzt eichfach mal ein:

Malwarebytes' Anti-Malware 1.51.1.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 7438

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.08.2011 02:47:35
mbam-log-2011-08-12 (02-47-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 637459
Laufzeit: 1 Stunde(n), 33 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 5
Infizierte Registrierungsschlüssel: 135
Infizierte Registrierungswerte: 12
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 20
Infizierte Dateien: 87

Infizierte Speicherprozesse:
c:\program files (x86)\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 3408 -> No action taken.

Infizierte Speichermodule:
c:\program files (x86)\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (PUP.FunWebProducts) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.FunWebProducts) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> No action taken.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Value: (default) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\funwebproducts\Shared (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\funwebproducts\Shared\Cache (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Cache (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Game (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Message (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> No action taken.

Infizierte Dateien:
c:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3REPROX.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3SCHMON.EXE (PUP.FunWebProducts) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
c:\program files (x86)\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> No action taken.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.
c:\Windows\SysWOW64\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.
c:\programdata\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.
c:\Users\Flo\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> No action taken.
c:\program files (x86)\funwebproducts\Shared\Cache\cursormaniabtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\funwebproducts\Shared\Cache\smileycentralbtn.html (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\chrome.manifest (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Cache\00C1518C (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Cache\00C15CE2 (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Cache\00C16126.bin (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Cache\00C16683.bmp (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Cache\00C1675D.bin (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Cache\00C16818.bin (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Cache\files.ini (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> No action taken.
c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> No action taken.

das mit den OTL -Scan muss ich aus zeitlichen gründen verschieben

LG Gringo0602
__________________

Alt 12.08.2011, 02:54   #4
Gringo0602
 
jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Standard

jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd



Ich wusste jetzt nicht ob ich die als " infizierte " Objekte löschen soll... ich habs jetzt einfach mal gelassen

Geändert von Gringo0602 (12.08.2011 um 03:03 Uhr)

Alt 12.08.2011, 10:15   #5
Gringo0602
 
jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Standard

jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd



Ich habe jetzt den orange umrandeten text von Cosinus in die Benutzerdefinierte Scans/Fixes von OTL eingefügt und Quickscan gemacht. Nach dem Scan erschien ein Textdokument auf meinem Desktop ( 176 kb groß )

Ich füge jetzt das ganze zeugs mal ein:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.08.2011 10:00:09 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Flo\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,96 Gb Total Physical Memory | 4,16 Gb Available Physical Memory | 69,73% Memory free
11,92 Gb Paging File | 9,68 Gb Available in Paging File | 81,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,95 Gb Total Space | 531,14 Gb Free Space | 57,74% Space Free | Partition Type: NTFS
Drive D: | 4,79 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FLO-PC | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Flo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSOEMON.EXE (MyWebSearch.com)
PRC - C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe (MyWebSearch.com)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe ()
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
PRC - C:\Windows\twain_32\Dell\DELL1235\Scan2Pc.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Flo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\MyWebSearch\bar\2.bin\mwsoestb.dll (MyWebSearch.com)
MOD - C:\Windows\SysWOW64\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\winsta.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\drprov.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\davhlpr.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MyWebSearchService) -- C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwssvc.exe (MyWebSearch.com)
SRV - (TunngleService) -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\Windows\SysNative\drivers\tap0901t.sys (Tunngle.net)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SSPORT) -- C:\Windows\SysNative\drivers\SSPORT.sys (Samsung Electronics)
DRV:64bit: - (DgiVecp) -- C:\Windows\SysNative\drivers\DgivEcp.sys (Samsung Electronics Co., Ltd.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SSHDRV76) -- C:\Windows\SysWOW64\drivers\SSHDRV76.sys ()
DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\sysWOW64\drivers\npf_devolo.sys (CACE Technologies)
DRV - (ASPI) -- C:\Windows\SysWOW64\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc376ed9-9e09-4b39-bad5-083d151eaa86} - C:\Program Files (x86)\Pazera Toolbar\Helper.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.13 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Elf 1.13 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.100006
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: {b80f591e-fe9a-46cf-a13e-180377240586}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.7.2.0
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2857573&q="
FF - prefs.js..network.proxy.type: 4
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\2.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\2.bin [2011.08.12 09:54:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.07.17 16:25:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.28 13:18:25 | 000,000,000 | ---D | M]
 
[2010.10.24 12:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Extensions
[2011.08.11 14:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\9075mgwx.default\extensions
[2010.12.16 22:14:00 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\9075mgwx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.16 22:13:58 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\9075mgwx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.24 23:19:25 | 000,000,000 | ---D | M] (Elf 1.13 Community Toolbar) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\9075mgwx.default\extensions\{b80f591e-fe9a-46cf-a13e-180377240586}
[2010.12.23 21:12:29 | 000,000,000 | ---D | M] (NCH Toolbar) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\9075mgwx.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}
[2010.12.24 23:19:25 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\9075mgwx.default\extensions\engine@conduit.com
[2011.07.20 12:22:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\9075mgwx.default\extensions\ffxtlbr@babylon.com
[2011.07.08 15:38:45 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\9075mgwx.default\extensions\support@predictad.com
[2011.08.07 13:02:21 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\9075mgwx.default\extensions\toolbar@ask.com
[2010.12.02 09:07:20 | 000,000,919 | ---- | M] () -- C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\9075mgwx.default\searchplugins\conduit.xml
[2011.08.11 14:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.04.03 11:35:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.08.12 09:54:20 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\2.BIN
[2011.04.03 11:35:13 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.12 22:24:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.12 22:24:52 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.12 22:24:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.12 22:24:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.12 22:24:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Pazera Toolbar BHO) - {1B169632-4FA6-4BE0-B980-460B5BF7FD08} - C:\Program Files (x86)\Pazera Toolbar\Toolbar.dll ()
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll (Conduit Ltd.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Pazera Toolbar) - {093B3D46-0F87-44CF-B44B-79537F1597E5} - C:\Program Files (x86)\Pazera Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNCH.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\2.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Pazera Toolbar) - {093B3D46-0F87-44CF-B44B-79537F1597E5} - C:\Program Files (x86)\Pazera Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\tbNCH.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [1235cn Scan2PC] C:\Windows\twain_32\Dell\DELL1235\Scan2Pc.exe ()
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell PanelMgr] C:\Windows\Dell\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor]  File not found
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe (MyWebSearch.com)
O4 - HKLM..\Run: [NvCplDaemonTool]  File not found
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [STO Backup Service] C:\Program Files (x86)\SmarThru Office\BackUpSvr.exe ()
O4 - HKLM..\Run: [STO Launcher Service] C:\Program Files (x86)\SmarThru Office\x64\LegacyLauncher.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM Startup]  File not found
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\2.bin\mwsoemon.exe (MyWebSearch.com)
O4 - HKCU..\Run: [NvCplDaemonTool]  File not found
O4 - HKCU..\Run: [RGSC]  File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Als HTML speichern - C:\Program Files (x86)\SmarThru Office\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: Auswahl erfassen - C:\Program Files (x86)\SmarThru Office\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: Capture Selection - C:\Program Files (x86)\SmarThru Office\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Markierten Text speichern - C:\Program Files (x86)\SmarThru Office\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: Save as HTML - C:\Program Files (x86)\SmarThru Office\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: Save Selected Text - C:\Program Files (x86)\SmarThru Office\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: Web Capture - C:\Program Files (x86)\SmarThru Office\WebCapture.dll ()
O8 - Extra context menu item: Als HTML speichern - C:\Program Files (x86)\SmarThru Office\WebCapture.dll1.htm ()
O8 - Extra context menu item: Auswahl erfassen - C:\Program Files (x86)\SmarThru Office\WebCapture.dll2.htm ()
O8 - Extra context menu item: Capture Selection - C:\Program Files (x86)\SmarThru Office\WebCapture.dll2.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Markierten Text speichern - C:\Program Files (x86)\SmarThru Office\WebCapture.dll.htm ()
O8 - Extra context menu item: Save as HTML - C:\Program Files (x86)\SmarThru Office\WebCapture.dll1.htm ()
O8 - Extra context menu item: Save Selected Text - C:\Program Files (x86)\SmarThru Office\WebCapture.dll.htm ()
O8 - Extra context menu item: Web Capture - C:\Program Files (x86)\SmarThru Office\WebCapture.dll ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/SmileyCentralInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.04.02 20:17:47 | 000,132,016 | R--- | M] (InstallShield Software Corporation) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.03.26 01:35:42 | 000,004,286 | R--- | M] () - D:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2008.03.26 01:35:42 | 000,000,047 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.03.26 01:35:57 | 000,000,382 | R--- | M] () - D:\autorun.ini -- [ UDF ]
O33 - MountPoints2\{67d6e36c-4012-11e0-ae5b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67d6e36c-4012-11e0-ae5b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2008.04.02 20:17:47 | 000,132,016 | R--- | M] (InstallShield Software Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - i420vfw.dll File not found
Drivers32: vidc.iv31 - C:\Windows\SysWOW64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\SysWOW64\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - yv12vfw.dll File not found
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.12 01:09:32 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Malwarebytes
[2011.08.12 01:09:26 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.12 01:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.12 01:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.12 01:09:22 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.12 01:09:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.10 22:15:15 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Sierra
[2011.08.10 22:15:15 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\Empire Earth II
[2011.08.10 22:04:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra
[2011.08.10 21:55:48 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\Age of Alexander
[2011.08.10 19:49:56 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe
[2011.08.09 08:50:39 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\Arcnia-Sicherung
[2011.08.09 08:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011.08.09 08:44:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2011.08.07 15:34:34 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\terrain
[2011.08.07 15:34:33 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\environment
[2011.08.04 21:21:08 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Grand Ages Rome
[2011.08.04 18:58:03 | 000,000,000 | ---D | C] -- C:\Users\Flo\Desktop\Civilization
[2011.08.04 18:56:17 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\My Games
[2011.08.03 10:55:30 | 000,000,000 | ---D | C] -- C:\Users\Flo\Desktop\Audio Deluxe XVI
[2011.08.03 10:30:11 | 000,000,000 | ---D | C] -- C:\Users\Flo\Desktop\Neuer Ordner
[2011.08.02 21:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.07.20 18:22:50 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\ArcaniA - Gothic 4
[2011.07.20 16:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcaniA - Gothic 4
[2011.07.20 12:22:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaGet2
[2011.07.20 12:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2011.07.20 12:22:52 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Media Get LLC
[2011.07.20 12:22:52 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Media Get LLC
[2011.07.20 12:22:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Get LLC
[2011.07.20 12:22:45 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\MediaGet2
[2011.07.19 14:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD Entertainment AG
[2011.07.15 14:07:09 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\NVIDIA
[2011.07.15 12:38:19 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.07.15 12:38:19 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.07.15 12:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EVGA Precision
[2011.07.15 12:02:26 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011.07.15 12:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2011.07.15 12:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.07.15 12:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.07.15 12:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011.07.15 06:05:18 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\4A Games
[2011.07.15 06:01:37 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\4A Games
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Flo\AppData\Local\*.tmp files -> C:\Users\Flo\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.12 09:55:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.12 09:55:05 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.12 09:52:03 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.12 09:48:18 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.12 09:47:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.12 09:47:20 | 504,717,311 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.12 03:06:13 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat
[2011.08.12 01:09:26 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.11 20:16:55 | 000,000,494 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Flo.job
[2011.08.11 18:03:38 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.08.10 22:04:44 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\EMPIRE EARTH 2.lnk
[2011.08.10 19:49:59 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe
[2011.08.10 19:35:42 | 001,556,584 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.10 19:35:42 | 000,667,906 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.10 19:35:42 | 000,627,482 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.10 19:35:42 | 000,135,574 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.10 19:35:42 | 000,111,060 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.08 18:35:25 | 001,664,070 | ---- | M] () -- C:\Users\Flo\Documents\minecraft villa.png
[2011.08.07 17:02:58 | 000,846,769 | ---- | M] () -- C:\Users\Flo\Documents\1312729365.0971.zip
[2011.08.07 15:29:39 | 006,231,125 | ---- | M] () -- C:\Users\Flo\Documents\MCE v0.5a.zip
[2011.08.04 21:20:30 | 000,001,250 | ---- | M] () -- C:\Users\Flo\Desktop\Grand Ages Rome.lnk
[2011.08.03 10:59:02 | 000,002,908 | ---- | M] () -- C:\Users\Flo\Documents\Audio Deluxe vol. XV.axp
[2011.08.03 10:40:27 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2011.08.02 11:13:52 | 001,619,803 | ---- | M] () -- C:\Users\Flo\Documents\Nagareru - 1.0.zip
[2011.08.02 11:13:13 | 019,877,776 | ---- | M] () -- C:\Users\Flo\Documents\Misa221.zip
[2011.07.21 22:02:45 | 000,001,400 | ---- | M] () -- C:\Users\Flo\Desktop\Free YouTube to MP3 Converter.lnk
[2011.07.20 16:22:37 | 000,002,280 | ---- | M] () -- C:\Users\Public\Desktop\ArcaniA - Gothic 4 starten.lnk
[2011.07.19 16:15:28 | 000,000,994 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011.07.18 05:35:20 | 000,487,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.16 18:54:54 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.16 18:54:33 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.07.16 18:54:33 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.16 02:05:45 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Desperados 2.lnk
[2011.07.15 21:35:23 | 000,000,000 | ---- | M] () -- C:\Users\Flo\AppData\Local\{152D88D2-8926-4EEB-BE12-563EE8C1DD24}
[2011.07.15 21:35:01 | 000,000,000 | ---- | M] () -- C:\Users\Flo\AppData\Local\{27958000-80E0-437D-B1CD-13753A371E4A}
[2011.07.15 18:13:36 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Flo\AppData\Local\*.tmp files -> C:\Users\Flo\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.12 01:09:26 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.10 22:14:31 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.08.10 22:04:44 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\EMPIRE EARTH 2.lnk
[2011.08.08 18:35:25 | 001,664,070 | ---- | C] () -- C:\Users\Flo\Documents\minecraft villa.png
[2011.08.07 17:02:55 | 000,846,769 | ---- | C] () -- C:\Users\Flo\Documents\1312729365.0971.zip
[2011.08.07 15:34:34 | 000,038,623 | ---- | C] () -- C:\Users\Flo\Documents\m.class
[2011.08.07 15:34:34 | 000,037,616 | ---- | C] () -- C:\Users\Flo\Documents\fb.class
[2011.08.07 15:34:34 | 000,019,690 | ---- | C] () -- C:\Users\Flo\Documents\pt.class
[2011.08.07 15:34:34 | 000,010,095 | ---- | C] () -- C:\Users\Flo\Documents\mod_Mce.class
[2011.08.07 15:34:34 | 000,006,439 | ---- | C] () -- C:\Users\Flo\Documents\mod_Mce_Timers.class
[2011.08.07 15:34:34 | 000,005,114 | ---- | C] () -- C:\Users\Flo\Documents\mod_Mce_Fade_Timers.class
[2011.08.07 15:28:58 | 006,231,125 | ---- | C] () -- C:\Users\Flo\Documents\MCE v0.5a.zip
[2011.08.04 21:19:47 | 000,001,250 | ---- | C] () -- C:\Users\Flo\Desktop\Grand Ages Rome.lnk
[2011.08.03 10:59:02 | 000,002,908 | ---- | C] () -- C:\Users\Flo\Documents\Audio Deluxe vol. XV.axp
[2011.08.02 11:13:44 | 001,619,803 | ---- | C] () -- C:\Users\Flo\Documents\Nagareru - 1.0.zip
[2011.08.02 11:11:11 | 019,877,776 | ---- | C] () -- C:\Users\Flo\Documents\Misa221.zip
[2011.07.21 22:02:45 | 000,001,400 | ---- | C] () -- C:\Users\Flo\Desktop\Free YouTube to MP3 Converter.lnk
[2011.07.20 16:22:37 | 000,002,280 | ---- | C] () -- C:\Users\Public\Desktop\ArcaniA - Gothic 4 starten.lnk
[2011.07.19 16:15:28 | 000,000,994 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk
[2011.07.16 02:05:45 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Desperados 2.lnk
[2011.07.15 21:35:23 | 000,000,000 | ---- | C] () -- C:\Users\Flo\AppData\Local\{152D88D2-8926-4EEB-BE12-563EE8C1DD24}
[2011.07.15 21:35:01 | 000,000,000 | ---- | C] () -- C:\Users\Flo\AppData\Local\{27958000-80E0-437D-B1CD-13753A371E4A}
[2011.07.15 17:38:39 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.07.15 12:00:47 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2011.06.26 22:28:50 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.06.03 13:31:29 | 000,000,000 | ---- | C] () -- C:\Users\Flo\AppData\Local\{6FBE03BD-1D85-4FB4-9464-0730D8656103}
[2011.05.28 14:03:21 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011.05.21 20:13:38 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.21 20:13:36 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.05.21 20:13:36 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.05.12 17:12:51 | 000,000,091 | ---- | C] () -- C:\Users\Flo\AppData\Local\fusioncache.dat
[2011.05.12 17:10:07 | 001,555,058 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.04.07 19:40:47 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2011.02.13 12:37:29 | 000,000,137 | ---- | C] () -- C:\Users\Flo\AppData\Roaming\trueburner.ini
[2011.01.30 13:36:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2011.01.30 13:35:52 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.01.28 20:16:43 | 000,000,154 | ---- | C] () -- C:\Windows\SOF.INI
[2011.01.21 18:06:44 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.01.07 20:09:02 | 000,000,025 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.01.02 12:14:09 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\drivers\SSHDRV76.sys
[2010.12.05 14:59:53 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010.11.14 12:31:26 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.11.14 12:31:25 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.11.14 12:31:25 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.10.23 18:32:57 | 000,484,592 | ---- | C] () -- C:\Windows\SSndii.exe
[2010.10.23 18:31:21 | 000,159,400 | R--- | C] () -- C:\Windows\SysWow64\sskinst.exe
[2010.10.23 18:31:21 | 000,040,616 | R--- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2010.10.23 18:31:13 | 000,172,032 | R--- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2010.10.23 18:30:03 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2010.10.23 18:29:59 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2010.10.23 18:28:51 | 000,950,585 | ---- | C] () -- C:\Windows\SysWow64\libiconv-2.dll
[2010.10.23 18:27:04 | 000,115,952 | R--- | C] () -- C:\Windows\Wiainst.exe
[2010.10.23 18:18:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\wunilog.ini
[2010.10.23 16:30:39 | 000,000,748 | ---- | C] () -- C:\Windows\eReg.dat
[2010.10.15 13:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.16 00:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.08.28 23:54:56 | 000,010,875 | ---- | C] () -- C:\Windows\SysWow64\nicmgr.exe
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.07.01 15:31:15 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\.minecraft
[2011.05.04 16:37:01 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Canneverbe Limited
[2011.04.30 11:33:23 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\DAEMON Tools Lite
[2011.07.21 22:02:50 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\DVDVideoSoft
[2010.12.16 22:13:57 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.11 17:29:07 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\FCTB000063263
[2011.06.12 10:54:11 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Firefly Studios
[2010.12.05 14:59:55 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\FreeAudioPack
[2011.03.02 18:53:04 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\gnupg
[2011.08.04 22:31:04 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Grand Ages Rome
[2011.05.22 18:07:21 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Imperium Romanum
[2011.03.07 21:47:31 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\InterTrust
[2011.01.05 13:50:45 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Kuvu
[2011.06.07 17:11:04 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Langenscheidt
[2011.02.01 18:08:13 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\MAGIX
[2011.07.20 12:22:52 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Media Get LLC
[2010.12.23 21:11:41 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\NCH Swift Sound
[2011.05.11 17:29:16 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\PriceGong
[2010.11.17 15:07:57 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ProtectDISC
[2011.06.06 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Raptr
[2011.01.30 13:31:43 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\REAPER
[2010.10.23 18:31:14 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Samsung
[2011.08.10 22:15:15 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Sierra
[2011.03.22 21:38:01 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\TS3Client
[2011.06.26 11:56:50 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Tunngle
[2011.06.03 15:15:24 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Ubisoft
[2010.12.04 03:23:02 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\WildTangent
[2011.04.09 23:07:13 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\XRay Engine
[2011.01.05 13:54:07 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Yfycu
[2011.08.08 11:23:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
<  >
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.01 15:31:15 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\.minecraft
[2011.02.28 18:47:30 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Adobe
[2011.01.20 16:45:45 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\AdobeUM
[2010.10.19 21:07:06 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ATI
[2010.10.22 21:36:44 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Avira
[2010.12.24 22:11:54 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\AVS4YOU
[2011.05.04 16:37:01 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Canneverbe Limited
[2011.04.30 11:33:23 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\DAEMON Tools Lite
[2010.10.19 21:07:28 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Dell
[2010.11.12 18:48:00 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\DivX
[2011.01.20 18:05:06 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\dvdcss
[2011.07.21 22:02:50 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\DVDVideoSoft
[2010.12.16 22:13:57 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.11 17:29:07 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\FCTB000063263
[2011.06.12 10:54:11 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Firefly Studios
[2010.12.05 14:59:55 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\FreeAudioPack
[2011.03.02 18:53:04 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\gnupg
[2011.08.04 22:31:04 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Grand Ages Rome
[2010.10.19 21:06:39 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Identities
[2011.05.22 18:07:21 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Imperium Romanum
[2011.05.07 17:22:40 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\InstallShield
[2011.03.07 21:47:31 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\InterTrust
[2011.01.05 13:50:45 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Kuvu
[2011.06.07 17:11:04 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Langenscheidt
[2010.10.23 19:43:00 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Macromedia
[2010.10.30 19:22:04 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Macrovision
[2011.02.01 18:08:13 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\MAGIX
[2011.08.12 01:09:32 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Media Center Programs
[2011.07.20 12:22:52 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Media Get LLC
[2011.02.10 19:23:35 | 000,000,000 | --SD | M] -- C:\Users\Flo\AppData\Roaming\Microsoft
[2011.06.08 14:13:44 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Mozilla
[2011.02.11 21:00:27 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\NCH Software
[2010.12.23 21:11:41 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\NCH Swift Sound
[2011.01.24 16:29:50 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Nero
[2011.07.15 14:07:09 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\NVIDIA
[2011.05.11 17:29:16 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\PriceGong
[2010.11.17 15:07:57 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\ProtectDISC
[2011.06.06 19:51:34 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Raptr
[2011.01.30 13:31:43 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\REAPER
[2010.10.19 21:07:08 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Roxio
[2011.02.13 12:15:01 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Roxio Log Files
[2010.10.23 18:31:14 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Samsung
[2010.11.05 19:22:16 | 000,000,000 | RH-D | M] -- C:\Users\Flo\AppData\Roaming\SecuROM
[2011.08.10 22:15:15 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Sierra
[2011.07.26 22:02:41 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Skype
[2011.06.13 19:35:59 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\teamspeak2
[2011.03.22 21:38:01 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\TS3Client
[2011.06.26 11:56:50 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Tunngle
[2011.06.03 15:15:24 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Ubisoft
[2011.07.17 16:32:24 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\vlc
[2010.12.04 03:23:02 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\WildTangent
[2010.11.12 18:27:28 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\WinRAR
[2011.04.29 18:29:03 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Xfire
[2011.04.09 23:07:13 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\XRay Engine
[2011.01.30 13:36:52 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Yahoo!
[2011.01.05 13:54:07 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Yfycu
 
< %APPDATA%\*.exe /s >
[2010.10.20 21:40:40 | 000,143,496 | ---- | M] (FreeCause Inc.) -- C:\Users\Flo\AppData\Roaming\FCTB000063263\Toolbar\ToolbarUpdate.exe
[2009.03.24 23:43:02 | 000,096,256 | ---- | M] (FreeCause Inc.) -- C:\Users\Flo\AppData\Roaming\FCTB000063263\Toolbar\TroubleShooter.exe
[2010.12.24 23:22:04 | 000,061,912 | ---- | M] () -- C:\Users\Flo\AppData\Roaming\FCTB000063263\Toolbar\Uninst.exe
[3 C:\Users\Flo\AppData\Roaming\FCTB000063263\Toolbar\*.tmp files -> C:\Users\Flo\AppData\Roaming\FCTB000063263\Toolbar\*.tmp -> ]
[2011.05.11 17:30:45 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Flo\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.11.14 14:29:38 | 000,010,134 | R--- | M] () -- C:\Users\Flo\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
[2011.05.07 17:49:48 | 000,006,144 | R--- | M] () -- C:\Users\Flo\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon83F12F734.exe
[2011.05.07 17:49:48 | 000,011,264 | R--- | M] () -- C:\Users\Flo\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon8F99E711.exe
[2011.05.07 17:49:48 | 000,008,192 | R--- | M] () -- C:\Users\Flo\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\IconD0B36BAF3.exe
[2011.03.03 19:29:49 | 000,010,134 | R--- | M] () -- C:\Users\Flo\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.06.07 15:11:36 | 000,052,616 | ---- | M] () -- C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\9075mgwx.default\extensions\toolbar@ask.com\chrome\content\issigned.exe
[2011.08.02 15:56:18 | 000,346,576 | ---- | M] (Ask.com) -- C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\9075mgwx.default\extensions\toolbar@ask.com\chrome\content\NeroApplicationManager.exe
[2011.06.10 15:23:37 | 003,486,088 | ---- | M] (Ask) -- C:\Users\Flo\AppData\Roaming\Mozilla\Firefox\Profiles\9075mgwx.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2007.08.29 16:36:04 | 000,126,806 | ---- | M] () -- C:\Users\Flo\AppData\Roaming\NCH Software\Components\amrdec\amrdec.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010.10.15 23:19:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010.10.15 23:19:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010.10.15 23:19:26 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >
 
========== Files - Unicode (All) ==========
[2010.11.25 17:57:39 | 000,000,000 | ---D | M](C:\Users\Flo\Documents\?? ???) -- C:\Users\Flo\Documents\넥슨 플러그
[2010.11.25 17:57:39 | 000,000,000 | ---D | C](C:\Users\Flo\Documents\?? ???) -- C:\Users\Flo\Documents\넥슨 플러그

< End of report >
         
--- --- ---


Alt 12.08.2011, 11:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Standard

jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd



Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
--> jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd

Alt 15.08.2011, 09:02   #7
Gringo0602
 
jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Standard

jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd



Ich musste Malwarebytes nochmal installieren, mein computer...

ich mache gerade neuen vollscan.. soll ich wirklich ALLE " no action " löschen ?

LG Gringo0602

Alt 15.08.2011, 09:07   #8
Gringo0602
 
jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Standard

jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd



Zitat:
Zitat von Gringo0602 Beitrag anzeigen
Ich musste Malwarebytes nochmal installieren, mein computer...

ich mache gerade neuen vollscan. Wenn der dann fertig gescannt hat, soll ich wirklich ALLE " --> no action taken " löschen?
Kennst du zufällig den Virus mit dem "my Websearch" ?

LG Gringo0602
Danke schon mal im Voraus.

Alt 15.08.2011, 09:10   #9
Gringo0602
 
jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Standard

jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd



Hm... ich bin ein Bob... ich bin aus versehen auf zitieren und nicht auf editieren gegangen..

sorry ...

Alt 15.08.2011, 15:43   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Standard

jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd



Welchen Teil von "alles entfernen" hast du nicht verstanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.08.2011, 22:16   #11
Gringo0602
 
jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Standard

jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd



DANKE DANKE DANKE DANKE DANKE DANKE DAAAAAAAAAAANKE DANKEEEEE !!!
KEINE Fehlermeldungen mehr ! Falls noch iwelche probleme auftreten, meld ich mich nochmal.

PS @ cosinus DAAANKEE für alles, vor allem für deine GEDULT xD

LG Gringo

Alt 15.08.2011, 22:34   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Standard

jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd



Wir sind noch nicht durch! Mach ein neues Log mit OTL:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd
anfang, angezeigt, antivir, avira, avira antivir, einfach, fehlermeldung, heute, hoffe, modul, nicht mehr, nicht sicher, nichts, pferd, plötzlich, quarantäne, scan, sofort, starte, starten, startup, trojanisches, trojanisches pferd, warum, wiederherstellen, windows, windows 7, würde



Ähnliche Themen: jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd


  1. trojanisches pferd?
    Log-Analyse und Auswertung - 19.02.2014 (9)
  2. Trojanisches Pferd
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (13)
  3. Trojanisches Pferd
    Log-Analyse und Auswertung - 10.05.2011 (1)
  4. Trojanisches Pferd TR/Patched.Gen //// Trojanisches Pferd TR/Refroso.ayol
    Überwachung, Datenschutz und Spam - 26.12.2010 (6)
  5. Trojanisches Pferd
    Plagegeister aller Art und deren Bekämpfung - 03.08.2008 (3)
  6. Trojanisches Pferd
    Plagegeister aller Art und deren Bekämpfung - 19.01.2008 (8)
  7. Trojanisches Pferd
    Log-Analyse und Auswertung - 02.11.2007 (9)
  8. Trojanisches Pferd
    Plagegeister aller Art und deren Bekämpfung - 28.07.2007 (4)
  9. Trojanisches Pferd in winlogon.exe
    Log-Analyse und Auswertung - 12.05.2006 (1)
  10. Trojanisches Pferd TR/BHO.b.3.
    Plagegeister aller Art und deren Bekämpfung - 11.01.2006 (7)
  11. Trojanisches Pferd TR/Swizzor.GF
    Plagegeister aller Art und deren Bekämpfung - 03.09.2005 (7)
  12. Trojanisches Pferd
    Plagegeister aller Art und deren Bekämpfung - 16.08.2005 (1)
  13. Trojanisches Pferd TR
    Plagegeister aller Art und deren Bekämpfung - 21.06.2005 (1)
  14. Trojanisches Pferd TR/StartPage.UO
    Plagegeister aller Art und deren Bekämpfung - 26.02.2005 (9)
  15. Trojanisches Pferd
    Log-Analyse und Auswertung - 26.01.2005 (3)
  16. Trojanisches Pferd?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2004 (1)
  17. Trojanisches Pferd AVG ???
    Plagegeister aller Art und deren Bekämpfung - 12.02.2003 (1)

Zum Thema jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd - Hallo erstmal, ich habe letztens mein Avira AntiVir durchsuchen lassen und dann wurde da ganz oft angezeigt: C:\ Users\NAME\jload9B.dll ist ein trojanisches Pferd(ich weiss leider nicht mehr die genaue Virusmeldung, - jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd...
Archiv
Du betrachtest: jload9B.dll; scanndiskwg90.dll ist ein trojanisches Pferd auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.