Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 26.08.2011, 16:38   #1
Gina86
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Hallo zusammen,

soeben erhielt ich eine Meldung von AntiVir, dass schädliche Dateien auf meinem PC sind ("Adware.WidgiToolbar"). Ich habe bei google gesucht und bin auf diese Seite gestoßen. Nachdem ich ein paar Themen von anderen Usern durchgelesen habe, bin ich verunsichert, ob mein PC trotz der später durchgeführten AntiVir- bzw. MBAM-Quarantäne nicht doch noch infiziert ist.

Es würde mich sehr freuen, wenn mir dabei jemand helfen kann, da ich absolut keine Ahnung davon habe.
Aber nun mal der Reihe nach:

Die AntiVir-Meldung habe ich anfangs "ignoriert", also das Fenster offen gelassen und statt dessen einen Quickscan durch MBAM laufen lassen. Hier wurde zusätzlich zur "Adware.WidgiToolbar" noch "PUP.Dealio" gefunden. Ich habe die Funde entfernt und einen zweiten Qickscan durchgeführt (beide Logs im Anhang).
Dann wurde mir nach dem Neustart über dieses Fähnchen bei Windows unten rechts mitgeteilt, dass AntiVir immer noch dieses "Adware.WidgiToolbar" in Quarantäne stellen möchte. Ich habe das dann bestätigt, wobei ja eigentlich MBAM diesen Fund schon beseitigt hatte...
Nachdem ich dann in den Regeln des Forums gelesen habe, dass man mittels Defogger irgendwas "disablen" soll, habe ich diesen Schritt durchgeführt und zuletzt meinen PC neugestartet. Zu diesem Defogger gibt es eine disable_log-Datei (s. Anhang).

Da ich nicht weiß, in welcher Reihenfolge ich jetzt weiter vorgehen soll, belasse ich es nun mal bei diesen Vorgängen und hoffe, dass mir jemand von euch weiterhelfen kann.

Viele Grüße

Regina

Alt 26.08.2011, 19:54   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Zitat:
soeben erhielt ich eine Meldung von AntiVir, dass schädliche Dateien auf meinem PC sind ("Adware.WidgiToolbar").
Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.
__________________

__________________

Alt 26.08.2011, 21:43   #3
Gina86
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Hallo cosinus,

vielen Dank für deine Nachricht. In meinem ersten Post hatte ich bereits zwei Logs als Anhang gesendet, in denen die Funde beschrieben wurden.
Da ich nicht weiß, welche weiteren Logs du meinst, habe ich nun noch mal einen Vollscan bei MBAM durchgeführt und die Funde gelöscht:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7582

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

26.08.2011 22:04:48
mbam-log-2011-08-26 (22-04-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 268896
Laufzeit: 30 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.5 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.6 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
__________________

Alt 27.08.2011, 10:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Meinst du mit AntiVir den von Avira oder Malwarebytes? Wenn Avisra dann auch davon das Log posten!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.08.2011, 12:28   #5
Gina86
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Mit AntiVir meine ich den von Avira, das den Fund zunächst gemeldet hat, ohne dass ich einen Scan durchgeführt habe. Malwarebytes habe ich danach installiert und damit auch die Funde in Quarantäne gesetzt. Bei AntiVir habe ich noch mal geschaut, dort ist der Fund überhaupt nicht mehr aufgeführt, vielleicht weil ich alles weitere mit Malwarebytes gemacht habe. Somit gibt es auch keinen Log von AntiVir.


Alt 27.08.2011, 12:44   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM

Alt 27.08.2011, 14:19   #7
Gina86
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Vielen Dank für die ausführliche Anleitung. Nachdem der Scan beendet war, bekam ich noch eine Windowsmeldung, dass ESET ggf. nicht vollständig installiert wurde. Ist das normal? Hier der Log von ESET:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=f631a0a53e36d54688334f85a3f3839a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-27 01:11:30
# local_time=2011-08-27 03:11:30 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 80450 50984008 74882 0
# compatibility_mode=5893 16776573 100 94 82327 66078343 0 0
# compatibility_mode=8192 67108863 100 0 207 207 0 0
# scanned=130442
# found=3
# cleaned=0
# scan_time=3538
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\befc.msi a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Adware.Toolbar.Dealio application 00000000000000000000000000000000 I

Alt 28.08.2011, 13:42   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.08.2011, 14:37   #9
Gina86
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Hallo Arne,

hier die beiden OTL-Logs:

OTL.txt:

Code:
ATTFilter
OTL logfile created on: 28.08.2011 15:05:44 - Run 1
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Users\Regina\Desktop\Downloads\Trojaner-Board
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 77,88% Memory free
6,50 Gb Paging File | 5,60 Gb Available in Paging File | 86,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 206,48 Gb Total Space | 165,35 Gb Free Space | 80,08% Space Free | Partition Type: NTFS
Drive D: | 58,50 Gb Total Space | 35,74 Gb Free Space | 61,10% Space Free | Partition Type: NTFS
Drive E: | 200,69 Gb Total Space | 159,37 Gb Free Space | 79,41% Space Free | Partition Type: NTFS
 
Computer Name: REGINA-PC | User Name: Regina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.26 15:54:55 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Regina\Desktop\Downloads\Trojaner-Board\OTL.exe
PRC - [2011.08.17 13:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.06.30 23:26:40 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.10 22:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.05.02 19:06:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.07 21:48:04 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.08.14 10:10:47 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.03 13:46:00 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.08.14 10:10:47 | 000,614,400 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\khalwrapper.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.06.30 23:26:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.10 22:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2011.05.02 19:06:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.07.09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.07.04 19:07:40 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.06.30 23:26:40 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 23:26:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.06.10 22:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.14 23:32:59 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.07.10 00:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.14 09:32:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.04.27 04:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010.04.27 04:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010.04.27 04:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 18:55:58 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidEqd.sys -- (LHidEqd)
DRV - [2009.06.17 18:55:50 | 000,040,720 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.23 13:08:26 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0C 55 86 18 C0 3B CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de/"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Regina\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Regina\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.24 15:36:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.24 15:36:50 | 000,000,000 | ---D | M]
 
[2010.08.16 01:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Regina\AppData\Roaming\mozilla\Extensions
[2011.08.27 14:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\fqc5nj4w.default\extensions
[2011.03.09 20:38:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\fqc5nj4w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.11 22:51:43 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\fqc5nj4w.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.15 23:25:47 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\fqc5nj4w.default\extensions\zotero@chnm.gmu.edu
[2011.08.25 09:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.12.20 00:40:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.18 20:39:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.27 22:01:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.09 00:32:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.23 17:41:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.11 18:18:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.08.25 09:25:55 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011.08.25 09:25:55 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.09.25 13:07:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.25 13:07:01 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.25 13:07:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.25 13:07:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.25 13:07:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.14 21:37:53 | 000,000,998 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [MultiScreen]  File not found
O4 - Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.77 194.8.194.60
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.CSCD - camcodec.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.IPJ2 - jp2avi.dll File not found
Drivers32: vidc.LAGS - lagarith.dll File not found
Drivers32: vidc.VP40 - vp4vfw.dll File not found
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP70 - vp7vfw.dll File not found
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.27 14:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.08.26 15:41:23 | 000,000,000 | ---D | C] -- C:\Users\Regina\AppData\Roaming\Malwarebytes
[2011.08.26 15:40:43 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.08.26 15:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.26 15:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.26 15:40:40 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.26 15:40:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.25 09:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2011.08.25 09:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011.08.12 14:51:05 | 000,000,000 | ---D | C] -- C:\Users\Regina\AppData\Roaming\Logitech
[2011.08.12 14:51:00 | 000,000,000 | ---D | C] -- C:\Users\Regina\AppData\Roaming\Leadertech
[2011.08.12 14:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011.08.12 14:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011.08.12 14:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2011.08.12 14:48:18 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011.08.12 14:48:06 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.28 14:16:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2171858933-4223678210-2926809048-1000UA.job
[2011.08.28 14:16:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2171858933-4223678210-2926809048-1000Core.job
[2011.08.28 13:21:52 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.28 13:21:52 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.28 13:14:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.28 13:14:28 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.27 14:14:25 | 000,657,438 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.27 14:14:25 | 000,618,714 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.27 14:14:25 | 000,130,810 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.27 14:14:25 | 000,107,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.26 16:36:55 | 000,000,020 | ---- | M] () -- C:\Users\Regina\defogger_reenable
[2011.08.26 15:40:44 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.24 09:46:52 | 000,007,597 | ---- | M] () -- C:\Users\Regina\AppData\Local\Resmon.ResmonCfg
[2011.08.24 08:46:04 | 000,003,947 | ---- | M] () -- C:\Users\Regina\.recently-used.xbel
[2011.08.15 18:37:13 | 000,001,288 | ---- | M] () -- C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2011.08.12 14:49:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2011.08.12 14:49:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2011.08.12 14:49:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2011.08.12 14:49:35 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2011.08.12 14:48:53 | 000,001,962 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011.08.12 00:59:16 | 000,296,385 | ---- | M] () -- C:\Users\Regina\Desktop\Ford_Praktikant Controlling und Finanzen.pdf
 
========== Files Created - No Company Name ==========
 
[2011.08.26 16:36:46 | 000,000,020 | ---- | C] () -- C:\Users\Regina\defogger_reenable
[2011.08.26 15:40:44 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.24 09:46:52 | 000,007,597 | ---- | C] () -- C:\Users\Regina\AppData\Local\Resmon.ResmonCfg
[2011.08.24 08:46:04 | 000,003,947 | ---- | C] () -- C:\Users\Regina\.recently-used.xbel
[2011.08.15 18:37:13 | 000,001,288 | ---- | C] () -- C:\Users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2011.08.12 14:49:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2011.08.12 14:49:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2011.08.12 14:49:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidEqd_01005.Wdf
[2011.08.12 14:49:35 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LEqdUsb_01005.Wdf
[2011.08.12 14:48:53 | 000,001,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2011.08.12 00:59:16 | 000,296,385 | ---- | C] () -- C:\Users\Regina\Desktop\Ford_Praktikant Controlling und Finanzen.pdf
[2011.06.02 15:04:49 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011.04.12 19:50:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.12.20 00:41:39 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.18 17:12:42 | 000,000,038 | -HS- | C] () -- C:\Windows\camcodec100.ini
[2010.12.18 17:12:42 | 000,000,028 | -HS- | C] () -- C:\Windows\lagarith.ini
[2010.12.18 17:12:10 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.09.30 04:25:33 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.09.30 04:25:33 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.08.26 11:20:22 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2010.08.18 14:36:18 | 000,001,720 | ---- | C] () -- C:\Windows\hpdj3600.ini
[2010.08.14 20:24:12 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.08.14 09:53:30 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssp4ml3.dll
[2009.07.14 10:47:43 | 000,657,438 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,130,810 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,417,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,618,714 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,107,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2010.10.09 01:51:46 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Amazon
[2011.04.23 21:19:46 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Canneverbe Limited
[2010.08.14 23:37:31 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\DAEMON Tools Lite
[2011.08.28 14:26:42 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Dropbox
[2011.08.14 19:32:44 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\gtk-2.0
[2011.08.12 15:19:38 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\ICQ
[2011.08.12 14:51:00 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Leadertech
[2010.10.15 00:59:12 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\ML
[2010.12.18 19:26:42 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\mp3DirectCut
[2010.09.30 04:25:29 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Samsung
[2011.03.06 21:46:13 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\TeamViewer
[2011.07.20 23:26:14 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Ubisoft
[2011.08.22 19:07:50 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.08.18 14:31:25 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Adobe
[2010.10.09 01:51:46 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Amazon
[2010.08.22 14:23:53 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Apple Computer
[2010.09.03 19:28:09 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Avira
[2011.04.23 21:19:46 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Canneverbe Limited
[2010.08.14 23:37:31 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\DAEMON Tools Lite
[2011.08.28 14:26:42 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Dropbox
[2011.08.14 19:32:44 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\gtk-2.0
[2011.08.12 15:19:38 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\ICQ
[2010.08.14 16:44:00 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Identities
[2011.08.12 14:51:00 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Leadertech
[2011.08.12 14:51:05 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Logitech
[2010.08.14 16:51:55 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Macromedia
[2011.08.26 15:41:23 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Media Center Programs
[2011.04.23 22:01:15 | 000,000,000 | --SD | M] -- C:\Users\Regina\AppData\Roaming\Microsoft
[2010.10.15 00:59:12 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\ML
[2010.08.16 01:26:37 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Mozilla
[2010.12.18 19:26:42 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\mp3DirectCut
[2010.09.30 04:25:29 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Samsung
[2011.03.14 22:17:45 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Skype
[2011.03.14 20:58:02 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\skypePM
[2011.03.06 21:46:13 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\TeamViewer
[2011.07.20 23:26:14 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\Ubisoft
[2010.08.14 21:36:46 | 000,000,000 | ---D | M] -- C:\Users\Regina\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.05.25 22:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Regina\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 22:07:42 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Regina\AppData\Roaming\Dropbox\bin\Uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

und Extras.txt:

Code:
ATTFilter
OTL Extras logfile created on: 28.08.2011 15:05:44 - Run 1
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Users\Regina\Desktop\Downloads\Trojaner-Board
 An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 77,88% Memory free
6,50 Gb Paging File | 5,60 Gb Available in Paging File | 86,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 206,48 Gb Total Space | 165,35 Gb Free Space | 80,08% Space Free | Partition Type: NTFS
Drive D: | 58,50 Gb Total Space | 35,74 Gb Free Space | 61,10% Space Free | Partition Type: NTFS
Drive E: | 200,69 Gb Total Space | 159,37 Gb Free Space | 79,41% Space Free | Partition Type: NTFS
 
Computer Name: REGINA-PC | User Name: Regina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3140 Banner Remover 1.0
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7CF6E959-07C5-4F5B-AAEC-7406DFFDC20E}" = Adobe FrameMaker v7.2
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B571687A-1AE6-4C32-9B5B-678BECB556BE}" = Cisco AnyConnect VPN Client
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Hardcopy(c__hardcopy)" = Hardcopy (c:\hardcopy)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"Samsung ML-191x 252x Series" = Wartung Samsung ML-191x 252x Series
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"TeamViewer 6" = TeamViewer 6
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         

Alt 28.08.2011, 15:59   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - [2011.08.17 13:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://google.de/"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.6
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="
[2011.01.15 23:25:47 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\fqc5nj4w.default\extensions\zotero@chnm.gmu.edu
[2011.08.25 09:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.08.25 09:25:55 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011.08.25 09:25:55 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
O4 - HKCU..\Run: [MultiScreen]  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Files
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Windows\Installer\befc.msi
C:\Program Files\Common Files\Spigot
C:\PROGRAM FILES\PDFFORGE TOOLBAR
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.08.2011, 16:56   #11
Gina86
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Hallo Arne,

weiterhin vielen Dank für deine Hilfe. Anbei das Logfile:

Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
Prefs.js: "Yahoo" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=971163" removed from browser.search.param.yahoo-fr
Prefs.js: "Yahoo" removed from browser.search.selectedEngine
Prefs.js: "hxxp://google.de/" removed from browser.startup.homepage
Prefs.js: pdfforge@mybrowserbar.com:4.6 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.6 removed from extensions.enabledItems
Prefs.js: zotero@chnm.gmu.edu:2.0.9 removed from extensions.enabledItems
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=" removed from keyword.URL
C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\fqc5nj4w.default\extensions\zotero@chnm.gmu.edu\scripts folder moved successfully.
C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\fqc5nj4w.default\extensions\zotero@chnm.gmu.edu\idl folder moved successfully.
C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\fqc5nj4w.default\extensions\zotero@chnm.gmu.edu\defaults\preferences folder moved successfully.
C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\fqc5nj4w.default\extensions\zotero@chnm.gmu.edu\defaults folder moved successfully.
C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\fqc5nj4w.default\extensions\zotero@chnm.gmu.edu\components folder moved successfully.
C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\fqc5nj4w.default\extensions\zotero@chnm.gmu.edu\chrome folder moved successfully.
C:\Users\Regina\AppData\Roaming\mozilla\Firefox\Profiles\fqc5nj4w.default\extensions\zotero@chnm.gmu.edu folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome\icons\default folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome\icons folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\skin folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MultiScreen deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe not found.
C:\Windows\Installer\befc.msi moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\PROGRAM FILES\pdfforge Toolbar\Res folder moved successfully.
C:\PROGRAM FILES\pdfforge Toolbar\IE\4.6 folder moved successfully.
C:\PROGRAM FILES\pdfforge Toolbar\IE folder moved successfully.
C:\PROGRAM FILES\pdfforge Toolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Regina
->Temp folder emptied: 43946377 bytes
->Temporary Internet Files folder emptied: 51480152 bytes
->Java cache emptied: 3949364 bytes
->FireFox cache emptied: 55128827 bytes
->Google Chrome cache emptied: 457037998 bytes
->Flash cache emptied: 14088 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37257317 bytes
RecycleBin emptied: 9310957795 bytes
 
Total Files Cleaned = 9.498,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.5 log created on 08282011_174815

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 28.08.2011, 17:10   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.08.2011, 17:33   #13
Gina86
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Hallo Arne,

hier das Log von Kaspersky:

Code:
ATTFilter
2011/08/28 18:30:06.0250 3700	TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/28 18:30:06.0297 3700	================================================================================
2011/08/28 18:30:06.0297 3700	SystemInfo:
2011/08/28 18:30:06.0297 3700	
2011/08/28 18:30:06.0297 3700	OS Version: 6.1.7601 ServicePack: 1.0
2011/08/28 18:30:06.0297 3700	Product type: Workstation
2011/08/28 18:30:06.0297 3700	ComputerName: REGINA-PC
2011/08/28 18:30:06.0297 3700	UserName: Regina
2011/08/28 18:30:06.0297 3700	Windows directory: C:\Windows
2011/08/28 18:30:06.0297 3700	System windows directory: C:\Windows
2011/08/28 18:30:06.0297 3700	Processor architecture: Intel x86
2011/08/28 18:30:06.0297 3700	Number of processors: 3
2011/08/28 18:30:06.0297 3700	Page size: 0x1000
2011/08/28 18:30:06.0297 3700	Boot type: Normal boot
2011/08/28 18:30:06.0297 3700	================================================================================
2011/08/28 18:30:07.0219 3700	Initialize success
2011/08/28 18:30:19.0235 0592	================================================================================
2011/08/28 18:30:19.0235 0592	Scan started
2011/08/28 18:30:19.0235 0592	Mode: Manual; 
2011/08/28 18:30:19.0235 0592	================================================================================
2011/08/28 18:30:19.0766 0592	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
2011/08/28 18:30:19.0797 0592	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
2011/08/28 18:30:19.0829 0592	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
2011/08/28 18:30:19.0875 0592	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/28 18:30:19.0907 0592	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/28 18:30:19.0938 0592	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/28 18:30:19.0985 0592	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
2011/08/28 18:30:20.0016 0592	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
2011/08/28 18:30:20.0032 0592	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/08/28 18:30:20.0079 0592	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
2011/08/28 18:30:20.0094 0592	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
2011/08/28 18:30:20.0110 0592	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
2011/08/28 18:30:20.0141 0592	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/28 18:30:20.0157 0592	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/28 18:30:20.0204 0592	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
2011/08/28 18:30:20.0219 0592	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/28 18:30:20.0250 0592	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
2011/08/28 18:30:20.0297 0592	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
2011/08/28 18:30:20.0344 0592	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/08/28 18:30:20.0375 0592	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/28 18:30:20.0391 0592	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/28 18:30:20.0422 0592	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
2011/08/28 18:30:20.0454 0592	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/28 18:30:20.0485 0592	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/28 18:30:20.0516 0592	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/08/28 18:30:20.0547 0592	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/08/28 18:30:20.0579 0592	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/08/28 18:30:20.0610 0592	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/28 18:30:20.0657 0592	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/28 18:30:20.0688 0592	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/28 18:30:20.0704 0592	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/28 18:30:20.0735 0592	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/08/28 18:30:20.0750 0592	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/28 18:30:20.0766 0592	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/28 18:30:20.0782 0592	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/28 18:30:20.0813 0592	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/28 18:30:20.0844 0592	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/28 18:30:20.0875 0592	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
2011/08/28 18:30:20.0907 0592	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/28 18:30:20.0938 0592	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/08/28 18:30:20.0985 0592	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/28 18:30:21.0000 0592	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
2011/08/28 18:30:21.0016 0592	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/08/28 18:30:21.0047 0592	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/28 18:30:21.0079 0592	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/28 18:30:21.0094 0592	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/28 18:30:21.0157 0592	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
2011/08/28 18:30:21.0219 0592	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
2011/08/28 18:30:21.0250 0592	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/08/28 18:30:21.0266 0592	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/08/28 18:30:21.0313 0592	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/08/28 18:30:21.0360 0592	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/28 18:30:21.0422 0592	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/08/28 18:30:21.0516 0592	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/28 18:30:21.0547 0592	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
2011/08/28 18:30:21.0579 0592	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/08/28 18:30:21.0625 0592	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/08/28 18:30:21.0657 0592	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/28 18:30:21.0688 0592	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/08/28 18:30:21.0704 0592	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/08/28 18:30:21.0719 0592	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/28 18:30:21.0750 0592	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/08/28 18:30:21.0782 0592	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/08/28 18:30:21.0829 0592	FsUsbExDisk     (cbe5f69a5e5b918225f420ba748f3742) C:\Windows\system32\FsUsbExDisk.SYS
2011/08/28 18:30:21.0875 0592	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/28 18:30:21.0907 0592	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/28 18:30:21.0938 0592	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/28 18:30:21.0985 0592	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/28 18:30:22.0000 0592	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/28 18:30:22.0047 0592	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
2011/08/28 18:30:22.0079 0592	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/28 18:30:22.0094 0592	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/28 18:30:22.0110 0592	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/28 18:30:22.0125 0592	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/28 18:30:22.0157 0592	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/28 18:30:22.0188 0592	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/28 18:30:22.0235 0592	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
2011/08/28 18:30:22.0282 0592	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/28 18:30:22.0313 0592	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
2011/08/28 18:30:22.0360 0592	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
2011/08/28 18:30:22.0375 0592	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/28 18:30:22.0422 0592	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
2011/08/28 18:30:22.0438 0592	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/28 18:30:22.0454 0592	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/28 18:30:22.0485 0592	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/28 18:30:22.0500 0592	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/08/28 18:30:22.0547 0592	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/08/28 18:30:22.0563 0592	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
2011/08/28 18:30:22.0579 0592	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
2011/08/28 18:30:22.0610 0592	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/28 18:30:22.0641 0592	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/28 18:30:22.0688 0592	KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/28 18:30:22.0704 0592	KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/28 18:30:22.0766 0592	LEqdUsb         (70035567754bed4e6ad353ca3f175127) C:\Windows\system32\Drivers\LEqdUsb.Sys
2011/08/28 18:30:22.0813 0592	LHidEqd         (32491b6bae0afad1d7a62c0ef0af4321) C:\Windows\system32\Drivers\LHidEqd.Sys
2011/08/28 18:30:22.0860 0592	LHidFilt        (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/08/28 18:30:22.0907 0592	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/28 18:30:22.0938 0592	LMouFilt        (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/08/28 18:30:22.0969 0592	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/28 18:30:22.0985 0592	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/28 18:30:23.0000 0592	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/28 18:30:23.0016 0592	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/28 18:30:23.0047 0592	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/08/28 18:30:23.0079 0592	LUsbFilt        (77030525cd86a93f1af34fa9b96d33ce) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/08/28 18:30:23.0125 0592	MBAMSwissArmy   (b18225739ed9caa83ba2df966e9f43e8) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/08/28 18:30:23.0157 0592	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/28 18:30:23.0172 0592	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/28 18:30:23.0204 0592	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/08/28 18:30:23.0219 0592	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/28 18:30:23.0266 0592	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/28 18:30:23.0297 0592	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/28 18:30:23.0329 0592	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
2011/08/28 18:30:23.0360 0592	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
2011/08/28 18:30:23.0375 0592	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/28 18:30:23.0422 0592	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
2011/08/28 18:30:23.0454 0592	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/28 18:30:23.0485 0592	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/28 18:30:23.0516 0592	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/28 18:30:23.0547 0592	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
2011/08/28 18:30:23.0563 0592	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
2011/08/28 18:30:23.0594 0592	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/08/28 18:30:23.0625 0592	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/28 18:30:23.0641 0592	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
2011/08/28 18:30:23.0672 0592	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/28 18:30:23.0688 0592	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/28 18:30:23.0719 0592	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/08/28 18:30:23.0735 0592	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/08/28 18:30:23.0766 0592	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
2011/08/28 18:30:23.0797 0592	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/08/28 18:30:23.0813 0592	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/28 18:30:23.0829 0592	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/08/28 18:30:23.0860 0592	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/28 18:30:23.0922 0592	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
2011/08/28 18:30:23.0938 0592	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/28 18:30:23.0969 0592	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/28 18:30:24.0016 0592	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/28 18:30:24.0047 0592	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/28 18:30:24.0079 0592	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
2011/08/28 18:30:24.0110 0592	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/28 18:30:24.0141 0592	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/28 18:30:24.0204 0592	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/28 18:30:24.0250 0592	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/08/28 18:30:24.0266 0592	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/28 18:30:24.0313 0592	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
2011/08/28 18:30:24.0375 0592	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/08/28 18:30:24.0407 0592	NVENETFD        (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/08/28 18:30:24.0579 0592	nvlddmkm        (377140a534d013bd661c69f1741de43c) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/28 18:30:24.0672 0592	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
2011/08/28 18:30:24.0704 0592	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
2011/08/28 18:30:24.0735 0592	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
2011/08/28 18:30:24.0766 0592	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
2011/08/28 18:30:24.0829 0592	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/08/28 18:30:24.0860 0592	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
2011/08/28 18:30:24.0891 0592	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/08/28 18:30:24.0907 0592	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
2011/08/28 18:30:24.0922 0592	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
2011/08/28 18:30:24.0954 0592	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/28 18:30:24.0969 0592	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/08/28 18:30:25.0000 0592	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/08/28 18:30:25.0094 0592	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/28 18:30:25.0125 0592	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/08/28 18:30:25.0141 0592	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/28 18:30:25.0188 0592	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/28 18:30:25.0235 0592	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/28 18:30:25.0250 0592	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/28 18:30:25.0266 0592	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/28 18:30:25.0282 0592	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/28 18:30:25.0313 0592	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/28 18:30:25.0360 0592	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/28 18:30:25.0375 0592	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/28 18:30:25.0422 0592	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/28 18:30:25.0454 0592	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/28 18:30:25.0485 0592	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/28 18:30:25.0516 0592	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
2011/08/28 18:30:25.0563 0592	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/28 18:30:25.0579 0592	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/28 18:30:25.0610 0592	RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
2011/08/28 18:30:25.0657 0592	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
2011/08/28 18:30:25.0688 0592	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/28 18:30:25.0735 0592	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
2011/08/28 18:30:25.0782 0592	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
2011/08/28 18:30:25.0797 0592	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/28 18:30:25.0829 0592	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/28 18:30:25.0875 0592	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/28 18:30:25.0907 0592	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/08/28 18:30:25.0922 0592	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/28 18:30:25.0969 0592	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
2011/08/28 18:30:25.0985 0592	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/28 18:30:26.0016 0592	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/28 18:30:26.0032 0592	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/28 18:30:26.0063 0592	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
2011/08/28 18:30:26.0079 0592	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/28 18:30:26.0094 0592	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/28 18:30:26.0125 0592	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/08/28 18:30:26.0157 0592	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/08/28 18:30:26.0219 0592	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
2011/08/28 18:30:26.0297 0592	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
2011/08/28 18:30:26.0329 0592	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/28 18:30:26.0360 0592	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/28 18:30:26.0391 0592	sscdbus         (ffe42941e0326c322f40b0b79a46493c) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/08/28 18:30:26.0438 0592	sscdmdfl        (a68e7d87adfbb8c50d88cd58230c6819) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/08/28 18:30:26.0469 0592	sscdmdm         (b534b24151281856ec2f69ed3d6d60dd) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/08/28 18:30:26.0500 0592	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/08/28 18:30:26.0532 0592	SSPORT          (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
2011/08/28 18:30:26.0579 0592	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/28 18:30:26.0610 0592	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
2011/08/28 18:30:26.0641 0592	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
2011/08/28 18:30:26.0657 0592	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
2011/08/28 18:30:26.0735 0592	Tcpip           (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys
2011/08/28 18:30:26.0782 0592	TCPIP6          (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/28 18:30:26.0829 0592	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/28 18:30:26.0860 0592	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
2011/08/28 18:30:26.0875 0592	TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
2011/08/28 18:30:26.0922 0592	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/28 18:30:26.0969 0592	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
2011/08/28 18:30:27.0016 0592	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/28 18:30:27.0047 0592	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/28 18:30:27.0079 0592	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/28 18:30:27.0110 0592	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/28 18:30:27.0157 0592	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/28 18:30:27.0188 0592	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/28 18:30:27.0235 0592	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
2011/08/28 18:30:27.0266 0592	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/28 18:30:27.0297 0592	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/08/28 18:30:27.0329 0592	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/28 18:30:27.0438 0592	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
2011/08/28 18:30:27.0454 0592	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/28 18:30:27.0485 0592	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/28 18:30:27.0516 0592	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/28 18:30:27.0547 0592	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/28 18:30:27.0579 0592	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
2011/08/28 18:30:27.0610 0592	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/28 18:30:27.0657 0592	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/28 18:30:27.0672 0592	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/28 18:30:27.0704 0592	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/08/28 18:30:27.0719 0592	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
2011/08/28 18:30:27.0750 0592	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
2011/08/28 18:30:27.0766 0592	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/08/28 18:30:27.0782 0592	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
2011/08/28 18:30:27.0813 0592	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
2011/08/28 18:30:27.0844 0592	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
2011/08/28 18:30:27.0860 0592	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
2011/08/28 18:30:27.0891 0592	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/08/28 18:30:27.0907 0592	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
2011/08/28 18:30:27.0969 0592	vpnva           (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys
2011/08/28 18:30:28.0000 0592	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/28 18:30:28.0016 0592	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/08/28 18:30:28.0047 0592	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/28 18:30:28.0094 0592	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/28 18:30:28.0110 0592	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/28 18:30:28.0141 0592	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/08/28 18:30:28.0172 0592	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/28 18:30:28.0235 0592	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/28 18:30:28.0250 0592	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/08/28 18:30:28.0313 0592	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/08/28 18:30:28.0344 0592	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/28 18:30:28.0391 0592	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/28 18:30:28.0438 0592	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
2011/08/28 18:30:28.0469 0592	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/28 18:30:28.0516 0592	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/28 18:30:28.0532 0592	Boot (0x1200)   (197939a4d2e64cce3f321b1bc6143945) \Device\Harddisk0\DR0\Partition0
2011/08/28 18:30:28.0547 0592	Boot (0x1200)   (47cc9c296093b7ead16186591fbf5a13) \Device\Harddisk0\DR0\Partition1
2011/08/28 18:30:28.0563 0592	Boot (0x1200)   (ca16dfa11805c457cc2cea7931807386) \Device\Harddisk0\DR0\Partition2
2011/08/28 18:30:28.0594 0592	Boot (0x1200)   (444ed54aa1d5f452b78176daebf90acd) \Device\Harddisk0\DR0\Partition3
2011/08/28 18:30:28.0594 0592	================================================================================
2011/08/28 18:30:28.0594 0592	Scan finished
2011/08/28 18:30:28.0594 0592	================================================================================
2011/08/28 18:30:28.0610 1512	Detected object count: 0
2011/08/28 18:30:28.0610 1512	Actual detected object count: 0
         

Alt 28.08.2011, 19:45   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.08.2011, 19:40   #15
Gina86
 
Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Standard

Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM



Hallo Arne,

im Folgenden das Logfile von ComboFix:

Code:
ATTFilter
ComboFix 11-08-29.03 - Regina 29.08.2011  20:23:58.1.3 - x86
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.3327.2519 [GMT 2:00]
ausgeführt von:: c:\users\Regina\Desktop\Downloads\Trojaner-Board\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-28 bis 2011-08-29  ))))))))))))))))))))))))))))))
.
.
2011-08-29 18:27 . 2011-08-29 18:27	--------	d-----w-	c:\users\Regina\AppData\Local\temp
2011-08-29 18:27 . 2011-08-29 18:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-28 15:48 . 2011-08-28 15:48	--------	d-----w-	C:\_OTL
2011-08-27 12:09 . 2011-08-27 12:09	--------	d-----w-	c:\program files\ESET
2011-08-26 13:41 . 2011-08-26 13:41	--------	d-----w-	c:\users\Regina\AppData\Roaming\Malwarebytes
2011-08-26 13:40 . 2011-08-26 13:40	--------	d-----w-	c:\programdata\Malwarebytes
2011-08-26 13:40 . 2011-07-06 17:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-26 13:40 . 2011-08-26 13:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-08-26 13:40 . 2011-07-06 17:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-26 13:20 . 2011-08-12 02:44	7152464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{522596BD-5F31-4082-97A1-C82137C4D02A}\mpengine.dll
2011-08-25 07:25 . 2011-08-26 13:57	--------	d-----w-	c:\program files\Application Updater
2011-08-24 06:40 . 2011-07-09 04:29	2048	----a-w-	c:\windows\system32\tzres.dll
2011-08-12 12:51 . 2011-08-12 12:51	--------	d-----w-	c:\users\Regina\AppData\Roaming\Logitech
2011-08-12 12:51 . 2011-08-12 12:51	--------	d-----w-	c:\users\Regina\AppData\Roaming\Leadertech
2011-08-12 12:48 . 2009-07-20 10:25	301656	----a-w-	c:\windows\system32\BtCoreIf.dll
2011-08-12 12:48 . 2009-07-20 10:26	84496	----a-w-	c:\windows\system32\KemXML.dll
2011-08-12 12:48 . 2009-07-20 10:26	117264	----a-w-	c:\windows\system32\KemWnd.dll
2011-08-12 12:48 . 2009-07-20 10:26	145936	----a-w-	c:\windows\system32\KemUtil.dll
2011-08-12 12:48 . 2009-07-20 10:26	170512	----a-w-	c:\windows\system32\kemutb.dll
2011-08-12 12:48 . 2011-08-12 12:48	--------	d-----w-	c:\programdata\Logitech
2011-08-12 12:48 . 2011-08-12 12:50	--------	d-----w-	c:\program files\Common Files\Logishrd
2011-08-12 12:48 . 2011-08-12 12:48	--------	d-----w-	c:\program files\Logitech
2011-08-12 12:48 . 2011-08-12 12:50	--------	d-----w-	c:\programdata\LogiShrd
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-27 23:59 . 2011-06-14 06:00	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-30 21:26 . 2010-08-14 15:07	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-30 21:26 . 2010-08-14 15:07	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-11 02:29 . 2011-07-13 12:04	2334208	----a-w-	c:\windows\system32\win32k.sys
2011-06-10 20:55 . 2011-06-10 20:55	10680	----a-w-	c:\windows\system32\vpncategories.dll
2011-06-10 20:55 . 2011-06-10 20:55	30648	----a-w-	c:\windows\system32\vpnevents.dll
2011-06-10 20:42 . 2011-06-10 20:42	19192	----a-w-	c:\windows\system32\drivers\vpnva.sys
2006-05-03 10:06	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\System32\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Regina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-14 614400]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1246544]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
c:\users\Regina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\hardcopy\hardcopy.exe [2010-12-30 1727488]
Logitech . Produktregistrierung.lnk - c:\program files\Common Files\Logishrd\eReg\SetPoint\eReg.exe [2008-11-7 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-8-12 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 10:28	72208	----a-w-	c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-14 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-02 136360]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-02-23 5120]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-06-10 641464]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2009-06-17 40720]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2009-06-17 10384]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2171858933-4223678210-2926809048-1000Core.job
- c:\users\Regina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 14:51]
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2171858933-4223678210-2926809048-1000UA.job
- c:\users\Regina\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-14 14:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 81.173.194.77 194.8.194.60
FF - ProfilePath - c:\users\Regina\AppData\Roaming\Mozilla\Firefox\Profiles\fqc5nj4w.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NPSStartup - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-08-29  20:28:59
ComboFix-quarantined-files.txt  2011-08-29 18:28
.
Vor Suchlauf: 9 Verzeichnis(se), 179.842.916.352 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 179.519.873.024 Bytes frei
.
- - End Of File - - 476A41C70A95B80196803DF13BF120CA
         

Vielen Dank!

Antwort

Themen zu Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM
ahnung, anderen, anhang, antivir, dateien, entfernt, fenster, folge, gesucht, google, hallo zusammen, infiziert, log-datei, mbam, meldung, neustart, offen, rechts, regeln, seite, themen, trotz, usern, windows, zusammen, zusätzlich



Ähnliche Themen: Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM


  1. "TR/Dldr.Agent.1169920.4 in c:\windows\temp\db22.exe" & "ADWARE\InstallCore.771128 in c:\Users\Julian\Downloads\openal-2.0.7.0.exe"
    Plagegeister aller Art und deren Bekämpfung - 26.01.2015 (9)
  2. win 7 firefox langsam "keine Rückmeldung" immer wieder Meldung "ein skript auf dieser Seite ist eventuell beschädigt...."
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (11)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Windows 8.1: "tr.dropper.gen" (Avira) und "opencandy" (MBAM)
    Log-Analyse und Auswertung - 15.06.2014 (11)
  5. Windows 7: Adware/Pop-Ups durch "iminent" bzw. "Free M4a to MP3 Converter"
    Plagegeister aller Art und deren Bekämpfung - 14.04.2014 (13)
  6. "EXP/CVE-2011-3402' [exploit]" heute gefunden und (bereits länger) "Server ist ausgelastet" Meldung
    Log-Analyse und Auswertung - 17.12.2013 (3)
  7. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  8. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  9. Browser/Werbe popup, "AppsHat", MBAM Funde, nach "Schrift-Download"
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (31)
  10. Infektion "Internet Security Pro"/ "wmdefender.exe" unter Vista; Keine Erkennung mit MBAM
    Log-Analyse und Auswertung - 22.08.2013 (19)
  11. Fund gemeldet "Ravmon.exe",aber nur durch Avira und nicht durch MBAM
    Log-Analyse und Auswertung - 13.01.2013 (20)
  12. "Stutter.X,"Windows XP recovery"-Aufforderung, "Festplatte beschädigt"-Meldung, Bildschrim schwarz,
    Log-Analyse und Auswertung - 28.05.2011 (20)
  13. MBAM hat "PUP.Dealio" und Adware.WidgiToolbar" festgestellt..
    Plagegeister aller Art und deren Bekämpfung - 25.02.2011 (5)
  14. "SuperantiSpyware" erkennt "Adware.tracking cookie" kann aber das nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (21)
  15. hohe load durch prozess "system" und "explorer.exe" verbindet alleine nach russland
    Plagegeister aller Art und deren Bekämpfung - 08.12.2010 (10)
  16. gefunden: Adware.WidgiToolbar in "C:\System Volume Information\_restore..."
    Log-Analyse und Auswertung - 10.11.2010 (2)
  17. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)

Zum Thema Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM - Hallo zusammen, soeben erhielt ich eine Meldung von AntiVir, dass schädliche Dateien auf meinem PC sind ("Adware.WidgiToolbar"). Ich habe bei google gesucht und bin auf diese Seite gestoßen. Nachdem ich - Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM...
Archiv
Du betrachtest: Meldung "PUP.Dealio" und "Adware.WidgiToolbar" durch MBAM auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.