Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: http://www.searchqu.com/406

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.11.2011, 12:40   #1
Neon
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Hallo,

ich habe seit ein paar Tagen das oben genannte Problem, dass hxxp://www.searchqu.com/406 statt Google Chrome als Startseite angezeigt wird.

Ich kenne mich nicht gut mit Computern aus und hoffe, dass ich alles richtig befolgt habe.

Vielen Dank vorab schon mal für Eure Mühe!

Neon


Code:
ATTFilter
OTL logfile created on: 10.11.2011 15:48:47 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 59,77% Memory free
7,57 Gb Paging File | 6,57 Gb Available in Paging File | 86,83% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,49 Gb Total Space | 81,12 Gb Free Space | 55,37% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 68,46 Gb Free Space | 70,10% Space Free | Partition Type: NTFS
Drive F: | 160,16 Gb Total Space | 84,18 Gb Free Space | 52,56% Space Free | Partition Type: NTFS
Drive G: | 61,46 Gb Total Space | 21,66 Gb Free Space | 35,24% Space Free | Partition Type: NTFS
 
Computer Name: LULU-PC | User Name: lulu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.10 15:36:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011.11.02 11:07:18 | 001,694,096 | ---- | M] (Bandoo Media, inc) -- C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011.10.17 18:18:23 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- E:\SuperAnti Spyware\SUPERAntiSpyware.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- E:\SuperAnti Spyware\SASCore.exe
PRC - [2011.08.02 08:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.03.30 08:12:18 | 000,310,944 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2010.06.29 14:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 22:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2006.10.05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.10 15:32:49 | 000,063,488 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011.11.10 15:32:49 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011.11.08 08:16:33 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011.11.08 08:16:33 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2007.01.18 22:54:48 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- E:\SuperAnti Spyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.10 15:31:10 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{24C6437D-1BAE-426C-AE81-AA012B33468B}\MpKsl3d205333.sys -- (MpKsl3d205333)
DRV - [2011.09.23 10:45:19 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\SuperAnti Spyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\SuperAnti Spyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011.03.24 09:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.03.24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.12.17 15:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.01.18 23:03:24 | 002,314,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 5D 5E 8C 3B 3B CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lulu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lulu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.05 15:34:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.11.07 22:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lulu\AppData\Roaming\mozilla\Extensions
[2011.11.07 22:08:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lulu\AppData\Roaming\mozilla\Firefox\Profiles\7vns9mm9.default\extensions
[2011.11.07 22:08:58 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\lulu\AppData\Roaming\mozilla\Firefox\Profiles\7vns9mm9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011.11.07 22:08:50 | 000,002,519 | ---- | M] () -- C:\Users\lulu\AppData\Roaming\Mozilla\Firefox\Profiles\7vns9mm9.default\searchplugins\SearchResults.xml
[2011.11.07 22:09:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.05 18:52:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.05 18:52:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.05 14:29:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.06.16 05:33:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.07 22:08:50 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\lulu\AppData\Local\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\lulu\AppData\Local\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\lulu\AppData\Local\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\lulu\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2011.09.25 20:43:49 | 000,000,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1                   activate.adobe.com
O1 - Hosts: 127.0.0.1                   practivate.adobe.com
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] E:\SuperAnti Spyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B660F5D-83F7-4B4A-8007-DF1856FEBF0C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C48D1866-6407-480C-BBD8-58D0C8FC0237}: DhcpNameServer = 192.168.178.1
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Programme\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Programme\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (E:\SuperAnti Spyware\SASWINLO.DLL) - E:\SuperAnti Spyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: F:\***\Leben\2011\Trampolin be Mms Abiball\IMG_9655.JPG
O24 - Desktop BackupWallPaper: F:\***\Leben\2011\Trampolin be Mms Abiball\IMG_9655.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\SuperAnti Spyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\Shell - "" = AutoRun
O33 - MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.08 08:16:15 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Roaming\SUPERAntiSpyware.com
[2011.11.08 08:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.11.08 08:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.11.08 08:14:53 | 000,000,000 | ---D | C] -- C:\Users\lulu\Neuer Ordner
[2011.11.08 08:11:40 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Roaming\Malwarebytes
[2011.11.08 08:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.08 08:11:23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.07 22:12:46 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\Ilivid Player
[2011.11.07 22:09:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
[2011.11.07 22:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2011.11.07 22:07:45 | 000,000,000 | ---D | C] -- C:\Users\lulu\Ilivid Youtube
[2011.11.07 22:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011.11.07 22:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011.11.07 22:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2011.11.07 22:05:51 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\PackageAware
[2011.11.06 17:51:53 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Film
[2011.11.06 17:35:51 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Papiere die ich ständig benötige
[2011.11.05 13:02:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2011.11.05 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\downloads
[2011.11.05 08:03:36 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\*** Fotos
[2011.10.31 10:11:45 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Gedanken
[2011.10.24 22:23:28 | 000,000,000 | ---D | C] -- C:\Users\lulu\Documents\ICQ
[2011.10.23 14:41:12 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Schauspiel Unis
[2011.10.23 12:00:44 | 000,000,000 | RH-D | C] -- C:\Users\lulu\AppData\Roaming\SecuROM
[2011.10.23 11:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.10.23 11:12:01 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Roaming\Origin
[2011.10.23 11:11:59 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\Origin
[2011.10.23 11:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011.10.23 11:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2011.10.23 11:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011.10.23 11:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2011.10.21 08:09:06 | 000,000,000 | ---D | C] -- C:\Users\lulu\Documents\GameFools
[2011.10.18 10:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.10.18 10:40:32 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\MLS2
[2011.10.17 19:23:02 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Origami
[2011.10.17 16:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Games
[2011.10.14 21:29:41 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2011.10.14 08:33:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.10.14 08:33:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.10.14 08:33:22 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.10.14 08:33:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.10.14 08:33:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.10.13 21:38:45 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011.10.13 21:38:45 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011.10.13 21:38:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011.10.13 21:38:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011.10.13 21:38:43 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.10.13 21:38:31 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011.10.13 21:38:31 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.10 15:35:24 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.10 15:35:24 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.10 15:35:24 | 000,127,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.10 15:35:24 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.10 15:31:13 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.10 15:31:13 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.10 15:31:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.10 15:30:43 | 1877,131,264 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.10 15:10:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962186711-3762864419-1631889991-1000UA.job
[2011.11.09 05:23:13 | 000,022,537 | ---- | M] () -- C:\Users\lulu\Desktop\Breitz Notizen.odt
[2011.11.09 04:45:08 | 001,134,426 | ---- | M] () -- C:\Users\lulu\Desktop\Candice Breitz.odp
[2011.11.08 23:26:15 | 000,010,923 | ---- | M] () -- C:\Users\lulu\Desktop\teufel_pakt_fluch.gif
[2011.11.08 23:23:40 | 000,582,392 | ---- | M] () -- C:\Users\lulu\Desktop\Brunnenvergiftung.jpg
[2011.11.08 22:10:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962186711-3762864419-1631889991-1000Core.job
[2011.11.08 21:40:13 | 000,743,593 | ---- | M] () -- C:\Users\lulu\Desktop\Juden.odt
[2011.11.08 10:02:35 | 000,112,658 | ---- | M] () -- C:\Users\lulu\Desktop\Versuch_Kugelschanze_Kurz.pdf
[2011.11.08 08:15:27 | 000,000,660 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.07 22:19:26 | 000,012,288 | ---- | M] () -- C:\Users\lulu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.07 22:09:21 | 000,000,535 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2011.11.07 19:25:36 | 000,486,942 | ---- | M] () -- C:\Users\lulu\Desktop\Einleitungsskript.pdf
[2011.11.07 19:25:24 | 000,046,325 | ---- | M] () -- C:\Users\lulu\Desktop\Deixis 1 (Märländer, Person, Thierfelder).pdf
[2011.11.07 19:25:14 | 000,137,274 | ---- | M] () -- C:\Users\lulu\Desktop\print.pdf
[2011.11.06 17:50:05 | 000,891,567 | ---- | M] () -- C:\Users\lulu\Desktop\IMG_0879.jpg
[2011.11.06 17:49:00 | 000,950,024 | ---- | M] () -- C:\Users\lulu\Desktop\DSC_7833.jpg
[2011.11.06 17:48:11 | 001,255,049 | ---- | M] () -- C:\Users\lulu\Desktop\DSC_8312.jpg
[2011.11.06 17:47:58 | 001,510,198 | ---- | M] () -- C:\Users\lulu\Desktop\DSC_8349.jpg
[2011.11.06 17:47:23 | 001,670,767 | ---- | M] () -- C:\Users\lulu\Desktop\*** (278 von 996).jpg
[2011.11.06 17:47:08 | 003,037,418 | ---- | M] () -- C:\Users\lulu\Desktop\*** (342 von 996).jpg
[2011.11.06 17:46:51 | 001,688,215 | ---- | M] () -- C:\Users\lulu\Desktop\*** (511 von 996).jpg
[2011.11.06 17:46:37 | 002,944,042 | ---- | M] () -- C:\Users\lulu\Desktop\*** (565 von 996).jpg
[2011.11.06 17:46:11 | 001,905,957 | ---- | M] () -- C:\Users\lulu\Desktop\*** (607 von 996).jpg
[2011.11.06 17:45:27 | 001,590,358 | ---- | M] () -- C:\Users\lulu\Desktop\*** (755 von 996).jpg
[2011.11.06 17:16:09 | 000,145,744 | ---- | M] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642 (1).jpg
[2011.11.06 17:16:01 | 000,145,744 | ---- | M] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642.jpg
[2011.11.05 18:31:14 | 000,000,734 | ---- | M] () -- C:\Users\lulu\Desktop\81F.gif
[2011.11.05 18:31:14 | 000,000,642 | ---- | M] () -- C:\Users\lulu\Desktop\B60.gif
[2011.11.05 18:31:14 | 000,000,108 | ---- | M] () -- C:\Users\lulu\Desktop\4B0.gif
[2011.11.05 17:21:01 | 000,019,146 | ---- | M] () -- C:\Users\lulu\Desktop\Unbenannt 1.odt
[2011.11.05 14:41:48 | 001,111,474 | ---- | M] () -- C:\Users\lulu\Desktop\LogikundKonversation.pdf
[2011.11.05 10:20:34 | 022,367,754 | ---- | M] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (5).zip
[2011.11.05 10:19:57 | 009,608,300 | ---- | M] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (4).zip
[2011.11.05 10:19:33 | 005,665,181 | ---- | M] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (3).zip
[2011.11.05 10:19:03 | 005,500,573 | ---- | M] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (2).zip
[2011.11.05 10:18:44 | 003,878,787 | ---- | M] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (1).zip
[2011.11.05 10:18:12 | 021,771,789 | ---- | M] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5.zip
[2011.11.05 08:51:20 | 005,022,579 | ---- | M] () -- C:\Users\lulu\Desktop\IMG_7909.JPG
[2011.11.05 08:51:18 | 005,210,022 | ---- | M] () -- C:\Users\lulu\Desktop\IMG_7936.JPG
[2011.11.05 08:49:46 | 000,069,388 | ---- | M] () -- C:\Users\lulu\Desktop\b5ce6e8d4b79a34af84fbc3faba4325b126918436983383475.jpg
[2011.11.05 08:49:36 | 000,100,344 | ---- | M] () -- C:\Users\lulu\Desktop\121323692dbb6cda80ee739653d5e699126908570715175424.jpg
[2011.11.05 08:49:16 | 000,063,129 | ---- | M] () -- C:\Users\lulu\Desktop\b244136bb8dff16d43ce9f81aebeadc3126933148078562750.jpg
[2011.11.05 08:48:50 | 000,113,617 | ---- | M] () -- C:\Users\lulu\Desktop\e0165e55f75d9eca73e02503b1d4d45c127006316943486172.jpg
[2011.11.05 08:46:41 | 000,151,791 | ---- | M] () -- C:\Users\lulu\Desktop\f85bb052d8934eccf1f5fd81fd378f63129339342012131702.jpg
[2011.11.05 08:46:19 | 000,094,876 | ---- | M] () -- C:\Users\lulu\Desktop\9ab20919f4ceab2f353dafb77a643b32127124482953425653.jpg
[2011.11.05 08:46:15 | 000,142,035 | ---- | M] () -- C:\Users\lulu\Desktop\b2ad0541f378835d9f507a43f3f0daf0127006355916485132.jpg
[2011.11.05 08:46:10 | 000,159,426 | ---- | M] () -- C:\Users\lulu\Desktop\075f9c815579baed160304d76fc780a7128709169438097924.jpg
[2011.11.05 08:45:50 | 000,084,944 | ---- | M] () -- C:\Users\lulu\Desktop\150e3ddf598ba7cc414427535ec4827e127133340786705684.jpg
[2011.11.04 22:53:19 | 000,210,025 | ---- | M] () -- C:\Users\lulu\Desktop\ansp-2.jpg
[2011.11.04 22:51:49 | 000,132,037 | ---- | M] () -- C:\Users\lulu\Desktop\anba.jpg
[2011.11.04 20:45:14 | 000,000,806 | ---- | M] () -- C:\Users\lulu\Desktop\Die Sims 3 - Verknüpfung.lnk
[2011.11.03 10:51:48 | 000,097,151 | ---- | M] () -- C:\Users\lulu\Desktop\wasp.pdf
[2011.11.02 23:35:25 | 000,036,730 | ---- | M] () -- C:\Users\lulu\Desktop\OpenDocument Text (neu).odt
[2011.10.23 17:56:45 | 000,279,295 | ---- | M] () -- C:\Users\lulu\Desktop\Fotografie Studieren.rtf
[2011.10.17 19:52:59 | 000,025,852 | ---- | M] () -- C:\Users\lulu\Desktop\Böll - Ansichten eines Clowns.odt
[2011.10.14 21:40:35 | 000,099,781 | ---- | M] () -- C:\Windows\War3Unin.dat
[2011.10.14 21:33:17 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2011.10.14 21:33:17 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[2011.10.14 12:57:44 | 003,614,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.11.09 04:51:40 | 000,022,537 | ---- | C] () -- C:\Users\lulu\Desktop\Breitz Notizen.odt
[2011.11.09 03:05:19 | 001,134,426 | ---- | C] () -- C:\Users\lulu\Desktop\Candice Breitz.odp
[2011.11.08 23:26:17 | 000,010,923 | ---- | C] () -- C:\Users\lulu\Desktop\teufel_pakt_fluch.gif
[2011.11.08 23:23:51 | 000,582,392 | ---- | C] () -- C:\Users\lulu\Desktop\Brunnenvergiftung.jpg
[2011.11.08 10:02:40 | 000,112,658 | ---- | C] () -- C:\Users\lulu\Desktop\Versuch_Kugelschanze_Kurz.pdf
[2011.11.08 08:15:27 | 000,000,660 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.07 22:09:21 | 000,000,535 | ---- | C] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2011.11.07 21:39:35 | 000,743,593 | ---- | C] () -- C:\Users\lulu\Desktop\Juden.odt
[2011.11.07 19:25:39 | 000,486,942 | ---- | C] () -- C:\Users\lulu\Desktop\Einleitungsskript.pdf
[2011.11.07 19:25:27 | 000,046,325 | ---- | C] () -- C:\Users\lulu\Desktop\Deixis 1 (Märländer, Person, Thierfelder).pdf
[2011.11.07 19:25:18 | 000,137,274 | ---- | C] () -- C:\Users\lulu\Desktop\print.pdf
[2011.11.06 17:50:04 | 000,891,567 | ---- | C] () -- C:\Users\lulu\Desktop\IMG_0879.jpg
[2011.11.06 17:48:57 | 000,950,024 | ---- | C] () -- C:\Users\lulu\Desktop\DSC_7833.jpg
[2011.11.06 17:48:08 | 001,255,049 | ---- | C] () -- C:\Users\lulu\Desktop\DSC_8312.jpg
[2011.11.06 17:47:55 | 001,510,198 | ---- | C] () -- C:\Users\lulu\Desktop\DSC_8349.jpg
[2011.11.06 17:47:21 | 001,670,767 | ---- | C] () -- C:\Users\lulu\Desktop\*** (278 von 996).jpg
[2011.11.06 17:47:06 | 003,037,418 | ---- | C] () -- C:\Users\lulu\Desktop\*** (342 von 996).jpg
[2011.11.06 17:46:49 | 001,688,215 | ---- | C] () -- C:\Users\lulu\Desktop\*** (511 von 996).jpg
[2011.11.06 17:46:35 | 002,944,042 | ---- | C] () -- C:\Users\lulu\Desktop\*** (565 von 996).jpg
[2011.11.06 17:46:07 | 001,905,957 | ---- | C] () -- C:\Users\lulu\Desktop\*** (607 von 996).jpg
[2011.11.06 17:45:25 | 001,590,358 | ---- | C] () -- C:\Users\lulu\Desktop\*** (755 von 996).jpg
[2011.11.06 17:16:10 | 000,145,744 | ---- | C] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642 (1).jpg
[2011.11.06 17:16:04 | 000,145,744 | ---- | C] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642.jpg
[2011.11.05 19:31:37 | 000,000,734 | ---- | C] () -- C:\Users\lulu\Desktop\81F.gif
[2011.11.05 19:31:37 | 000,000,642 | ---- | C] () -- C:\Users\lulu\Desktop\B60.gif
[2011.11.05 19:31:37 | 000,000,108 | ---- | C] () -- C:\Users\lulu\Desktop\4B0.gif
[2011.11.05 17:20:59 | 000,019,146 | ---- | C] () -- C:\Users\lulu\Desktop\Unbenannt 1.odt
[2011.11.05 14:41:51 | 001,111,474 | ---- | C] () -- C:\Users\lulu\Desktop\LogikundKonversation.pdf
[2011.11.05 10:20:20 | 022,367,754 | ---- | C] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (5).zip
[2011.11.05 10:19:47 | 009,608,300 | ---- | C] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (4).zip
[2011.11.05 10:19:27 | 005,665,181 | ---- | C] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (3).zip
[2011.11.05 10:18:58 | 005,500,573 | ---- | C] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (2).zip
[2011.11.05 10:18:40 | 003,878,787 | ---- | C] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5 (1).zip
[2011.11.05 10:17:58 | 021,771,789 | ---- | C] () -- C:\Users\lulu\Desktop\Attachments_2011_11_5.zip
[2011.11.05 09:53:38 | 005,022,579 | ---- | C] () -- C:\Users\lulu\Desktop\IMG_7909.JPG
[2011.11.05 09:53:37 | 005,210,022 | ---- | C] () -- C:\Users\lulu\Desktop\IMG_7936.JPG
[2011.11.05 08:49:47 | 000,069,388 | ---- | C] () -- C:\Users\lulu\Desktop\b5ce6e8d4b79a34af84fbc3faba4325b126918436983383475.jpg
[2011.11.05 08:49:37 | 000,100,344 | ---- | C] () -- C:\Users\lulu\Desktop\121323692dbb6cda80ee739653d5e699126908570715175424.jpg
[2011.11.05 08:49:17 | 000,063,129 | ---- | C] () -- C:\Users\lulu\Desktop\b244136bb8dff16d43ce9f81aebeadc3126933148078562750.jpg
[2011.11.05 08:48:51 | 000,113,617 | ---- | C] () -- C:\Users\lulu\Desktop\e0165e55f75d9eca73e02503b1d4d45c127006316943486172.jpg
[2011.11.05 08:46:42 | 000,151,791 | ---- | C] () -- C:\Users\lulu\Desktop\f85bb052d8934eccf1f5fd81fd378f63129339342012131702.jpg
[2011.11.05 08:46:20 | 000,094,876 | ---- | C] () -- C:\Users\lulu\Desktop\9ab20919f4ceab2f353dafb77a643b32127124482953425653.jpg
[2011.11.05 08:46:16 | 000,142,035 | ---- | C] () -- C:\Users\lulu\Desktop\b2ad0541f378835d9f507a43f3f0daf0127006355916485132.jpg
[2011.11.05 08:46:11 | 000,159,426 | ---- | C] () -- C:\Users\lulu\Desktop\075f9c815579baed160304d76fc780a7128709169438097924.jpg
[2011.11.05 08:45:56 | 000,084,944 | ---- | C] () -- C:\Users\lulu\Desktop\150e3ddf598ba7cc414427535ec4827e127133340786705684.jpg
[2011.11.05 08:04:50 | 001,039,024 | ---- | C] () -- C:\Users\lulu\Desktop\*** (23 von 996).jpg
[2011.11.04 22:53:20 | 000,210,025 | ---- | C] () -- C:\Users\lulu\Desktop\ansp-2.jpg
[2011.11.04 22:51:54 | 000,132,037 | ---- | C] () -- C:\Users\lulu\Desktop\anba.jpg
[2011.11.04 20:45:14 | 000,000,806 | ---- | C] () -- C:\Users\lulu\Desktop\Die Sims 3 - Verknüpfung.lnk
[2011.11.03 10:51:54 | 000,097,151 | ---- | C] () -- C:\Users\lulu\Desktop\wasp.pdf
[2011.11.03 00:13:26 | 000,066,459 | ---- | C] () -- C:\Users\lulu\Desktop\AB-Kirchner-Selbstbildnis.pdf
[2011.11.03 00:13:26 | 000,029,630 | ---- | C] () -- C:\Users\lulu\Desktop\AB-Entartete Kunst.rtf
[2011.11.02 21:58:19 | 000,036,730 | ---- | C] () -- C:\Users\lulu\Desktop\OpenDocument Text (neu).odt
[2011.10.23 17:06:13 | 000,279,295 | ---- | C] () -- C:\Users\lulu\Desktop\Fotografie Studieren.rtf
[2011.10.17 19:47:02 | 000,025,852 | ---- | C] () -- C:\Users\lulu\Desktop\Böll - Ansichten eines Clowns.odt
[2011.10.14 21:29:41 | 000,099,781 | ---- | C] () -- C:\Windows\War3Unin.dat
[2011.10.14 21:29:41 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif
[2011.07.08 20:00:10 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.07.08 20:00:09 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.07.08 20:00:09 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.07.08 20:00:09 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.07.08 20:00:09 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.07.05 18:56:00 | 000,012,288 | ---- | C] () -- C:\Users\lulu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.05 17:12:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.07.05 17:12:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.07.05 17:12:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.07.05 11:35:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.01.13 11:42:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2006.11.02 16:33:31 | 000,630,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,127,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 003,614,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
         

Alt 11.11.2011, 18:10   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 13.11.2011, 08:15   #3
Neon
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Hi Arne,

vielen Dank für die schnelle Antwort!

Ich bin nun ziemlich sicher, woher dieses Searchqu kommt. Eine Kommilitonin von mir hat das nämlich auch; wir haben uns eine Software auf Verweis unserer Dozentin heruntergeladen. Da diese es empfohlen hat, habe ich nicht daran gedacht, dass die Software illegal sein könnte und habe mich auch nicht darüber informiert. Das Programm heißt ilivid. Ich habe es gestern deinstalliert.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cb65bb72bd9a8347af0012ec674c99b0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-12 05:31:39
# local_time=2011-11-12 06:31:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 11232053 158648221 0 0
# compatibility_mode=8192 67108863 100 0 27638 27638 0 0
# scanned=134788
# found=0
# cleaned=0
# scan_time=3605
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cb65bb72bd9a8347af0012ec674c99b0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-12 07:01:34
# local_time=2011-11-12 08:01:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 11240680 158656848 0 0
# compatibility_mode=8192 67108863 100 0 36265 36265 0 0
# scanned=14453
# found=0
# cleaned=0
# scan_time=374
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cb65bb72bd9a8347af0012ec674c99b0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-12 09:17:05
# local_time=2011-11-12 10:17:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 11241121 158657289 0 0
# compatibility_mode=8192 67108863 100 0 36706 36706 0 0
# scanned=187926
# found=0
# cleaned=0
# scan_time=8063
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cb65bb72bd9a8347af0012ec674c99b0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-13 06:28:43
# local_time=2011-11-13 07:28:43 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 11264141 158680309 0 0
# compatibility_mode=8192 67108863 100 0 59726 59726 0 0
# scanned=253981
# found=0
# cleaned=0
# scan_time=18141
         
__________________
Angehängte Dateien
Dateityp: txt mbam-log-2011-11-08 (09-45-15).txt (1,4 KB, 181x aufgerufen)
Dateityp: txt mbam-log-2011-11-13 (00-30-24).txt (1,1 KB, 165x aufgerufen)

Alt 14.11.2011, 11:28   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.11.2011, 16:09   #5
Neon
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Code:
ATTFilter
OTL logfile created on: 15.11.2011 16:39:19 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = E:\
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,04% Memory free
7,57 Gb Paging File | 6,68 Gb Available in Paging File | 88,25% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,49 Gb Total Space | 81,12 Gb Free Space | 55,38% Space Free | Partition Type: NTFS
Drive E: | 97,65 Gb Total Space | 68,49 Gb Free Space | 70,14% Space Free | Partition Type: NTFS
Drive F: | 160,16 Gb Total Space | 79,30 Gb Free Space | 49,51% Space Free | Partition Type: NTFS
Drive G: | 61,46 Gb Total Space | 21,86 Gb Free Space | 35,56% Space Free | Partition Type: NTFS
 
Computer Name: LULU-PC | User Name: lulu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.10 15:36:25 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- E:\SuperAnti Spyware\SASCore.exe
PRC - [2011.06.15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010.06.29 14:15:18 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\Windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2009.04.10 22:28:16 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 22:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2006.10.05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.08.12 00:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- E:\SuperAnti Spyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.11.15 16:34:04 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{37E5BD1E-5618-4953-8F7D-5212E802D1BD}\MpKsl5ad63156.sys -- (MpKsl5ad63156)
DRV - [2011.09.23 10:45:19 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\SuperAnti Spyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- E:\SuperAnti Spyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.04.27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011.03.24 09:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011.03.24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.12.17 15:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.01.18 23:03:24 | 002,314,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 5D 5E 8C 3B 3B CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="
 
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\lulu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\lulu\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.05 15:34:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.11.12 08:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lulu\AppData\Roaming\mozilla\Extensions
[2011.11.12 08:27:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\lulu\AppData\Roaming\mozilla\Firefox\Profiles\7vns9mm9.default\extensions
[2011.11.07 22:08:50 | 000,002,519 | ---- | M] () -- C:\Users\lulu\AppData\Roaming\Mozilla\Firefox\Profiles\7vns9mm9.default\searchplugins\SearchResults.xml
[2011.11.12 08:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.05 18:52:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.05 18:52:45 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.07.05 14:29:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.06.16 05:33:48 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.07 22:08:50 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\lulu\AppData\Local\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\lulu\AppData\Local\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\lulu\AppData\Local\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\lulu\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2011.09.25 20:43:49 | 000,000,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1                   activate.adobe.com
O1 - Hosts: 127.0.0.1                   practivate.adobe.com
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] E:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] E:\SuperAnti Spyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B660F5D-83F7-4B4A-8007-DF1856FEBF0C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C48D1866-6407-480C-BBD8-58D0C8FC0237}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (E:\SuperAnti Spyware\SASWINLO.DLL) - E:\SuperAnti Spyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: F:\***\Leben\2011\Trampolin be Mms Abiball\IMG_9655.JPG
O24 - Desktop BackupWallPaper: F:\***\Leben\2011\Trampolin be Mms Abiball\IMG_9655.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - E:\SuperAnti Spyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\Shell - "" = AutoRun
O33 - MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: !SASCORE - E:\SuperAnti Spyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: !SASCORE - E:\SuperAnti Spyware\SASCORE.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.12 10:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.11.11 13:13:00 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Trojanerboard
[2011.11.08 08:16:15 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Roaming\SUPERAntiSpyware.com
[2011.11.08 08:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.11.08 08:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.11.08 08:14:53 | 000,000,000 | ---D | C] -- C:\Users\lulu\Neuer Ordner
[2011.11.08 08:11:40 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Roaming\Malwarebytes
[2011.11.08 08:11:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.08 08:11:23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.11.07 22:12:46 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\Ilivid Player
[2011.11.07 22:07:45 | 000,000,000 | ---D | C] -- C:\Users\lulu\Ilivid Youtube
[2011.11.07 22:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011.11.07 22:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011.11.07 22:05:51 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\PackageAware
[2011.11.06 17:51:53 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Film
[2011.11.06 17:35:51 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Papiere die ich ständig benötige
[2011.11.05 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\downloads
[2011.11.05 08:03:36 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\*** Fotos
[2011.10.31 10:11:45 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Gedanken
[2011.10.24 22:23:28 | 000,000,000 | ---D | C] -- C:\Users\lulu\Documents\ICQ
[2011.10.23 14:41:12 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Schauspiel Unis
[2011.10.23 12:00:44 | 000,000,000 | RH-D | C] -- C:\Users\lulu\AppData\Roaming\SecuROM
[2011.10.23 11:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2011.10.23 11:12:01 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Roaming\Origin
[2011.10.23 11:11:59 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\Origin
[2011.10.23 11:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2011.10.23 11:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2011.10.23 11:11:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2011.10.23 11:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2011.10.18 10:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.10.18 10:40:32 | 000,000,000 | ---D | C] -- C:\Users\lulu\AppData\Local\MLS2
[2011.10.17 19:23:02 | 000,000,000 | ---D | C] -- C:\Users\lulu\Desktop\Origami


========== Files - Modified Within 30 Days ==========
 
[2011.11.15 16:40:03 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.15 16:40:03 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.15 16:40:03 | 000,127,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.15 16:40:03 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.15 16:34:05 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 16:34:05 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.15 16:33:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.15 16:33:55 | 1877,131,264 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.14 10:10:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962186711-3762864419-1631889991-1000UA.job
[2011.11.14 08:44:51 | 016,993,239 | ---- | M] () -- C:\Users\lulu\Desktop\kunsterziehung im nationalsozialismus.odp
[2011.11.14 08:39:26 | 000,028,161 | ---- | M] () -- C:\Users\lulu\Desktop\T Teil Ns-Zeit.odt
[2011.11.13 22:44:43 | 000,021,909 | ---- | M] () -- C:\Users\lulu\Documents\Deutsche Kultur.odt
[2011.11.13 22:10:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-962186711-3762864419-1631889991-1000Core.job
[2011.11.13 20:46:44 | 000,378,970 | ---- | M] () -- C:\Users\lulu\Desktop\11522657.jpg
[2011.11.13 20:46:41 | 000,118,184 | ---- | M] () -- C:\Users\lulu\Desktop\Alte_Pinakothek.jpg
[2011.11.13 20:21:09 | 000,043,546 | ---- | M] () -- C:\Users\lulu\Desktop\Wikis NS.odt
[2011.11.13 20:19:08 | 000,402,842 | ---- | M] () -- C:\Users\lulu\Desktop\berufsbeamtentum_33.jpg
[2011.11.13 01:29:24 | 000,038,758 | ---- | M] () -- C:\Users\lulu\Documents\Fotografie Selbststudium.odt
[2011.11.13 01:24:06 | 000,019,949 | ---- | M] () -- C:\Users\lulu\Desktop\Polaroid Lochkamera basteln.odt
[2011.11.13 01:15:11 | 000,040,792 | ---- | M] () -- C:\Users\lulu\Desktop\Lochkamera.odt
[2011.11.13 00:56:07 | 000,081,906 | ---- | M] () -- C:\Users\lulu\Desktop\Foucault_AndereRaeume.pdf
[2011.11.09 05:23:13 | 000,022,537 | ---- | M] () -- C:\Users\lulu\Desktop\Breitz Notizen.odt
[2011.11.09 04:45:08 | 001,134,426 | ---- | M] () -- C:\Users\lulu\Desktop\Candice Breitz.odp
[2011.11.08 23:26:15 | 000,010,923 | ---- | M] () -- C:\Users\lulu\Desktop\teufel_pakt_fluch.gif
[2011.11.08 23:23:40 | 000,582,392 | ---- | M] () -- C:\Users\lulu\Desktop\Brunnenvergiftung.jpg
[2011.11.08 21:40:13 | 000,743,593 | ---- | M] () -- C:\Users\lulu\Desktop\Juden.odt
[2011.11.08 10:02:35 | 000,112,658 | ---- | M] () -- C:\Users\lulu\Desktop\Versuch_Kugelschanze_Kurz.pdf
[2011.11.08 08:15:27 | 000,000,660 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.07 22:19:26 | 000,012,288 | ---- | M] () -- C:\Users\lulu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.07 19:25:36 | 000,486,942 | ---- | M] () -- C:\Users\lulu\Desktop\Einleitungsskript.pdf
[2011.11.07 19:25:24 | 000,046,325 | ---- | M] () -- C:\Users\lulu\Desktop\Deixis 1 (Märländer, Person, Thierfelder).pdf
[2011.11.07 19:25:14 | 000,137,274 | ---- | M] () -- C:\Users\lulu\Desktop\print.pdf
[2011.11.06 17:50:05 | 000,891,567 | ---- | M] () -- C:\Users\lulu\Desktop\IMG_0879.jpg
[2011.11.06 17:16:09 | 000,145,744 | ---- | M] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642 (1).jpg
[2011.11.06 17:16:01 | 000,145,744 | ---- | M] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642.jpg
[2011.11.05 18:31:14 | 000,000,734 | ---- | M] () -- C:\Users\lulu\Desktop\81F.gif
[2011.11.05 18:31:14 | 000,000,642 | ---- | M] () -- C:\Users\lulu\Desktop\B60.gif
[2011.11.05 18:31:14 | 000,000,108 | ---- | M] () -- C:\Users\lulu\Desktop\4B0.gif
[2011.11.05 17:21:01 | 000,019,146 | ---- | M] () -- C:\Users\lulu\Desktop\Unbenannt 1.odt
[2011.11.05 14:41:48 | 001,111,474 | ---- | M] () -- C:\Users\lulu\Desktop\LogikundKonversation.pdf
[2011.11.04 22:53:19 | 000,210,025 | ---- | M] () -- C:\Users\lulu\Desktop\ansp-2.jpg
[2011.11.04 22:51:49 | 000,132,037 | ---- | M] () -- C:\Users\lulu\Desktop\anba.jpg
[2011.11.04 20:45:14 | 000,000,806 | ---- | M] () -- C:\Users\lulu\Desktop\Die Sims 3 - Verknüpfung.lnk
[2011.11.03 10:51:48 | 000,097,151 | ---- | M] () -- C:\Users\lulu\Desktop\wasp.pdf
[2011.11.02 23:35:25 | 000,036,730 | ---- | M] () -- C:\Users\lulu\Desktop\OpenDocument Text (neu).odt
[2011.10.23 17:56:45 | 000,279,295 | ---- | M] () -- C:\Users\lulu\Desktop\Fotografie Studieren.rtf
[2011.10.17 19:52:59 | 000,025,852 | ---- | M] () -- C:\Users\lulu\Desktop\Böll - Ansichten eines Clowns.odt
 
========== Files Created - No Company Name ==========
 
[2011.11.13 22:44:41 | 000,021,909 | ---- | C] () -- C:\Users\lulu\Documents\Deutsche Kultur.odt
[2011.11.13 20:46:45 | 000,378,970 | ---- | C] () -- C:\Users\lulu\Desktop\11522657.jpg
[2011.11.13 20:46:42 | 000,118,184 | ---- | C] () -- C:\Users\lulu\Desktop\Alte_Pinakothek.jpg
[2011.11.13 20:21:07 | 000,043,546 | ---- | C] () -- C:\Users\lulu\Desktop\Wikis NS.odt
[2011.11.13 20:19:11 | 000,402,842 | ---- | C] () -- C:\Users\lulu\Desktop\berufsbeamtentum_33.jpg
[2011.11.13 19:35:08 | 000,028,161 | ---- | C] () -- C:\Users\lulu\Desktop\T Teil Ns-Zeit.odt
[2011.11.13 01:29:21 | 000,038,758 | ---- | C] () -- C:\Users\lulu\Documents\Fotografie Selbststudium.odt
[2011.11.13 01:24:05 | 000,019,949 | ---- | C] () -- C:\Users\lulu\Desktop\Polaroid Lochkamera basteln.odt
[2011.11.13 01:15:08 | 000,040,792 | ---- | C] () -- C:\Users\lulu\Desktop\Lochkamera.odt
[2011.11.13 00:56:11 | 000,081,906 | ---- | C] () -- C:\Users\lulu\Desktop\Foucault_AndereRaeume.pdf
[2011.11.12 14:38:03 | 016,993,239 | ---- | C] () -- C:\Users\lulu\Desktop\kunsterziehung im nationalsozialismus.odp
[2011.11.11 10:06:08 | 005,526,715 | ---- | C] () -- C:\Users\lulu\Desktop\Herrengarten_love_page.jpg
[2011.11.11 10:06:08 | 003,479,711 | ---- | C] () -- C:\Users\lulu\Desktop\Waldliebes_und_sunita tributepage.jpg
[2011.11.11 10:06:08 | 002,257,163 | ---- | C] () -- C:\Users\lulu\Desktop\sunitatribute.jpg
[2011.11.11 10:06:08 | 000,831,654 | ---- | C] () -- C:\Users\lulu\Desktop\sunita_partey_allnight_usa_small.jpg
[2011.11.09 04:51:40 | 000,022,537 | ---- | C] () -- C:\Users\lulu\Desktop\Breitz Notizen.odt
[2011.11.09 03:05:19 | 001,134,426 | ---- | C] () -- C:\Users\lulu\Desktop\Candice Breitz.odp
[2011.11.08 23:26:17 | 000,010,923 | ---- | C] () -- C:\Users\lulu\Desktop\teufel_pakt_fluch.gif
[2011.11.08 23:23:51 | 000,582,392 | ---- | C] () -- C:\Users\lulu\Desktop\Brunnenvergiftung.jpg
[2011.11.08 10:02:40 | 000,112,658 | ---- | C] () -- C:\Users\lulu\Desktop\Versuch_Kugelschanze_Kurz.pdf
[2011.11.08 08:15:27 | 000,000,660 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.11.07 21:39:35 | 000,743,593 | ---- | C] () -- C:\Users\lulu\Desktop\Juden.odt
[2011.11.07 19:25:39 | 000,486,942 | ---- | C] () -- C:\Users\lulu\Desktop\Einleitungsskript.pdf
[2011.11.07 19:25:27 | 000,046,325 | ---- | C] () -- C:\Users\lulu\Desktop\Deixis 1 (Märländer, Person, Thierfelder).pdf
[2011.11.07 19:25:18 | 000,137,274 | ---- | C] () -- C:\Users\lulu\Desktop\print.pdf
[2011.11.06 17:50:04 | 000,891,567 | ---- | C] () -- C:\Users\lulu\Desktop\IMG_0879.jpg
[2011.11.06 17:16:10 | 000,145,744 | ---- | C] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642 (1).jpg
[2011.11.06 17:16:04 | 000,145,744 | ---- | C] () -- C:\Users\lulu\Desktop\202904cfbb6ebd0d5156ee644fa60ba3126727760317988642.jpg
[2011.11.05 19:31:37 | 000,000,734 | ---- | C] () -- C:\Users\lulu\Desktop\81F.gif
[2011.11.05 19:31:37 | 000,000,642 | ---- | C] () -- C:\Users\lulu\Desktop\B60.gif
[2011.11.05 19:31:37 | 000,000,108 | ---- | C] () -- C:\Users\lulu\Desktop\4B0.gif
[2011.11.05 17:20:59 | 000,019,146 | ---- | C] () -- C:\Users\lulu\Desktop\Unbenannt 1.odt
[2011.11.05 14:41:51 | 001,111,474 | ---- | C] () -- C:\Users\lulu\Desktop\LogikundKonversation.pdf
[2011.11.04 22:53:20 | 000,210,025 | ---- | C] () -- C:\Users\lulu\Desktop\ansp-2.jpg
[2011.11.04 22:51:54 | 000,132,037 | ---- | C] () -- C:\Users\lulu\Desktop\anba.jpg
[2011.11.04 20:45:14 | 000,000,806 | ---- | C] () -- C:\Users\lulu\Desktop\Die Sims 3 - Verknüpfung.lnk
[2011.11.03 10:51:54 | 000,097,151 | ---- | C] () -- C:\Users\lulu\Desktop\wasp.pdf
[2011.11.03 00:13:26 | 000,066,459 | ---- | C] () -- C:\Users\lulu\Desktop\AB-Kirchner-Selbstbildnis.pdf
[2011.11.03 00:13:26 | 000,029,630 | ---- | C] () -- C:\Users\lulu\Desktop\AB-Entartete Kunst.rtf
[2011.11.02 21:58:19 | 000,036,730 | ---- | C] () -- C:\Users\lulu\Desktop\OpenDocument Text (neu).odt
[2011.10.23 17:06:13 | 000,279,295 | ---- | C] () -- C:\Users\lulu\Desktop\Fotografie Studieren.rtf
[2011.10.17 19:47:02 | 000,025,852 | ---- | C] () -- C:\Users\lulu\Desktop\Böll - Ansichten eines Clowns.odt
[2011.07.08 20:00:10 | 000,018,048 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011.07.08 20:00:09 | 002,340,992 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011.07.08 20:00:09 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011.07.08 20:00:09 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011.07.08 20:00:09 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011.07.05 18:56:00 | 000,012,288 | ---- | C] () -- C:\Users\lulu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.05 17:12:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.07.05 17:12:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.07.05 17:12:01 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.07.05 11:35:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.01.13 11:42:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2006.11.02 16:33:31 | 000,630,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,127,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 003,614,792 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.10.14 09:17:46 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Be a King 2
[2011.08.01 08:16:25 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.07.31 15:54:58 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.09.23 10:46:03 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\DAEMON Tools Lite
[2011.11.10 10:28:33 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Dropbox
[2011.08.09 10:56:42 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Gamelab
[2011.11.13 23:40:01 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\ICQ
[2011.07.08 22:10:52 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\IrfanView
[2011.07.05 18:48:52 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\LibreOffice
[2011.10.23 11:12:38 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Origin
[2011.07.31 14:05:02 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\PhotoScape
[2011.11.14 10:15:17 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.06 17:50:33 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Adobe
[2011.08.01 08:16:25 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.07.31 15:54:58 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.09.23 10:46:03 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\DAEMON Tools Lite
[2011.11.10 10:28:33 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Dropbox
[2011.11.13 23:40:01 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\ICQ
[2011.07.05 11:46:35 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Identities
[2011.07.08 22:10:52 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\IrfanView
[2011.07.05 18:48:52 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\LibreOffice
[2011.07.08 21:49:38 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Macromedia
[2011.11.08 08:11:40 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Media Center Programs
[2011.08.24 17:28:19 | 000,000,000 | --SD | M] -- C:\Users\lulu\AppData\Roaming\Microsoft
[2011.07.05 15:34:44 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Mozilla
[2011.07.31 14:05:02 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\PhotoScape
[2011.10.23 12:00:44 | 000,000,000 | RH-D | M] -- C:\Users\lulu\AppData\Roaming\SecuROM
[2011.11.11 17:00:01 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\Skype
[2011.11.08 08:16:15 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\SUPERAntiSpyware.com
[2011.09.30 02:28:16 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\vlc
[2011.09.23 10:37:07 | 000,000,000 | ---D | M] -- C:\Users\lulu\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.09.02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\lulu\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.09.02 01:42:12 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\lulu\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.07.31 15:53:52 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\lulu\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.08.24 17:28:19 | 000,010,134 | R--- | M] () -- C:\Users\lulu\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008.01.18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.01.03 12:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007.01.03 12:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007.01.03 12:26:20 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008.01.19 06:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011.07.05 14:30:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011.07.05 14:30:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.01.19 05:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\SoftwareDistribution\Download\c0a17eb89d8e2d806cdee4a2d05890b4\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2011.07.05 14:30:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2008.01.18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2008.01.18 22:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
[2008.01.18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008.01.18 22:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.02.15 05:05:25 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\SoftwareDistribution\Download\15884d02a70b05388dbf592ea5ae20b8\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2011.07.05 12:51:01 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.02.15 05:06:38 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\SoftwareDistribution\Download\15884d02a70b05388dbf592ea5ae20b8\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2011.07.05 12:51:01 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2008.01.18 22:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.18 22:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 22:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
[2008.01.18 20:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.18 20:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.04.18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\drivers\MpNWMon.sys
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         


Alt 15.11.2011, 18:54   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 5D 5E 8C 3B 3B CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q="
[2011.11.07 22:08:50 | 000,002,519 | ---- | M] () -- C:\Users\lulu\AppData\Roaming\Mozilla\Firefox\Profiles\7vns9mm9.default\searchplugins\SearchResults.xml
[2011.11.07 22:08:50 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=119&systemid=406&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\Shell - "" = AutoRun
O33 - MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> http://www.searchqu.com/406

Alt 18.11.2011, 14:32   #7
Neon
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Okay.

Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
Prefs.js: "Search Results" removed from browser.search.selectedEngine
Prefs.js: "www.google.de" removed from browser.startup.homepage
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=" removed from keyword.URL
C:\Users\lulu\AppData\Roaming\Mozilla\Firefox\Profiles\7vns9mm9.default\searchplugins\SearchResults.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{771a1e4e-e73d-11e0-8651-0013779e54ae}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{771a1e4e-e73d-11e0-8651-0013779e54ae}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{771a1e4e-e73d-11e0-8651-0013779e54ae}\ not found.
File K:\LaunchU3.exe -a not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: lulu
->Temp folder emptied: 11332731 bytes
->Temporary Internet Files folder emptied: 3752070 bytes
->Java cache emptied: 7527272 bytes
->FireFox cache emptied: 43365788 bytes
->Google Chrome cache emptied: 8475860 bytes
->Flash cache emptied: 57045 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12916 bytes
RecycleBin emptied: 334874627 bytes
 
Total Files Cleaned = 391,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 11182011_152234

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 18.11.2011, 14:37   #8
Neon
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Ich habe jetzt dann noch mal die Startseite bei Google geändert. Das hat davor nicht funktioniert, aber nach Deinem Code und der Umstellung scheint es zu funktionieren. Jedenfalls erscheint die Searchqu-seite nicht mehr.

Alt 18.11.2011, 15:07   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.11.2011, 22:50   #10
Neon
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Hi Arne,

Code:
ATTFilter
23:42:47.0320 2188	TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
23:42:48.0272 2188	============================================================
23:42:48.0272 2188	Current date / time: 2011/11/26 23:42:48.0272
23:42:48.0272 2188	SystemInfo:
23:42:48.0272 2188	
23:42:48.0272 2188	OS Version: 6.0.6002 ServicePack: 2.0
23:42:48.0272 2188	Product type: Workstation
23:42:48.0272 2188	ComputerName: LULU-PC
23:42:48.0272 2188	UserName: lulu
23:42:48.0272 2188	Windows directory: C:\Windows
23:42:48.0272 2188	System windows directory: C:\Windows
23:42:48.0272 2188	Processor architecture: Intel x86
23:42:48.0272 2188	Number of processors: 2
23:42:48.0272 2188	Page size: 0x1000
23:42:48.0272 2188	Boot type: Normal boot
23:42:48.0272 2188	============================================================
23:42:53.0529 2188	Initialize success
23:44:42.0105 4168	============================================================
23:44:42.0105 4168	Scan started
23:44:42.0105 4168	Mode: Manual; SigCheck; TDLFS; 
23:44:42.0105 4168	============================================================
23:44:43.0067 4168	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:44:44.0184 4168	ACPI - ok
23:44:44.0808 4168	adp94xx         (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
23:44:45.0198 4168	adp94xx - ok
23:44:45.0791 4168	adpahci         (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
23:44:45.0994 4168	adpahci - ok
23:44:46.0368 4168	adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
23:44:46.0758 4168	adpu160m - ok
23:44:47.0055 4168	adpu320         (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
23:44:47.0195 4168	adpu320 - ok
23:44:47.0585 4168	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:44:47.0835 4168	AFD - ok
23:44:48.0615 4168	AgereSoftModem  (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
23:44:49.0176 4168	AgereSoftModem - ok
23:44:49.0504 4168	agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
23:44:49.0613 4168	agp440 - ok
23:44:49.0987 4168	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:44:50.0065 4168	aic78xx - ok
23:44:50.0253 4168	aliide          (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
23:44:50.0331 4168	aliide - ok
23:44:50.0518 4168	amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
23:44:50.0580 4168	amdagp - ok
23:44:50.0799 4168	amdide          (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
23:44:50.0814 4168	amdide - ok
23:44:50.0939 4168	AmdK7           (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
23:44:51.0157 4168	AmdK7 - ok
23:44:51.0501 4168	AmdK8           (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
23:44:51.0657 4168	AmdK8 - ok
23:44:52.0015 4168	arc             (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
23:44:52.0062 4168	arc - ok
23:44:52.0249 4168	arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
23:44:52.0359 4168	arcsas - ok
23:44:52.0608 4168	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:44:52.0998 4168	AsyncMac - ok
23:44:53.0326 4168	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:44:53.0404 4168	atapi - ok
23:44:53.0825 4168	athr            (f32fee7cb2ee32c1f808409bc8019701) C:\Windows\system32\DRIVERS\athr.sys
23:44:54.0043 4168	athr - ok
23:44:54.0340 4168	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:44:54.0480 4168	Beep - ok
23:44:54.0823 4168	BHDrvx86        (9d14d76e4e7b9b2ead17149011db2b11) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111114.002\BHDrvx86.sys
23:44:55.0416 4168	BHDrvx86 - ok
23:44:55.0713 4168	blbdrive - ok
23:44:55.0822 4168	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:44:55.0947 4168	bowser - ok
23:44:56.0259 4168	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:44:56.0493 4168	BrFiltLo - ok
23:44:56.0758 4168	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:44:56.0929 4168	BrFiltUp - ok
23:44:57.0054 4168	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:44:57.0273 4168	Brserid - ok
23:44:57.0413 4168	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:44:57.0600 4168	BrSerWdm - ok
23:44:57.0772 4168	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:44:57.0865 4168	BrUsbMdm - ok
23:44:57.0959 4168	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:44:58.0037 4168	BrUsbSer - ok
23:44:58.0146 4168	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:44:58.0240 4168	BTHMODEM - ok
23:44:58.0552 4168	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:44:58.0677 4168	cdfs - ok
23:44:58.0817 4168	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:44:58.0911 4168	cdrom - ok
23:44:59.0004 4168	circlass        (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
23:44:59.0176 4168	circlass - ok
23:44:59.0441 4168	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:44:59.0597 4168	CLFS - ok
23:44:59.0784 4168	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:44:59.0925 4168	CmBatt - ok
23:45:00.0049 4168	cmdide          (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
23:45:00.0127 4168	cmdide - ok
23:45:00.0252 4168	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:45:00.0315 4168	Compbatt - ok
23:45:00.0408 4168	crcdisk         (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
23:45:00.0455 4168	crcdisk - ok
23:45:00.0564 4168	Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
23:45:00.0689 4168	Crusoe - ok
23:45:00.0798 4168	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:45:00.0876 4168	DfsC - ok
23:45:01.0017 4168	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:45:01.0063 4168	disk - ok
23:45:01.0204 4168	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:45:01.0282 4168	drmkaud - ok
23:45:01.0438 4168	dtsoftbus01     (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:45:01.0703 4168	dtsoftbus01 - ok
23:45:01.0828 4168	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:45:01.0906 4168	DXGKrnl - ok
23:45:02.0046 4168	E1G60           (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:45:02.0233 4168	E1G60 - ok
23:45:02.0421 4168	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:45:02.0499 4168	Ecache - ok
23:45:02.0670 4168	eeCtrl          (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
23:45:02.0779 4168	eeCtrl - ok
23:45:03.0029 4168	elxstor         (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
23:45:03.0091 4168	elxstor - ok
23:45:03.0201 4168	epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
23:45:03.0263 4168	epmntdrv ( UnsignedFile.Multi.Generic ) - warning
23:45:03.0263 4168	epmntdrv - detected UnsignedFile.Multi.Generic (1)
23:45:03.0403 4168	EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
23:45:03.0513 4168	EraserUtilRebootDrv - ok
23:45:03.0731 4168	EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
23:45:03.0840 4168	EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
23:45:03.0840 4168	EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
23:45:04.0105 4168	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:45:04.0246 4168	exfat - ok
23:45:04.0355 4168	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:45:04.0464 4168	fastfat - ok
23:45:04.0573 4168	fdc             (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
23:45:04.0714 4168	fdc - ok
23:45:04.0823 4168	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:45:04.0854 4168	FileInfo - ok
23:45:04.0979 4168	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:45:05.0026 4168	Filetrace - ok
23:45:05.0135 4168	flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
23:45:05.0213 4168	flpydisk - ok
23:45:05.0322 4168	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:45:05.0369 4168	FltMgr - ok
23:45:05.0509 4168	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:45:05.0587 4168	Fs_Rec - ok
23:45:05.0697 4168	gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
23:45:05.0743 4168	gagp30kx - ok
23:45:05.0884 4168	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
23:45:05.0993 4168	HdAudAddService - ok
23:45:06.0133 4168	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:45:06.0321 4168	HDAudBus - ok
23:45:06.0445 4168	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:45:06.0633 4168	HidBth - ok
23:45:06.0648 4168	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:45:06.0851 4168	HidIr - ok
23:45:07.0054 4168	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:45:07.0179 4168	HidUsb - ok
23:45:07.0319 4168	HpCISSs         (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
23:45:07.0381 4168	HpCISSs - ok
23:45:07.0537 4168	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
23:45:07.0725 4168	HTTP - ok
23:45:07.0834 4168	i2omp           (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
23:45:07.0896 4168	i2omp - ok
23:45:08.0021 4168	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:45:08.0130 4168	i8042prt - ok
23:45:08.0286 4168	iaStorV         (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
23:45:08.0364 4168	iaStorV - ok
23:45:08.0707 4168	IDSVix86        (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111124.030\IDSvix86.sys
23:45:08.0863 4168	IDSVix86 - ok
23:45:09.0113 4168	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:45:09.0191 4168	iirsp - ok
23:45:09.0347 4168	intelide        (1c60617d54bc9f035671a44b75d9f7cc) C:\Windows\system32\drivers\intelide.sys
23:45:09.0409 4168	intelide - ok
23:45:09.0519 4168	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:45:09.0643 4168	intelppm - ok
23:45:09.0784 4168	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:45:09.0909 4168	IpFilterDriver - ok
23:45:10.0033 4168	IpInIp - ok
23:45:10.0845 4168	IPMIDRV         (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
23:45:11.0032 4168	IPMIDRV - ok
23:45:11.0266 4168	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:45:11.0391 4168	IPNAT - ok
23:45:11.0547 4168	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:45:11.0656 4168	IRENUM - ok
23:45:11.0781 4168	isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
23:45:11.0843 4168	isapnp - ok
23:45:12.0015 4168	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:45:12.0108 4168	iScsiPrt - ok
23:45:12.0233 4168	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:45:12.0280 4168	iteatapi - ok
23:45:12.0420 4168	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:45:12.0576 4168	iteraid - ok
23:45:12.0795 4168	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:45:12.0904 4168	kbdclass - ok
23:45:13.0044 4168	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:45:13.0200 4168	kbdhid - ok
23:45:13.0465 4168	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
23:45:13.0575 4168	KSecDD - ok
23:45:13.0715 4168	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:45:13.0855 4168	lltdio - ok
23:45:14.0027 4168	LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
23:45:14.0074 4168	LSI_FC - ok
23:45:14.0214 4168	LSI_SAS         (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
23:45:14.0245 4168	LSI_SAS - ok
23:45:14.0370 4168	LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
23:45:14.0417 4168	LSI_SCSI - ok
23:45:14.0511 4168	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:45:14.0604 4168	luafv - ok
23:45:14.0713 4168	megasas         (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
23:45:14.0745 4168	megasas - ok
23:45:14.0916 4168	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:45:15.0010 4168	Modem - ok
23:45:15.0150 4168	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:45:15.0244 4168	monitor - ok
23:45:15.0369 4168	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:45:15.0447 4168	mouclass - ok
23:45:15.0556 4168	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:45:15.0649 4168	mouhid - ok
23:45:15.0790 4168	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:45:15.0868 4168	MountMgr - ok
23:45:15.0993 4168	MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
23:45:16.0164 4168	MpFilter - ok
23:45:16.0289 4168	mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
23:45:16.0445 4168	mpio - ok
23:45:16.0679 4168	MpKsl004649b7   (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AAA4005-C791-4859-8ACC-73D9D84E62BC}\MpKsl004649b7.sys
23:45:16.0757 4168	MpKsl004649b7 - ok
23:45:16.0851 4168	MpKsl33d3ab3a - ok
23:45:16.0897 4168	MpKslb105bf05 - ok
23:45:17.0147 4168	MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
23:45:17.0225 4168	MpNWMon - ok
23:45:17.0334 4168	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:45:17.0428 4168	mpsdrv - ok
23:45:17.0553 4168	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:45:17.0615 4168	Mraid35x - ok
23:45:17.0771 4168	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:45:17.0896 4168	MRxDAV - ok
23:45:18.0021 4168	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:45:18.0145 4168	mrxsmb - ok
23:45:18.0270 4168	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:45:18.0395 4168	mrxsmb10 - ok
23:45:18.0551 4168	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:45:18.0645 4168	mrxsmb20 - ok
23:45:18.0769 4168	msahci          (f0ec3a4e0693a34b148723b4da31668c) C:\Windows\system32\drivers\msahci.sys
23:45:18.0816 4168	msahci - ok
23:45:18.0925 4168	msdsm           (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
23:45:18.0988 4168	msdsm - ok
23:45:19.0128 4168	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:45:19.0237 4168	Msfs - ok
23:45:19.0347 4168	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:45:19.0425 4168	msisadrv - ok
23:45:19.0830 4168	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:45:20.0049 4168	MSKSSRV - ok
23:45:20.0329 4168	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:45:20.0470 4168	MSPCLOCK - ok
23:45:20.0610 4168	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:45:20.0719 4168	MSPQM - ok
23:45:20.0891 4168	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:45:20.0985 4168	MsRPC - ok
23:45:21.0141 4168	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:45:21.0203 4168	mssmbios - ok
23:45:21.0312 4168	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:45:21.0406 4168	MSTEE - ok
23:45:21.0531 4168	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:45:21.0562 4168	Mup - ok
23:45:21.0718 4168	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:45:21.0749 4168	NativeWifiP - ok
23:45:22.0155 4168	NAVENG          (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20111125.033\NAVENG.SYS
23:45:22.0248 4168	NAVENG - ok
23:45:22.0857 4168	NAVEX15         (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\VirusDefs\20111125.033\NAVEX15.SYS
23:45:23.0028 4168	NAVEX15 - ok
23:45:23.0605 4168	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:45:23.0715 4168	NDIS - ok
23:45:23.0980 4168	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:45:24.0073 4168	NdisTapi - ok
23:45:24.0183 4168	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:45:24.0261 4168	Ndisuio - ok
23:45:24.0448 4168	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:45:24.0510 4168	NdisWan - ok
23:45:24.0744 4168	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:45:24.0807 4168	NDProxy - ok
23:45:25.0103 4168	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:45:25.0259 4168	NetBIOS - ok
23:45:25.0399 4168	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:45:25.0540 4168	netbt - ok
23:45:25.0665 4168	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:45:25.0711 4168	nfrd960 - ok
23:45:25.0867 4168	NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:45:25.0961 4168	NisDrv - ok
23:45:26.0211 4168	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:45:26.0320 4168	Npfs - ok
23:45:26.0476 4168	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:45:26.0585 4168	nsiproxy - ok
23:45:26.0881 4168	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:45:27.0084 4168	Ntfs - ok
23:45:27.0240 4168	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:45:27.0334 4168	ntrigdigi - ok
23:45:27.0443 4168	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:45:27.0521 4168	Null - ok
23:45:27.0739 4168	nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
23:45:27.0802 4168	nvraid - ok
23:45:27.0958 4168	nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
23:45:27.0989 4168	nvstor - ok
23:45:28.0114 4168	nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
23:45:28.0161 4168	nv_agp - ok
23:45:28.0270 4168	NwlnkFlt - ok
23:45:28.0285 4168	NwlnkFwd - ok
23:45:28.0332 4168	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
23:45:28.0441 4168	ohci1394 - ok
23:45:28.0582 4168	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:45:28.0675 4168	Parport - ok
23:45:28.0800 4168	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:45:28.0878 4168	partmgr - ok
23:45:29.0050 4168	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:45:29.0221 4168	Parvdm - ok
23:45:29.0424 4168	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:45:29.0471 4168	pci - ok
23:45:29.0705 4168	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
23:45:29.0752 4168	pciide - ok
23:45:30.0001 4168	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:45:30.0048 4168	pcmcia - ok
23:45:30.0282 4168	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:45:30.0438 4168	PEAUTH - ok
23:45:30.0594 4168	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:45:30.0657 4168	PptpMiniport - ok
23:45:30.0781 4168	Processor       (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
23:45:30.0875 4168	Processor - ok
23:45:31.0015 4168	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:45:31.0078 4168	PSched - ok
23:45:31.0234 4168	ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
23:45:31.0359 4168	ql2300 - ok
23:45:31.0483 4168	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:45:31.0530 4168	ql40xx - ok
23:45:31.0686 4168	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:45:31.0780 4168	QWAVEdrv - ok
23:45:32.0747 4168	R300            (9afa62db7f553a0f1f52c70b738b0064) C:\Windows\system32\DRIVERS\atikmdag.sys
23:45:33.0075 4168	R300 - ok
23:45:33.0402 4168	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:45:33.0527 4168	RasAcd - ok
23:45:33.0714 4168	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:45:33.0886 4168	Rasl2tp - ok
23:45:34.0042 4168	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:45:34.0135 4168	RasPppoe - ok
23:45:34.0245 4168	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:45:34.0338 4168	RasSstp - ok
23:45:34.0541 4168	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:45:34.0713 4168	rdbss - ok
23:45:34.0900 4168	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:45:35.0040 4168	RDPCDD - ok
23:45:35.0165 4168	rdpdr           (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
23:45:35.0352 4168	rdpdr - ok
23:45:35.0493 4168	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:45:35.0602 4168	RDPENCDD - ok
23:45:35.0742 4168	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:45:35.0836 4168	RDPWD - ok
23:45:35.0961 4168	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:45:36.0070 4168	rspndr - ok
23:45:36.0210 4168	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:45:36.0273 4168	sbp2port - ok
23:45:36.0382 4168	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:45:36.0522 4168	secdrv - ok
23:45:36.0631 4168	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:45:36.0709 4168	Serenum - ok
23:45:36.0834 4168	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:45:36.0959 4168	Serial - ok
23:45:37.0068 4168	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:45:37.0115 4168	sermouse - ok
23:45:37.0255 4168	sffdisk         (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
23:45:37.0365 4168	sffdisk - ok
23:45:37.0505 4168	sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
23:45:37.0630 4168	sffp_mmc - ok
23:45:37.0739 4168	sffp_sd         (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
23:45:37.0879 4168	sffp_sd - ok
23:45:38.0067 4168	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:45:38.0191 4168	sfloppy - ok
23:45:38.0301 4168	sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
23:45:38.0363 4168	sisagp - ok
23:45:38.0472 4168	SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
23:45:38.0503 4168	SiSRaid2 - ok
23:45:38.0613 4168	SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
23:45:38.0659 4168	SiSRaid4 - ok
23:45:38.0769 4168	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:45:38.0862 4168	Smb - ok
23:45:38.0987 4168	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:45:39.0034 4168	spldr - ok
23:45:39.0486 4168	SRTSP           (83726cf02eced69138948083e06b6eac) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSP.SYS
23:45:39.0689 4168	SRTSP - ok
23:45:40.0141 4168	SRTSPX          (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
23:45:40.0313 4168	SRTSPX - ok
23:45:40.0719 4168	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:45:40.0890 4168	srv - ok
23:45:41.0233 4168	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:45:41.0389 4168	srv2 - ok
23:45:41.0779 4168	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:45:41.0904 4168	srvnet - ok
23:45:42.0435 4168	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:45:42.0559 4168	swenum - ok
23:45:42.0778 4168	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:45:42.0856 4168	Symc8xx - ok
23:45:43.0043 4168	SymDS           (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS
23:45:43.0152 4168	SymDS - ok
23:45:43.0542 4168	SymEFA          (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
23:45:43.0620 4168	SymEFA - ok
23:45:43.0761 4168	SymEvent        (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
23:45:43.0885 4168	SymEvent - ok
23:45:44.0135 4168	SymIRON         (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS
23:45:44.0244 4168	SymIRON - ok
23:45:44.0400 4168	SYMTDIv         (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS
23:45:44.0478 4168	SYMTDIv - ok
23:45:44.0603 4168	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:45:44.0681 4168	Sym_hi - ok
23:45:44.0915 4168	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:45:44.0977 4168	Sym_u3 - ok
23:45:45.0133 4168	Tcpip           (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
23:45:45.0258 4168	Tcpip - ok
23:45:45.0399 4168	Tcpip6          (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
23:45:45.0523 4168	Tcpip6 - ok
23:45:45.0726 4168	tcpipreg        (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
23:45:45.0835 4168	tcpipreg - ok
23:45:45.0991 4168	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:45:46.0101 4168	TDPIPE - ok
23:45:46.0225 4168	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:45:46.0335 4168	TDTCP - ok
23:45:46.0444 4168	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:45:46.0569 4168	tdx - ok
23:45:46.0725 4168	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:45:46.0803 4168	TermDD - ok
23:45:46.0990 4168	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:45:47.0099 4168	tssecsrv - ok
23:45:47.0317 4168	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:45:47.0411 4168	tunmp - ok
23:45:47.0520 4168	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:45:47.0598 4168	tunnel - ok
23:45:47.0723 4168	uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
23:45:47.0817 4168	uagp35 - ok
23:45:47.0973 4168	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:45:48.0097 4168	udfs - ok
23:45:48.0222 4168	uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
23:45:48.0285 4168	uliagpkx - ok
23:45:48.0441 4168	uliahci         (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
23:45:48.0519 4168	uliahci - ok
23:45:48.0612 4168	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:45:48.0690 4168	UlSata - ok
23:45:48.0784 4168	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:45:48.0877 4168	ulsata2 - ok
23:45:49.0002 4168	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:45:49.0096 4168	umbus - ok
23:45:49.0267 4168	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:45:49.0377 4168	usbccgp - ok
23:45:49.0486 4168	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:45:49.0642 4168	usbcir - ok
23:45:49.0782 4168	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:45:49.0876 4168	usbehci - ok
23:45:50.0001 4168	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:45:50.0125 4168	usbhub - ok
23:45:50.0266 4168	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
23:45:50.0359 4168	usbohci - ok
23:45:50.0515 4168	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:45:50.0625 4168	usbprint - ok
23:45:50.0765 4168	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:45:50.0890 4168	USBSTOR - ok
23:45:50.0999 4168	usbuhci         (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
23:45:51.0155 4168	usbuhci - ok
23:45:51.0295 4168	vga             (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
23:45:51.0373 4168	vga - ok
23:45:51.0483 4168	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:45:51.0545 4168	VgaSave - ok
23:45:51.0670 4168	viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
23:45:51.0701 4168	viaagp - ok
23:45:51.0826 4168	ViaC7           (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
23:45:51.0951 4168	ViaC7 - ok
23:45:52.0075 4168	viaide          (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
23:45:52.0122 4168	viaide - ok
23:45:52.0278 4168	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:45:52.0341 4168	volmgr - ok
23:45:52.0481 4168	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:45:52.0559 4168	volmgrx - ok
23:45:52.0684 4168	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:45:52.0777 4168	volsnap - ok
23:45:52.0918 4168	vsmraid         (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
23:45:53.0011 4168	vsmraid - ok
23:45:53.0105 4168	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:45:53.0277 4168	WacomPen - ok
23:45:53.0433 4168	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:45:53.0557 4168	Wanarp - ok
23:45:53.0651 4168	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:45:53.0745 4168	Wanarpv6 - ok
23:45:53.0854 4168	Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
23:45:53.0901 4168	Wd - ok
23:45:54.0057 4168	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
23:45:54.0150 4168	Wdf01000 - ok
23:45:54.0259 4168	WmiAcpi         (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
23:45:54.0322 4168	WmiAcpi - ok
23:45:54.0493 4168	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:45:54.0587 4168	WpdUsb - ok
23:45:54.0712 4168	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:45:54.0774 4168	ws2ifsl - ok
23:45:55.0039 4168	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:45:55.0180 4168	WUDFRd - ok
23:45:55.0726 4168	yukonwlh        (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
23:45:55.0835 4168	yukonwlh - ok
23:45:55.0882 4168	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:45:56.0724 4168	\Device\Harddisk0\DR0 - ok
23:45:56.0740 4168	Boot (0x1200)   (d81b54fa8103ef1e127785ad05e039d5) \Device\Harddisk0\DR0\Partition0
23:45:56.0771 4168	\Device\Harddisk0\DR0\Partition0 - ok
23:45:56.0802 4168	Boot (0x1200)   (7eb1cce2ca48c4184521fe3c6208ec3b) \Device\Harddisk0\DR0\Partition1
23:45:56.0818 4168	\Device\Harddisk0\DR0\Partition1 - ok
23:45:56.0849 4168	Boot (0x1200)   (1df9326f9917f889eb88f863c604eef3) \Device\Harddisk0\DR0\Partition2
23:45:56.0880 4168	\Device\Harddisk0\DR0\Partition2 - ok
23:45:56.0943 4168	Boot (0x1200)   (5b55816167a3691c97cea179d9bae6d0) \Device\Harddisk0\DR0\Partition3
23:45:57.0005 4168	\Device\Harddisk0\DR0\Partition3 - ok
23:45:57.0005 4168	============================================================
23:45:57.0005 4168	Scan finished
23:45:57.0005 4168	============================================================
23:45:57.0036 5552	Detected object count: 2
23:45:57.0036 5552	Actual detected object count: 2
23:46:11.0638 5552	epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:46:11.0638 5552	epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:46:11.0638 5552	EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:46:11.0638 5552	EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 27.11.2011, 00:30   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 01.12.2011, 09:52   #12
Neon
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Guten Morgen, Arne.

Code:
ATTFilter
ComboFix 11-12-01.01 - lulu 01.12.2011   9:53.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1789.860 [GMT 1:00]
ausgeführt von:: c:\users\lulu\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-01 bis 2011-12-01  ))))))))))))))))))))))))))))))
.
.
2011-12-01 09:05 . 2011-12-01 09:05	--------	d-----w-	c:\users\lulu\AppData\Local\temp
2011-12-01 09:05 . 2011-12-01 09:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-01 08:47 . 2011-12-01 08:47	--------	d-----w-	c:\programdata\SUPERSetup
2011-12-01 08:14 . 2011-12-01 08:14	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43B665DA-36E7-4B3C-85A9-962753B4ABDB}\MpKslfb6b5d1d.sys
2011-12-01 08:13 . 2011-12-01 08:13	56200	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43B665DA-36E7-4B3C-85A9-962753B4ABDB}\offreg.dll
2011-11-30 18:19 . 2011-10-07 03:48	6668624	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43B665DA-36E7-4B3C-85A9-962753B4ABDB}\mpengine.dll
2011-11-20 18:35 . 2011-11-20 18:35	--------	d-----w-	c:\windows\Cake Mania - To the Max
2011-11-20 10:56 . 2011-11-20 10:56	--------	d-----w-	c:\program files\Microsoft Silverlight
2011-11-18 15:33 . 2011-11-20 11:00	--------	d-----w-	c:\users\lulu\AppData\Local\CrashDumps
2011-11-15 21:57 . 2011-11-15 21:57	--------	d-----w-	c:\program files\Common Files\Java
2011-11-15 21:35 . 2011-11-17 20:35	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2011-11-15 21:35 . 2011-11-15 21:35	--------	d-----w-	c:\program files\Symantec
2011-11-15 21:35 . 2011-11-15 21:35	126584	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-15 21:34 . 2011-11-15 21:34	--------	d-----w-	c:\windows\system32\drivers\NIS
2011-11-15 21:34 . 2011-11-15 21:34	--------	d-----w-	c:\programdata\Norton
2011-11-15 21:30 . 2011-11-15 21:30	--------	d-----w-	c:\program files\NortonInstaller
2011-11-12 09:50 . 2011-11-12 09:50	--------	d-----w-	c:\program files\ESET
2011-11-10 09:35 . 2011-10-17 11:41	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-11-10 09:35 . 2011-09-20 21:02	913280	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-10 09:35 . 2011-09-20 13:44	31232	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2011-11-10 09:35 . 2011-09-30 15:57	707584	----a-w-	c:\program files\Common Files\System\wab32.dll
2011-11-08 07:15 . 2011-11-08 07:15	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-11-08 07:14 . 2011-11-08 07:14	--------	d-----w-	c:\users\lulu\Neuer Ordner
2011-11-08 07:11 . 2011-11-08 07:11	--------	d-----w-	c:\users\lulu\AppData\Roaming\Malwarebytes
2011-11-08 07:11 . 2011-11-08 07:11	--------	d-----w-	c:\programdata\Malwarebytes
2011-11-08 07:11 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-07 21:12 . 2011-11-07 21:12	--------	d-----w-	c:\users\lulu\AppData\Local\Ilivid Player
2011-11-07 21:07 . 2011-11-07 21:07	--------	d-----w-	c:\users\lulu\Ilivid Youtube
2011-11-07 21:06 . 2011-11-07 21:06	--------	d-----w-	c:\program files\iLivid
2011-11-07 21:06 . 2011-11-08 06:35	--------	d-----w-	c:\programdata\boost_interprocess
2011-11-07 21:05 . 2011-11-07 21:05	--------	d-----w-	c:\users\lulu\AppData\Local\PackageAware
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 12:22 . 2011-10-11 12:22	703824	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B46C6972-26B0-435F-A395-8CCBA4D568E2}\gapaengine.dll
2011-10-07 03:48 . 2011-07-08 17:49	6668624	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-03 04:06 . 2011-07-05 17:52	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-09-23 09:45 . 2011-09-23 09:45	232512	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-09-06 13:30 . 2011-10-13 20:38	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-06-16 04:33 . 2011-07-05 14:34	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\lulu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\lulu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\lulu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - e:\microsoft office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33	4910912	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
2011-08-31 16:00	1047208	----a-w-	e:\malwarebytes' anti-malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-08-18 15:04	17360520	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
R1 MpKsl33d3ab3a;MpKsl33d3ab3a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C61B149E-EAC9-4D22-B27B-AF95BA18AEA9}\MpKsl33d3ab3a.sys [x]
R1 MpKslb105bf05;MpKslb105bf05;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06D814DF-AE72-4CFE-B742-1FCEDD6CA168}\MpKslb105bf05.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 8456]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1206000.01D\SYMDS.SYS [2011-01-27 340088]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1206000.01D\SYMEFA.SYS [2011-03-15 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\BASHDefs\20111123.001\BHDrvx86.sys [2011-11-14 819320]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-23 232512]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.6.0.29\Definitions\IPSDefs\20111130.001\IDSvix86.sys [2011-11-12 368248]
S1 MpKslfb6b5d1d;MpKslfb6b5d1d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43B665DA-36E7-4B3C-85A9-962753B4ABDB}\MpKslfb6b5d1d.sys [2011-12-01 28752]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1206000.01D\Ironx86.SYS [2011-01-27 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\NIS\1206000.01D\SYMTDIV.SYS [2011-03-22 331384]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 NIS;Norton Internet Security;e:\utilities\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-17 106104]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLFB6B5D1D
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-962186711-3762864419-1631889991-1000Core.job
- c:\users\lulu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 20:48]
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-962186711-3762864419-1631889991-1000UA.job
- c:\users\lulu\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-08 20:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - e:\icq\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\lulu\AppData\Roaming\Mozilla\Firefox\Profiles\7vns9mm9.default\
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-10 - (no file)
HKCU-Run-AdobeBridge - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - e:\superanti spyware\SASWINLO.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-01 10:05
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"e:\utilities\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"e:\utilities\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-962186711-3762864419-1631889991-1000\Software\SecuROM\License information*]
"datasecu"=hex:42,0f,fa,3e,e3,c2,ec,de,67,18,58,ba,00,7c,c1,25,2f,4f,4a,43,bd,
   2d,b8,70,6f,6f,88,28,6c,b2,ca,1b,a2,95,0f,c2,30,e3,34,aa,df,a2,6d,53,14,3d,\
"rkeysecu"=hex:1f,b5,12,4e,95,00,6f,bf,e8,4e,ec,55,3f,3f,76,d9
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(2732)
c:\users\lulu\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
Zeit der Fertigstellung: 2011-12-01  10:09:11
ComboFix-quarantined-files.txt  2011-12-01 09:09
.
Vor Suchlauf: 7 Verzeichnis(se), 75.735.543.808 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 75.687.325.696 Bytes frei
.
- - End Of File - - AFC43D260BF03C22F482AD0BE087AAA2
         

Sollte ich das Programm (Combofix) nun deinstallieren?

Alt 01.12.2011, 09:54   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 03.12.2011, 14:22   #14
Neon
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Hi,


GMER:

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-03 14:28:47
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM500JI rev.2AC101C4
Running: 3olsf0lh.exe; Driver: C:\Users\lulu\AppData\Local\Temp\kwtdapog.sys


---- System - GMER 1.0.15 ----

SSDT            862DB918                       ZwAlertResumeThread
SSDT            862DB9F8                       ZwAlertThread
SSDT            862DB360                       ZwAllocateVirtualMemory
SSDT            860BA990                       ZwAlpcConnectPort
SSDT            863EBCD0                       ZwAssignProcessToJobObject
SSDT            862DCF88                       ZwCreateMutant
SSDT            862DB6D0                       ZwCreateSymbolicLinkObject
SSDT            86244318                       ZwCreateThread
SSDT            862DCFD0                       ZwDebugActiveProcess
SSDT            862DB530                       ZwDuplicateObject
SSDT            862DB180                       ZwFreeVirtualMemory
SSDT            86277CB8                       ZwImpersonateAnonymousToken
SSDT            862DB838                       ZwImpersonateThread
SSDT            85F54B38                       ZwLoadDriver
SSDT            862DB080                       ZwMapViewOfSection
SSDT            862DCEA8                       ZwOpenEvent
SSDT            86244200                       ZwOpenProcess
SSDT            862DB450                       ZwOpenProcessToken
SSDT            86277870                       ZwOpenSection
SSDT            862DB008                       ZwOpenThread
SSDT            864BA2A8                       ZwProtectVirtualMemory
SSDT            862DBAD8                       ZwResumeThread
SSDT            862DBD78                       ZwSetContextThread
SSDT            862DBE58                       ZwSetInformationProcess
SSDT            86277748                       ZwSetSystemInformation
SSDT            862DCDC8                       ZwSuspendProcess
SSDT            862DBBB8                       ZwSuspendThread
SSDT            862443F8                       ZwTerminateProcess
SSDT            862DBC98                       ZwTerminateThread
SSDT            862DBF48                       ZwUnmapViewOfSection
SSDT            862DB270                       ZwWriteVirtualMemory
SSDT            862DB778                       ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 11D  81CC28A0 8 Bytes  [18, B9, 2D, 86, F8, B9, 2D, ...]
.text           ntkrnlpa.exe!KeSetEvent + 131  81CC28B4 4 Bytes  [60, B3, 2D, 86]
.text           ntkrnlpa.exe!KeSetEvent + 13D  81CC28C0 4 Bytes  [90, A9, 0B, 86]
.text           ntkrnlpa.exe!KeSetEvent + 191  81CC2914 4 Bytes  JMP C088F99A 
.text           ntkrnlpa.exe!KeSetEvent + 1F5  81CC2978 4 Bytes  [88, CF, 2D, 86]
.text           ...                            

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\tdx \Device\Tcp        SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\Udp        SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\tdx \Device\RawIp      SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \FileSystem\fastfat \Fat       fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         


aswMBR:


HTML-Code:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-03 14:40:34
-----------------------------
14:40:34.136    OS Version: Windows 6.0.6002 Service Pack 2
14:40:34.136    Number of processors: 2 586 0xF0D
14:40:34.136    ComputerName: ***-PC  UserName: lulu
14:40:53.882    Initialize success
14:49:43.540    AVAST engine defs: 11120301
14:50:06.722    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:50:06.738    Disk 0 Vendor: SAMSUNG_HM500JI 2AC101C4 Size: 476940MB BusType: 3
14:50:08.766    Disk 0 MBR read successfully
14:50:08.766    Disk 0 MBR scan
14:50:08.781    Disk 0 Windows VISTA default MBR code
14:50:08.781    Disk 0 scanning sectors +976768065
14:50:08.859    Disk 0 scanning C:\Windows\system32\drivers
14:50:19.467    Service scanning
14:50:20.091    Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
14:50:20.731    Modules scanning
14:50:25.707    Disk 0 trace - called modules:
14:50:25.738    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
14:50:25.754    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84e12578]
14:50:25.754    3 CLASSPNP.SYS[875a78b3] -> nt!IofCallDriver -> [0x83eb30a8]
14:50:25.754    5 acpi.sys[806916bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83ebb8a0]
14:50:26.206    AVAST engine scan C:\Windows
14:50:28.640    AVAST engine scan C:\Windows\system32
14:52:23.940    AVAST engine scan C:\Windows\system32\drivers
14:52:34.704    AVAST engine scan C:\Users\lulu
14:54:46.648    AVAST engine scan C:\ProgramData
14:56:37.892    Scan finished successfully
15:01:11.906    Disk 0 MBR has been saved successfully to "C:\Users\lulu\Desktop\MBR.dat"
15:01:11.906    The log file has been saved successfully to "C:\Users\lulu\Desktop\aswMBR.txt"

Alt 04.12.2011, 17:17   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
http://www.searchqu.com/406 - Standard

http://www.searchqu.com/406



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu http://www.searchqu.com/406
adobe, autorun, bandoo, bho, computer, computern, defender, desktop, explorer, firefox, format, google, google chrome, home, icq, ilivid, langs, logfile, malwarebytes, microsoft, microsoft security, problem, programme, registry, scan, searchqu toolbar, security, software, updates, vista, winlogon, wmp



Ähnliche Themen: http://www.searchqu.com/406


  1. Vista - Malwarebytes findet http://www.searchqu.com/406 und PUP.Optional.Searchqu.A
    Log-Analyse und Auswertung - 16.09.2013 (5)
  2. http://www.searchqu.com/406
    Log-Analyse und Auswertung - 10.01.2012 (24)
  3. http://www.searchqu.com/420 - Problem!
    Plagegeister aller Art und deren Bekämpfung - 22.12.2011 (5)
  4. http://www.searchqu.com/410 als Startseite - Frust!
    Log-Analyse und Auswertung - 13.12.2011 (10)
  5. http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 05.12.2011 (30)
  6. http://www.searchqu.com/410
    Log-Analyse und Auswertung - 20.11.2011 (36)
  7. wie kann ich (http://www.searchqu.com/410) löschen
    Log-Analyse und Auswertung - 20.11.2011 (2)
  8. googlestartseite nennt sich jetzt : http://www.searchqu.com//406
    Log-Analyse und Auswertung - 30.09.2011 (3)
  9. nochmal: http://www.searchqu.com/413
    Plagegeister aller Art und deren Bekämpfung - 26.09.2011 (20)
  10. http://www.searchqu.com/406 kann ich nicht loswerden......
    Log-Analyse und Auswertung - 22.09.2011 (2)
  11. http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 01.08.2011 (60)
  12. http://www.searchqu.com/406 als Startseite bekomme es nicht weg
    Plagegeister aller Art und deren Bekämpfung - 07.07.2011 (1)
  13. http://www.searchqu.com/406
    Log-Analyse und Auswertung - 07.07.2011 (8)
  14. Virus: http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 29.06.2011 (9)
  15. Startseite wird immer mit http://www.searchqu.com/406 gestartet
    Plagegeister aller Art und deren Bekämpfung - 18.06.2011 (5)
  16. Möglicherweise Trojaner? http://www.searchqu.com/406
    Plagegeister aller Art und deren Bekämpfung - 09.06.2011 (26)
  17. http://www.searchqu.com - ändert die Startseite .
    Log-Analyse und Auswertung - 04.05.2011 (1)

Zum Thema http://www.searchqu.com/406 - Hallo, ich habe seit ein paar Tagen das oben genannte Problem, dass hxxp://www.searchqu.com/406 statt Google Chrome als Startseite angezeigt wird. Ich kenne mich nicht gut mit Computern aus und hoffe, - http://www.searchqu.com/406...
Archiv
Du betrachtest: http://www.searchqu.com/406 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.