Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Entfernen von PDF Creator Toolbar und vill anderen schädlingen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 06.01.2012, 17:06   #1
x9x
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Hallo

Ich habe mir die Tage den PDF Creator runtergeladen und scheinbar die Toolbar mit installiert, ein paar Tage danach schlägt Malwarebytes Alarm und ich schicke die 6 datein in Quarantäne und versuche das Programm zu deinstallieren.

Habe dann einfach mal HijackThis über mein System laufen lassen (Vista 64Bit) und gesehen das da noch andere rote Kreuze mit der Beschreibung vielleicht schädlich in der Auswertung verhanden waren.

Und die PDF Creator Toolbar geistert auf meinem System scheinbar immer noch rum.

Und ich habe gesehen das ich Spigot auf meinem Rechner habe und gelesen das dies auch nicht so toll sein soll, wollte es entfernen aber eine Datei lässt sich nicht löschen.

Nun wollte ich wie beschrieben ein OTL Log erstellen habe dies aber nur teilweise hin bekommen.

Habe den defogger geladen und wie beschrieben als Admin ausgeführt.

Neustart.

Fehler Meldung.

OTL geladen und ausgeführt (Scan geklickt), ohne euren Text in die Textbox zu kopieren.

Habe bemerkt das dies falsch war und es wie beschrieben durchgeführt.

Text in die Textbox kopiert und auf Quick Scan geklickt.

Nun habe ich aber nach mehreren Versuchen immer nur das OTL Log bekommen.

Hoffe es kann mir jemand von euch helfen

Mit freundlichen Grüßen

x9x

Alt 06.01.2012, 23:01   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Hijackthis ist veraltet und sollte nicht mehr verwendet werden! Das Teil taugt zur Analyse eh nichts mehr!
Und poste bitte alle Log von Malwarebytes, wozu den Umstand machen alles zu beschreiben wenn man einfach die Logs posten kann.
__________________

__________________

Alt 07.01.2012, 12:44   #3
x9x
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Ok.

Muss jetzt aber nur die Logs posten die befallene Daten zeigen, wo nix gefunden wurde die machen ja keinen Sinn oder?

Und die Protection Logs braucht ihr auch nicht oder?

Werde erst mal die beiden Logs mit den befallenen Daten hochladen.

MfG

x9x
__________________

Alt 07.01.2012, 14:59   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Zitat:
Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes war nicht aktuell.

- lade das aktuelle Setup runter und installier es
- aktualisiere die Datenbank von Malwarebytes
- mach einen neuen Vollscan
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.01.2012, 17:18   #5
x9x
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Was meinst du mit aktuelles Setup?

Habe Malwarebytes jetzt einfach Aktualisiert und einen Vollscan gemacht, oder sollte ich es nocheinmal runterladen...?

Mfg

x9x


Alt 07.01.2012, 18:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> Entfernen von PDF Creator Toolbar und vill anderen schädlingen

Alt 08.01.2012, 15:49   #7
x9x
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Hier der Log

mfg

x9x

Alt 08.01.2012, 20:00   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Du solltest die Logs hier in CODE-Tags posten! Nur dann zippen und anhängen wenn es zu groß ist!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.01.2012, 20:07   #9
x9x
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Soll ich den Eset Log nochmal hier posten?

Alt 08.01.2012, 20:46   #10
x9x
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



So hier der OTL Log:

Code:
ATTFilter
OTL logfile created on: 08.01.2012 21:09:13 - Run 9
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Desktop\dies und das
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,29% Memory free
8,21 Gb Paging File | 6,53 Gb Available in Paging File | 79,54% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 328,54 Gb Free Space | 70,54% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.04 14:56:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\dies und das\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.22 15:13:02 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.08.22 15:12:52 | 003,507,088 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.07.30 15:05:58 | 000,497,000 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe
PRC - [2008.09.08 15:48:16 | 000,539,160 | R--- | M] (Symantec) -- C:\Program Files (x86)\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.13 19:19:07 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ab1a41d184118635218d38da3f4bcae8\System.Management.ni.dll
MOD - [2011.10.13 19:17:52 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dabeb21f09f88576c2cce838280c7f44\System.Runtime.Remoting.ni.dll
MOD - [2011.10.13 19:17:45 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2b0b477db8f5a19d6365b93106b26651\System.Xaml.ni.dll
MOD - [2011.10.13 18:24:30 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\401a9dbeaad6b6ca70c90ae4fbd2e0b8\PresentationFramework.ni.dll
MOD - [2011.10.13 18:24:18 | 013,138,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\fa45e7d581b80c34cb0d5518491c7387\System.Windows.Forms.ni.dll
MOD - [2011.10.13 18:24:17 | 011,470,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b540398c49e7c32ab58666de7f09f645\PresentationCore.ni.dll
MOD - [2011.10.13 18:24:12 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\90223e809b1ff291a7f65509702e2fa1\System.Core.ni.dll
MOD - [2011.10.13 18:24:11 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\af091a68303117ca2166aa13bcbfbbd0\PresentationFramework.Aero.ni.dll
MOD - [2011.10.13 18:24:08 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a48e483c6b13da563725d72ec518a0bb\System.Xml.ni.dll
MOD - [2011.10.13 18:24:08 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\c0afb5fbfbc7a8d670b430672c5fd578\WindowsBase.ni.dll
MOD - [2011.10.13 18:24:08 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\fd0f015bc4324d8b9716ae38083a4e4d\System.Drawing.ni.dll
MOD - [2011.10.13 18:24:04 | 009,086,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\69adb8f9940fa1330f6f1b706e3dc31e\System.ni.dll
MOD - [2011.10.13 18:23:59 | 014,409,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\2b1af7649e57195b4b85bbf4c5cb7c90\mscorlib.ni.dll
MOD - [2011.09.16 19:09:27 | 000,115,137 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
MOD - [2011.08.22 15:13:02 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.12.11 21:44:52 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.19 16:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.02 10:47:14 | 000,159,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -- (CDMA Device Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.08 15:48:16 | 000,539,160 | R--- | M] (Symantec) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe -- (SymantecAntiBotWatcher)
SRV - [2008.09.08 15:48:12 | 004,910,104 | R--- | M] (Symantec) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe -- (SymantecAntiBotAgent)
SRV - [2008.01.21 03:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.12.08 16:37:25 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.09 21:35:28 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.07.18 05:24:46 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
DRV:64bit: - [2011.07.18 05:24:46 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.07.18 05:24:46 | 000,095,416 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.03.24 09:57:54 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011.03.24 09:57:54 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2010.07.30 06:51:52 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.06.24 14:00:14 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2009.12.11 22:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.12.11 20:51:08 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.19 00:31:24 | 000,120,848 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.02.14 07:56:14 | 000,160,768 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2007.10.12 02:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\amdide64.sys -- (amdide64)
DRV:64bit: - [2006.11.07 16:30:56 | 000,016,656 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2011.07.26 16:26:44 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011.03.24 09:57:54 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011.03.24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010.06.24 14:00:14 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2008.09.08 15:48:42 | 000,204,824 | R--- | M] (Symantec Corporation. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Symantec\Norton AntiBot\agent\driver\platform_VISTA\AntiBotDriver.sys -- (SymantecAntiBotDriver)
DRV - [2008.09.08 15:48:40 | 000,035,352 | R--- | M] (Symantec Corporation. ) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Symantec\Norton AntiBot\agent\driver\platform_VISTA\AntiBotFilter.sys -- (SymantecAntiBotFilter)
DRV - [2008.04.04 18:34:26 | 000,014,208 | ---- | M] (MAGIX) [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\disksec.sys -- (DiskSec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.10 17:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.10 17:22:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.12 16:39:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.19 14:04:46 | 000,000,000 | ---D | M]
 
[2010.01.27 16:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.01.08 21:08:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions
[2012.01.08 21:08:31 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.12.31 21:35:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.29 17:52:24 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\engine@conduit.com
[2010.08.12 20:48:02 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ow6v6ohh.default\searchplugins\conduit.xml
[2012.01.02 20:48:03 | 000,000,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ow6v6ohh.default\searchplugins\icqplugin.xml
[2011.11.12 16:39:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.26 09:28:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6V6OHH.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6V6OHH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OW6V6OHH.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2011.11.12 16:39:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.04 20:46:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.04 20:46:38 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.04 20:46:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.04 20:46:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.04 20:46:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.04 20:46:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: ICQ Search ()
CHR - default_search_provider: search_url = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
CHR - default_search_provider: suggest_url = 
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.127\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.127\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\10.0.648.127\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.0.900_0\
CHR - Extension: DivX HiQ = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.0.900_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\20101006104657\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\DRIVERS\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Conime] C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D11968C0-B2AB-4940-84F0-98EA487833E2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{24c5c7a2-e090-11e0-94a2-0024210dde28}\Shell - "" = AutoRun
O33 - MountPoints2\{24c5c7a2-e090-11e0-94a2-0024210dde28}\Shell\AutoRun\command - "" = F:\SamsungKiesInstaller.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^Users^***^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^StarOffice 8.lnk - C:\PROGRA~2\Sun\STAROF~1\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: NortonAntiBot - hkey= - key= - C:\Program Files (x86)\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe (Symantec)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfPf - Driver
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.WMV3 - C:\Windows\SysWow64\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.08 15:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.01.07 13:46:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\dies und das
[2012.01.06 17:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.01.06 17:19:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.01.04 12:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012.01.04 12:20:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012.01.01 13:50:00 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Blue Stahli
[2011.12.31 21:35:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011.12.31 21:35:04 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDVideoSoft
[2011.12.31 21:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.12.31 21:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2011.12.31 12:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.31 12:02:11 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\bilder detlef
[2011.12.30 16:18:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\kodak
[2011.12.30 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Eastman_Kodak_Company
[2011.12.30 16:16:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Eastman Kodak Company
[2011.12.30 16:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2011.12.30 16:15:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\kodak
[2011.12.30 16:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kodak
[2011.12.30 16:10:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Temp
[2011.12.30 16:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2011.12.23 22:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames
[2011.12.23 22:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames
[2011.12.15 18:06:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011.12.15 18:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011.12.15 18:05:58 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\pdfforge
[2011.12.10 10:26:04 | 001,058,304 | ---- | C] (Eastman Kodak Company) -- C:\Windows\SysNative\EKAiO2MON.dll
[2011.12.10 10:26:02 | 000,177,664 | ---- | C] (Eastman Kodak Company) -- C:\Windows\SysNative\EKAiO2COI07.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.08 21:11:59 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.08 20:12:27 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.08 20:12:27 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.08 20:12:27 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.08 20:12:27 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.08 20:12:27 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.08 20:06:22 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.08 20:06:22 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.08 20:06:20 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.08 20:06:20 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job
[2012.01.08 20:06:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.07 13:42:38 | 000,002,787 | ---- | M] () -- C:\Users\***\Desktop\Schreibprogramm.lnk
[2012.01.04 14:01:31 | 000,000,202 | ---- | M] () -- C:\Users\***\defogger_reenable
[2011.12.31 13:11:46 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.31 13:01:24 | 000,000,202 | ---- | M] () -- C:\Users\***\Documents\cc_20111231_130121.reg
[2011.12.31 13:01:06 | 000,163,692 | ---- | M] () -- C:\Users\***\Documents\cc_20111231_130059.reg
[2011.12.31 13:00:43 | 000,674,752 | ---- | M] () -- C:\Users\***\Documents\cc_20111231_130008.reg
[2011.12.30 16:32:05 | 000,026,112 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.30 16:18:12 | 000,002,059 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2011.12.15 18:11:23 | 000,033,010 | ---- | M] () -- C:\Users\***\Documents\text 5.pdf
[2011.12.15 08:50:31 | 000,334,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.10 10:26:04 | 001,058,304 | ---- | M] (Eastman Kodak Company) -- C:\Windows\SysNative\EKAiO2MON.dll
[2011.12.10 10:26:02 | 000,177,664 | ---- | M] (Eastman Kodak Company) -- C:\Windows\SysNative\EKAiO2COI07.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.04 14:01:30 | 000,000,202 | ---- | C] () -- C:\Users\***\defogger_reenable
[2011.12.31 13:11:46 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.12.31 13:01:23 | 000,000,202 | ---- | C] () -- C:\Users\***\Documents\cc_20111231_130121.reg
[2011.12.31 13:01:01 | 000,163,692 | ---- | C] () -- C:\Users\***\Documents\cc_20111231_130059.reg
[2011.12.31 13:00:13 | 000,674,752 | ---- | C] () -- C:\Users\***\Documents\cc_20111231_130008.reg
[2011.12.30 16:18:12 | 000,002,059 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2011.12.15 18:11:22 | 000,033,010 | ---- | C] () -- C:\Users\***\Documents\text 5.pdf
[2011.12.15 18:05:55 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2011.07.26 16:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.08 17:42:17 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2011.06.08 17:42:17 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2011.06.08 17:42:17 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2011.06.08 17:42:17 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2011.06.08 17:42:17 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011.02.15 21:30:03 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat
[2011.01.25 21:14:35 | 001,474,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.27 16:50:28 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\NCMedia2.dll
[2010.01.28 18:16:48 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.01.28 18:16:13 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.01.28 18:15:40 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.01.28 02:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.01.27 21:23:49 | 000,271,264 | ---- | C] () -- C:\Windows\SysWow64\VBRUN100.DLL
[2010.01.27 20:18:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.01.27 19:50:05 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini
[2010.01.27 19:48:46 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.01.27 18:08:44 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.01.27 17:34:51 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2010.01.27 16:18:04 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat
[2009.10.26 20:06:06 | 000,001,035 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.05.30 01:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.30 01:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.07.01 20:34:19 | 000,026,112 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.09.04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007.02.05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011.12.31 21:35:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.09.17 15:34:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.20 10:35:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.09.15 14:11:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FFSJ
[2012.01.04 21:29:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.01.27 19:50:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.12.15 18:05:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2011.12.31 11:58:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2011.09.16 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.01.08 12:30:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StarOffice8
[2011.12.30 16:10:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2010.02.06 13:48:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs
[2012.01.08 20:06:20 | 000,000,494 | ---- | M] () -- C:\Windows\Tasks\PCCT - MAGIX AG.job
[2012.01.08 19:31:55 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.20 10:56:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.01.27 20:19:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ATI
[2011.10.24 15:59:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.07.04 19:12:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DivX
[2011.12.31 21:35:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.09.17 15:34:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.10.20 10:35:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.09.15 14:11:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FFSJ
[2010.02.17 15:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2012.01.04 21:29:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.01.27 16:18:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.01.27 16:40:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.01.27 17:05:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.01.27 19:50:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.11.03 18:59:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.12.15 17:58:03 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2010.01.27 16:21:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.12.15 18:05:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge
[2011.12.31 11:58:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2011.09.16 19:05:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2010.05.27 16:26:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Corporation
[2012.01.08 12:30:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StarOffice8
[2011.06.06 18:40:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Symantec
[2011.12.30 16:10:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2011.12.31 13:05:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ventrilo
[2010.02.06 13:48:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VistaCodecs
 
< %APPDATA%\*.exe /s >
[2012.01.04 12:20:39 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2011.03.19 11:50:09 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{4E47844E-4A18-454B-A977-EC2CCF3F1472}\ARPPRODUCTICON.exe
[2010.01.27 16:36:25 | 000,009,158 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}\ARPPRODUCTICON.exe
[2010.01.27 20:14:50 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{F022B56C-2B90-B9E1-332E-5C1277A47E7B}\ARPPRODUCTICON.exe
[2011.06.28 06:32:22 | 081,122,288 | ---- | M] (Samsung Electronics Co., Ltd.                                ) -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
[2011.09.27 19:22:55 | 003,154,792 | ---- | M] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\NDP40-KB2461678-x64.exe
[2011.08.22 15:13:06 | 000,362,384 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\temp\Kies.Update.exe
[2011.09.21 09:43:28 | 000,364,432 | ---- | M] (ml) -- C:\Users\***\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

Alt 08.01.2012, 21:12   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
PRC - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
[2012.01.08 21:08:31 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.12.31 21:35:13 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.03.29 17:52:24 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\engine@conduit.com
[2010.08.12 20:48:02 | 000,000,873 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ow6v6ohh.default\searchplugins\conduit.xml
[2012.01.02 20:48:03 | 000,000,944 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ow6v6ohh.default\searchplugins\icqplugin.xml
CHR - default_search_provider: ICQ Search ()
CHR - default_search_provider: search_url = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\20101006104657\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{24c5c7a2-e090-11e0-94a2-0024210dde28}\Shell - "" = AutoRun
O33 - MountPoints2\{24c5c7a2-e090-11e0-94a2-0024210dde28}\Shell\AutoRun\command - "" = F:\SamsungKiesInstaller.exe
:Files
C:\Program Files (x86)\ICQ6Toolbar
C:\Program Files (x86)\pdfforge Toolbar
C:\Users\Christoph\AppData\Roaming\pdfforge
C:\Program Files (x86)\Application Updater
C:\Program Files (x86)\Common Files\Spigot
C:\Users\***\Desktop\Meins\irgendwas\SLOW*
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.01.2012, 16:16   #12
x9x
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Hier das Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Process ApplicationUpdater.exe killed successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ow6v6ohh.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ow6v6ohh.default\searchplugins\conduit.xml moved successfully.
C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ow6v6ohh.default\searchplugins\icqplugin.xml moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\20101006104657\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c5c7a2-e090-11e0-94a2-0024210dde28}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c5c7a2-e090-11e0-94a2-0024210dde28}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c5c7a2-e090-11e0-94a2-0024210dde28}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c5c7a2-e090-11e0-94a2-0024210dde28}\ not found.
File F:\SamsungKiesInstaller.exe not found.
========== FILES ==========
C:\Program Files (x86)\ICQ6Toolbar\20101006104657 folder moved successfully.
C:\Program Files (x86)\ICQ6Toolbar folder moved successfully.
File\Folder C:\Program Files (x86)\pdfforge Toolbar not found.
C:\Users\***\AppData\Roaming\pdfforge\Images2PDF folder moved successfully.
C:\Users\***\AppData\Roaming\pdfforge folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Users\***\Desktop\Meins\irgendwas\SLOW-PCfighter.lnk moved successfully.
C:\Users\***\Desktop\Meins\irgendwas\SLOW-PCfighterSetup_partner502_Full.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: ***
->Temp folder emptied: 795242 bytes
->Temporary Internet Files folder emptied: 102846181 bytes
->Java cache emptied: 6656875 bytes
->FireFox cache emptied: 53690648 bytes
->Google Chrome cache emptied: 18165105 bytes
->Flash cache emptied: 1099 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 634 bytes
 
Total Files Cleaned = 174,00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01092012_170702

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 09.01.2012, 18:04   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.01.2012, 16:42   #14
x9x
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Hier das Log:

Code:
ATTFilter
17:35:56.0367 4232	TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
17:35:56.0758 4232	============================================================
17:35:56.0758 4232	Current date / time: 2012/01/10 17:35:56.0758
17:35:56.0758 4232	SystemInfo:
17:35:56.0758 4232	
17:35:56.0758 4232	OS Version: 6.0.6002 ServicePack: 2.0
17:35:56.0758 4232	Product type: Workstation
17:35:56.0758 4232	ComputerName: ***-PC
17:35:56.0758 4232	UserName: ***
17:35:56.0758 4232	Windows directory: C:\Windows
17:35:56.0758 4232	System windows directory: C:\Windows
17:35:56.0758 4232	Running under WOW64
17:35:56.0758 4232	Processor architecture: Intel x64
17:35:56.0758 4232	Number of processors: 4
17:35:56.0758 4232	Page size: 0x1000
17:35:56.0758 4232	Boot type: Normal boot
17:35:56.0758 4232	============================================================
17:35:58.0180 4232	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
17:35:58.0227 4232	Initialize success
17:36:59.0633 4900	============================================================
17:36:59.0633 4900	Scan started
17:36:59.0633 4900	Mode: Manual; SigCheck; TDLFS; 
17:36:59.0633 4900	============================================================
17:37:00.0414 4900	ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
17:37:00.0539 4900	ACPI - ok
17:37:00.0664 4900	adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
17:37:00.0727 4900	adp94xx - ok
17:37:00.0820 4900	adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
17:37:00.0836 4900	adpahci - ok
17:37:00.0867 4900	adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
17:37:00.0867 4900	adpu160m - ok
17:37:00.0883 4900	adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
17:37:00.0898 4900	adpu320 - ok
17:37:00.0945 4900	AFD             (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
17:37:01.0039 4900	AFD - ok
17:37:01.0086 4900	agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
17:37:01.0102 4900	agp440 - ok
17:37:01.0164 4900	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
17:37:01.0180 4900	aic78xx - ok
17:37:01.0195 4900	aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
17:37:01.0195 4900	aliide - ok
17:37:01.0227 4900	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
17:37:01.0227 4900	amdide - ok
17:37:01.0273 4900	amdide64        (d52a2e98c5eeff88ced28793b6b04d84) C:\Windows\system32\DRIVERS\amdide64.sys
17:37:01.0273 4900	amdide64 - ok
17:37:01.0336 4900	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
17:37:01.0445 4900	AmdK8 - ok
17:37:01.0602 4900	amdkmdag        (a497ff5ae4d0c93da2cfb98e6a355c1f) C:\Windows\system32\DRIVERS\atipmdag.sys
17:37:01.0836 4900	amdkmdag - ok
17:37:01.0883 4900	amdkmdap        (91b89be832d436af257b91666bc32c30) C:\Windows\system32\DRIVERS\atikmpag.sys
17:37:01.0914 4900	amdkmdap - ok
17:37:01.0977 4900	arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
17:37:01.0992 4900	arc - ok
17:37:02.0008 4900	arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
17:37:02.0023 4900	arcsas - ok
17:37:02.0039 4900	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
17:37:02.0102 4900	AsyncMac - ok
17:37:02.0148 4900	atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
17:37:02.0148 4900	atapi - ok
17:37:02.0211 4900	AtiHdmiService  (3ac10a57313af6793ff1bac6146fcff7) C:\Windows\system32\drivers\AtiHdmi.sys
17:37:02.0258 4900	AtiHdmiService - ok
17:37:02.0289 4900	AtiPcie         (69eebb256503cded9bd0e9e43128c626) C:\Windows\system32\DRIVERS\AtiPcie.sys
17:37:02.0289 4900	AtiPcie - ok
17:37:02.0320 4900	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
17:37:02.0320 4900	avgntflt - ok
17:37:02.0336 4900	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
17:37:02.0352 4900	avipbb - ok
17:37:02.0352 4900	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
17:37:02.0367 4900	avkmgr - ok
17:37:02.0398 4900	blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
17:37:02.0430 4900	blbdrive - ok
17:37:02.0445 4900	bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
17:37:02.0508 4900	bowser - ok
17:37:02.0539 4900	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
17:37:02.0617 4900	BrFiltLo - ok
17:37:02.0633 4900	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
17:37:02.0664 4900	BrFiltUp - ok
17:37:02.0680 4900	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
17:37:02.0836 4900	Brserid - ok
17:37:02.0852 4900	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
17:37:02.0914 4900	BrSerWdm - ok
17:37:02.0914 4900	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
17:37:02.0992 4900	BrUsbMdm - ok
17:37:03.0008 4900	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
17:37:03.0070 4900	BrUsbSer - ok
17:37:03.0102 4900	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
17:37:03.0164 4900	BTHMODEM - ok
17:37:03.0195 4900	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
17:37:03.0227 4900	cdfs - ok
17:37:03.0273 4900	cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
17:37:03.0320 4900	cdrom - ok
17:37:03.0352 4900	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
17:37:03.0398 4900	circlass - ok
17:37:03.0430 4900	CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
17:37:03.0477 4900	CLFS - ok
17:37:03.0523 4900	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
17:37:03.0539 4900	cmdide - ok
17:37:03.0570 4900	Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
17:37:03.0586 4900	Compbatt - ok
17:37:03.0602 4900	crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
17:37:03.0602 4900	crcdisk - ok
17:37:03.0633 4900	DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
17:37:03.0680 4900	DfsC - ok
17:37:03.0727 4900	dgderdrv        (def365f0f6e017888c4b869d3ba4b8e0) C:\Windows\system32\drivers\dgderdrv.sys
17:37:03.0727 4900	dgderdrv - ok
17:37:03.0758 4900	dg_ssudbus      (7156833e6dfe0a804ea5cf7b8876ab7c) C:\Windows\system32\DRIVERS\ssudbus.sys
17:37:03.0758 4900	dg_ssudbus - ok
17:37:03.0789 4900	disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
17:37:03.0805 4900	disk - ok
17:37:03.0883 4900	DiskSec - ok
17:37:03.0945 4900	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
17:37:03.0961 4900	drmkaud - ok
17:37:04.0008 4900	DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
17:37:04.0055 4900	DXGKrnl - ok
17:37:04.0086 4900	E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
17:37:04.0148 4900	E1G60 - ok
17:37:04.0195 4900	Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
17:37:04.0211 4900	Ecache - ok
17:37:04.0227 4900	ehgbutdg - ok
17:37:04.0273 4900	elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
17:37:04.0305 4900	elxstor - ok
17:37:04.0352 4900	epmntdrv        (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
17:37:04.0383 4900	epmntdrv ( UnsignedFile.Multi.Generic ) - warning
17:37:04.0383 4900	epmntdrv - detected UnsignedFile.Multi.Generic (1)
17:37:04.0398 4900	ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
17:37:04.0445 4900	ErrDev - ok
17:37:04.0461 4900	EuGdiDrv        (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
17:37:04.0477 4900	EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
17:37:04.0477 4900	EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
17:37:04.0492 4900	exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
17:37:04.0539 4900	exfat - ok
17:37:04.0555 4900	fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
17:37:04.0617 4900	fastfat - ok
17:37:04.0633 4900	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
17:37:04.0648 4900	fdc - ok
17:37:04.0680 4900	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
17:37:04.0695 4900	FileInfo - ok
17:37:04.0727 4900	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
17:37:04.0789 4900	Filetrace - ok
17:37:04.0805 4900	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:37:04.0836 4900	flpydisk - ok
17:37:04.0883 4900	FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
17:37:04.0883 4900	FltMgr - ok
17:37:04.0945 4900	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
17:37:05.0008 4900	Fs_Rec - ok
17:37:05.0023 4900	gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
17:37:05.0039 4900	gagp30kx - ok
17:37:05.0039 4900	GMSIPCI - ok
17:37:05.0102 4900	HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
17:37:05.0180 4900	HdAudAddService - ok
17:37:05.0242 4900	HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:37:05.0320 4900	HDAudBus - ok
17:37:05.0367 4900	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
17:37:05.0430 4900	HidBth - ok
17:37:05.0430 4900	HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
17:37:05.0508 4900	HidIr - ok
17:37:05.0539 4900	HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
17:37:05.0570 4900	HidUsb - ok
17:37:05.0633 4900	HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
17:37:05.0633 4900	HpCISSs - ok
17:37:05.0680 4900	HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
17:37:05.0742 4900	HTTP - ok
17:37:05.0773 4900	i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
17:37:05.0773 4900	i2omp - ok
17:37:05.0805 4900	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
17:37:05.0820 4900	i8042prt - ok
17:37:05.0836 4900	iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
17:37:05.0852 4900	iaStorV - ok
17:37:05.0883 4900	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
17:37:05.0883 4900	iirsp - ok
17:37:05.0945 4900	IntcAzAudAddService (f93149ce3e6a866c5f42878bcff34b6a) C:\Windows\system32\drivers\RTKVHD64.sys
17:37:06.0023 4900	IntcAzAudAddService - ok
17:37:06.0039 4900	intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
17:37:06.0055 4900	intelide - ok
17:37:06.0070 4900	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
17:37:06.0102 4900	intelppm - ok
17:37:06.0148 4900	IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:37:06.0180 4900	IpFilterDriver - ok
17:37:06.0180 4900	IpInIp - ok
17:37:06.0211 4900	IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
17:37:06.0242 4900	IPMIDRV - ok
17:37:06.0258 4900	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
17:37:06.0305 4900	IPNAT - ok
17:37:06.0320 4900	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
17:37:06.0367 4900	IRENUM - ok
17:37:06.0398 4900	isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
17:37:06.0414 4900	isapnp - ok
17:37:06.0461 4900	iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
17:37:06.0461 4900	iScsiPrt - ok
17:37:06.0492 4900	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
17:37:06.0492 4900	iteatapi - ok
17:37:06.0539 4900	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
17:37:06.0539 4900	iteraid - ok
17:37:06.0586 4900	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
17:37:06.0586 4900	kbdclass - ok
17:37:06.0617 4900	kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
17:37:06.0648 4900	kbdhid - ok
17:37:06.0758 4900	KSecDD          (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
17:37:06.0820 4900	KSecDD - ok
17:37:06.0820 4900	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
17:37:06.0867 4900	ksthunk - ok
17:37:06.0883 4900	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
17:37:06.0961 4900	lltdio - ok
17:37:07.0008 4900	LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
17:37:07.0008 4900	LSI_FC - ok
17:37:07.0039 4900	LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
17:37:07.0055 4900	LSI_SAS - ok
17:37:07.0070 4900	LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
17:37:07.0086 4900	LSI_SCSI - ok
17:37:07.0117 4900	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
17:37:07.0148 4900	luafv - ok
17:37:07.0180 4900	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
17:37:07.0195 4900	MBAMProtector - ok
17:37:07.0227 4900	megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
17:37:07.0227 4900	megasas - ok
17:37:07.0258 4900	MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
17:37:07.0289 4900	MegaSR - ok
17:37:07.0305 4900	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
17:37:07.0352 4900	Modem - ok
17:37:07.0367 4900	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
17:37:07.0414 4900	monitor - ok
17:37:07.0430 4900	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
17:37:07.0445 4900	mouclass - ok
17:37:07.0461 4900	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
17:37:07.0492 4900	mouhid - ok
17:37:07.0508 4900	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
17:37:07.0523 4900	MountMgr - ok
17:37:07.0555 4900	mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
17:37:07.0570 4900	mpio - ok
17:37:07.0586 4900	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
17:37:07.0617 4900	mpsdrv - ok
17:37:07.0633 4900	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
17:37:07.0633 4900	Mraid35x - ok
17:37:07.0664 4900	MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
17:37:07.0695 4900	MRxDAV - ok
17:37:07.0773 4900	mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:37:07.0789 4900	mrxsmb - ok
17:37:07.0883 4900	mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:37:07.0945 4900	mrxsmb10 - ok
17:37:08.0039 4900	mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:37:08.0055 4900	mrxsmb20 - ok
17:37:08.0148 4900	msahci          (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
17:37:08.0180 4900	msahci - ok
17:37:08.0211 4900	msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
17:37:08.0227 4900	msdsm - ok
17:37:08.0352 4900	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
17:37:08.0398 4900	Msfs - ok
17:37:08.0492 4900	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
17:37:08.0508 4900	msisadrv - ok
17:37:08.0602 4900	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
17:37:08.0648 4900	MSKSSRV - ok
17:37:08.0711 4900	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
17:37:08.0773 4900	MSPCLOCK - ok
17:37:08.0789 4900	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
17:37:08.0820 4900	MSPQM - ok
17:37:08.0867 4900	MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
17:37:08.0867 4900	MsRPC - ok
17:37:08.0898 4900	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
17:37:08.0898 4900	mssmbios - ok
17:37:08.0914 4900	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
17:37:08.0945 4900	MSTEE - ok
17:37:09.0023 4900	Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
17:37:09.0023 4900	Mup - ok
17:37:09.0055 4900	NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
17:37:09.0086 4900	NativeWifiP - ok
17:37:09.0133 4900	NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
17:37:09.0164 4900	NDIS - ok
17:37:09.0195 4900	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
17:37:09.0227 4900	NdisTapi - ok
17:37:09.0242 4900	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
17:37:09.0289 4900	Ndisuio - ok
17:37:09.0336 4900	NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
17:37:09.0383 4900	NdisWan - ok
17:37:09.0398 4900	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
17:37:09.0430 4900	NDProxy - ok
17:37:09.0445 4900	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
17:37:09.0477 4900	NetBIOS - ok
17:37:09.0508 4900	netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
17:37:09.0555 4900	netbt - ok
17:37:09.0586 4900	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
17:37:09.0586 4900	nfrd960 - ok
17:37:09.0617 4900	Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
17:37:09.0633 4900	Npfs - ok
17:37:09.0664 4900	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
17:37:09.0695 4900	nsiproxy - ok
17:37:09.0758 4900	Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
17:37:09.0852 4900	Ntfs - ok
17:37:09.0945 4900	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
17:37:09.0992 4900	Null - ok
17:37:10.0008 4900	nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
17:37:10.0023 4900	nvraid - ok
17:37:10.0023 4900	nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
17:37:10.0039 4900	nvstor - ok
17:37:10.0055 4900	nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
17:37:10.0070 4900	nv_agp - ok
17:37:10.0070 4900	NwlnkFlt - ok
17:37:10.0070 4900	NwlnkFwd - ok
17:37:10.0086 4900	obsqnfbk - ok
17:37:10.0102 4900	ohci1394        (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
17:37:10.0148 4900	ohci1394 - ok
17:37:10.0180 4900	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
17:37:10.0242 4900	Parport - ok
17:37:10.0289 4900	partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
17:37:10.0305 4900	partmgr - ok
17:37:10.0320 4900	pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
17:37:10.0336 4900	pci - ok
17:37:10.0383 4900	pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
17:37:10.0398 4900	pciide - ok
17:37:10.0430 4900	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
17:37:10.0477 4900	pcmcia - ok
17:37:10.0508 4900	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
17:37:10.0617 4900	PEAUTH - ok
17:37:10.0680 4900	PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
17:37:10.0727 4900	PptpMiniport - ok
17:37:10.0742 4900	Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
17:37:10.0773 4900	Processor - ok
17:37:10.0820 4900	PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
17:37:10.0836 4900	PSched - ok
17:37:10.0867 4900	ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
17:37:10.0930 4900	ql2300 - ok
17:37:10.0945 4900	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
17:37:10.0961 4900	ql40xx - ok
17:37:10.0977 4900	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
17:37:10.0992 4900	QWAVEdrv - ok
17:37:11.0023 4900	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
17:37:11.0055 4900	RasAcd - ok
17:37:11.0102 4900	Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:37:11.0148 4900	Rasl2tp - ok
17:37:11.0195 4900	RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
17:37:11.0227 4900	RasPppoe - ok
17:37:11.0242 4900	RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
17:37:11.0258 4900	RasSstp - ok
17:37:11.0305 4900	rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
17:37:11.0336 4900	rdbss - ok
17:37:11.0352 4900	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:37:11.0383 4900	RDPCDD - ok
17:37:11.0539 4900	rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
17:37:11.0617 4900	rdpdr - ok
17:37:11.0617 4900	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
17:37:11.0664 4900	RDPENCDD - ok
17:37:11.0695 4900	RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
17:37:11.0773 4900	RDPWD - ok
17:37:11.0820 4900	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
17:37:11.0836 4900	rspndr - ok
17:37:11.0867 4900	RTL8169         (82b66abf055611024e5dbb9fa556c11d) C:\Windows\system32\DRIVERS\Rtlh64.sys
17:37:11.0914 4900	RTL8169 - ok
17:37:11.0945 4900	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
17:37:11.0945 4900	sbp2port - ok
17:37:11.0977 4900	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:37:12.0023 4900	secdrv - ok
17:37:12.0086 4900	Serenum         (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
17:37:12.0117 4900	Serenum - ok
17:37:12.0148 4900	Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
17:37:12.0195 4900	Serial - ok
17:37:12.0211 4900	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
17:37:12.0242 4900	sermouse - ok
17:37:12.0273 4900	sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
17:37:12.0320 4900	sffdisk - ok
17:37:12.0336 4900	sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
17:37:12.0383 4900	sffp_mmc - ok
17:37:12.0398 4900	sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
17:37:12.0430 4900	sffp_sd - ok
17:37:12.0461 4900	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
17:37:12.0492 4900	sfloppy - ok
17:37:12.0523 4900	SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
17:37:12.0539 4900	SiSRaid2 - ok
17:37:12.0555 4900	SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
17:37:12.0555 4900	SiSRaid4 - ok
17:37:12.0586 4900	Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
17:37:12.0633 4900	Smb - ok
17:37:12.0727 4900	spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
17:37:12.0727 4900	spldr - ok
17:37:12.0836 4900	sptd            (4c33f139236fd9bd14a920f60c1cb072) C:\Windows\System32\Drivers\sptd.sys
17:37:12.0914 4900	sptd - ok
17:37:12.0945 4900	srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
17:37:13.0008 4900	srv - ok
17:37:13.0039 4900	srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
17:37:13.0070 4900	srv2 - ok
17:37:13.0117 4900	srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
17:37:13.0148 4900	srvnet - ok
17:37:13.0180 4900	ssudmdm         (9e1bfa37fcf943c3b48f71f08019ea95) C:\Windows\system32\DRIVERS\ssudmdm.sys
17:37:13.0195 4900	ssudmdm - ok
17:37:13.0211 4900	ssudserd        (4d76ed0b1aede3b3500b7700a141eb78) C:\Windows\system32\DRIVERS\ssudserd.sys
17:37:13.0227 4900	ssudserd - ok
17:37:13.0258 4900	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
17:37:13.0273 4900	swenum - ok
17:37:13.0336 4900	SymantecAntiBotDriver (c46fdb4983834e9fb95899d8d532c12a) C:\Program Files (x86)\Symantec\Norton AntiBot\agent\driver\platform_VISTA\AntiBotDriver.sys
17:37:13.0336 4900	SymantecAntiBotDriver - ok
17:37:13.0352 4900	SymantecAntiBotFilter (e119c4efa56b241f4e1a1fc33ba1e0bf) C:\Program Files (x86)\Symantec\Norton AntiBot\agent\driver\platform_VISTA\AntiBotFilter.sys
17:37:13.0367 4900	SymantecAntiBotFilter - ok
17:37:13.0383 4900	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
17:37:13.0398 4900	Symc8xx - ok
17:37:13.0430 4900	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
17:37:13.0445 4900	Sym_hi - ok
17:37:13.0461 4900	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
17:37:13.0477 4900	Sym_u3 - ok
17:37:13.0523 4900	Tcpip           (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
17:37:13.0570 4900	Tcpip - ok
17:37:13.0602 4900	Tcpip6          (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
17:37:13.0648 4900	Tcpip6 - ok
17:37:13.0664 4900	tcpipreg        (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
17:37:13.0711 4900	tcpipreg - ok
17:37:13.0727 4900	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
17:37:13.0773 4900	TDPIPE - ok
17:37:13.0789 4900	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
17:37:13.0820 4900	TDTCP - ok
17:37:13.0867 4900	tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
17:37:13.0914 4900	tdx - ok
17:37:13.0945 4900	TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
17:37:13.0945 4900	TermDD - ok
17:37:13.0977 4900	TFsExDisk       (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
17:37:13.0992 4900	TFsExDisk - ok
17:37:14.0008 4900	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:37:14.0039 4900	tssecsrv - ok
17:37:14.0055 4900	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
17:37:14.0070 4900	tunmp - ok
17:37:14.0148 4900	tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
17:37:14.0180 4900	tunnel - ok
17:37:14.0195 4900	tvhnekkh - ok
17:37:14.0227 4900	uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
17:37:14.0227 4900	uagp35 - ok
17:37:14.0273 4900	udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
17:37:14.0305 4900	udfs - ok
17:37:14.0336 4900	uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
17:37:14.0352 4900	uliagpkx - ok
17:37:14.0414 4900	uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
17:37:14.0430 4900	uliahci - ok
17:37:14.0461 4900	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
17:37:14.0461 4900	UlSata - ok
17:37:14.0492 4900	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
17:37:14.0508 4900	ulsata2 - ok
17:37:14.0539 4900	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
17:37:14.0570 4900	umbus - ok
17:37:14.0602 4900	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
17:37:14.0633 4900	usbccgp - ok
17:37:14.0664 4900	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
17:37:14.0711 4900	usbcir - ok
17:37:14.0758 4900	usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
17:37:14.0773 4900	usbehci - ok
17:37:14.0789 4900	usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
17:37:14.0820 4900	usbhub - ok
17:37:14.0836 4900	usbohci         (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
17:37:14.0867 4900	usbohci - ok
17:37:14.0898 4900	usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
17:37:14.0914 4900	usbprint - ok
17:37:14.0945 4900	usbscan         (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
17:37:14.0977 4900	usbscan - ok
17:37:15.0023 4900	USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:37:15.0055 4900	USBSTOR - ok
17:37:15.0086 4900	usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
17:37:15.0117 4900	usbuhci - ok
17:37:15.0148 4900	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
17:37:15.0164 4900	vga - ok
17:37:15.0180 4900	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
17:37:15.0227 4900	VgaSave - ok
17:37:15.0258 4900	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
17:37:15.0258 4900	viaide - ok
17:37:15.0273 4900	volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
17:37:15.0289 4900	volmgr - ok
17:37:15.0383 4900	volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
17:37:15.0414 4900	volmgrx - ok
17:37:15.0445 4900	volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
17:37:15.0461 4900	volsnap - ok
17:37:15.0477 4900	vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
17:37:15.0492 4900	vsmraid - ok
17:37:15.0523 4900	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
17:37:15.0555 4900	WacomPen - ok
17:37:15.0602 4900	Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:37:15.0633 4900	Wanarp - ok
17:37:15.0633 4900	Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:37:15.0648 4900	Wanarpv6 - ok
17:37:15.0664 4900	Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
17:37:15.0680 4900	Wd - ok
17:37:15.0695 4900	Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
17:37:15.0742 4900	Wdf01000 - ok
17:37:15.0805 4900	winusb          (7f2f9e48566b2087f2aaad258cb2a8d4) C:\Windows\system32\DRIVERS\winusb.sys
17:37:15.0852 4900	winusb - ok
17:37:15.0867 4900	WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
17:37:15.0914 4900	WmiAcpi - ok
17:37:15.0945 4900	WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
17:37:15.0977 4900	WpdUsb - ok
17:37:15.0992 4900	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
17:37:16.0039 4900	ws2ifsl - ok
17:37:16.0055 4900	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:37:16.0102 4900	WUDFRd - ok
17:37:16.0133 4900	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
17:37:16.0289 4900	\Device\Harddisk0\DR0 - ok
17:37:16.0320 4900	Boot (0x1200)   (e382fcc8e1259390d84ffad63e5ad81a) \Device\Harddisk0\DR0\Partition0
17:37:16.0352 4900	\Device\Harddisk0\DR0\Partition0 - ok
17:37:16.0352 4900	============================================================
17:37:16.0352 4900	Scan finished
17:37:16.0352 4900	============================================================
17:37:16.0352 1188	Detected object count: 2
17:37:16.0352 1188	Actual detected object count: 2
17:37:37.0555 1188	epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:37:37.0555 1188	epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:37:37.0555 1188	EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:37:37.0555 1188	EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 10.01.2012, 18:51   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Standard

Entfernen von PDF Creator Toolbar und vill anderen schädlingen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Entfernen von PDF Creator Toolbar und vill anderen schädlingen
admin, alarm, anderen, auswertung, datei, einfach, entfernen, erstellen, euren, falsch, gen, hijack, hijackthis, installiert, log, malwarebytes, pdf, pdf creator, programm, quarantäne, rechner, scan, schlägt, schädlinge, system, vista



Ähnliche Themen: Entfernen von PDF Creator Toolbar und vill anderen schädlingen


  1. Comodo will pdf24-creator-6.1.2 nicht installieren
    Antiviren-, Firewall- und andere Schutzprogramme - 14.01.2015 (3)
  2. Babylon toolbar entfernen, BrowserCompanion entfernen, DealPly entfernen, GinyasBrowserCompanions entfernen
    Log-Analyse und Auswertung - 17.12.2014 (9)
  3. PDF Creator
    Alles rund um Windows - 17.11.2014 (7)
  4. SnapMyScreen Toolbar entfernen
    Anleitungen, FAQs & Links - 22.10.2014 (2)
  5. Max-Toolbar entfernen
    Anleitungen, FAQs & Links - 01.08.2014 (2)
  6. Über pdf-creator Qvo6 Virus eingefangen :(
    Plagegeister aller Art und deren Bekämpfung - 26.08.2013 (13)
  7. Snap.do mit PDF Creator - Versucht mit adwcleaner zu entfernen - jetzt OLT Logfile
    Log-Analyse und Auswertung - 20.05.2013 (18)
  8. mapsgalaxy toolbar und mindspark toolbar platform plugin stub - wie entfernen?
    Log-Analyse und Auswertung - 08.05.2013 (8)
  9. Snap.do Infizierung nach PDF-Creator Download
    Plagegeister aller Art und deren Bekämpfung - 25.04.2013 (9)
  10. SnapDo infiziert durch pdf-Creator (CHIP.de)
    Log-Analyse und Auswertung - 11.04.2013 (13)
  11. snap do entfernen (warscheinlich von chip.de/pdf creator)
    Plagegeister aller Art und deren Bekämpfung - 11.03.2013 (1)
  12. Trojaner nach Update von pdf-Creator
    Log-Analyse und Auswertung - 13.02.2013 (17)
  13. Snap.do eingefangen mit PDF-Creator von Chip.de
    Log-Analyse und Auswertung - 19.01.2013 (3)
  14. Datenausführungsverhidnerung des Windows Explorers auch nach entfernen von Schädlingen C:\WINDOWS\sy
    Plagegeister aller Art und deren Bekämpfung - 28.10.2010 (16)
  15. Vermeidung von Virenbefall und anderen Schädlingen
    Diskussionsforum - 18.01.2010 (17)
  16. Brauche Hilfe beim entfernen von Schädlingen
    Plagegeister aller Art und deren Bekämpfung - 02.05.2008 (14)
  17. Easy CD & DVD Creator 6 (Roxio) lässt sich einfach nicht entfernen
    Diskussionsforum - 30.12.2007 (3)

Zum Thema Entfernen von PDF Creator Toolbar und vill anderen schädlingen - Hallo Ich habe mir die Tage den PDF Creator runtergeladen und scheinbar die Toolbar mit installiert, ein paar Tage danach schlägt Malwarebytes Alarm und ich schicke die 6 datein in - Entfernen von PDF Creator Toolbar und vill anderen schädlingen...
Archiv
Du betrachtest: Entfernen von PDF Creator Toolbar und vill anderen schädlingen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.