Hallo,
nun hat es den Laptop (Windows Vista) meiner Frau auch erwischt, bei aktiver Internetverbindung erscheint der Bildschirm
"Aus Sicherheitsgründen wurde ihr Windowssystem blockiert"
mit der Aufforderung, eine kostenpflichtige Antivirensoftware herunterzuladen.

Ohne Netzwerkverbindung läuft der Laptop.

Die Tools habe ich mit meinem Rechner runtergeladen und per USB-Stick übertragen, die Logfiles nahmen den gleichen Weg zurück.


Was ich bis jetzt gemacht habe:

Defogger gestartet und Disable geklickt. Keine Fehlermeldung und keine Neustart erforderlich.

OTL gestartet

hier die Logfiles:

OTL.txt

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 11.01.2012 19:26:01 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Martina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,25 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 62,89% Memory free
4,72 Gb Paging File | 3,67 Gb Available in Paging File | 77,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 176,97 Gb Free Space | 62,70% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32
Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.11 19:07:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Martina\Desktop\OTL.exe
PRC - [2011.11.23 08:59:08 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2011.09.20 11:39:48 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2011.06.30 10:20:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 15:52:10 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.26 19:35:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.07 10:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.05.08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.05.08 09:34:08 | 000,559,888 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.04.30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:36 | 000,065,536 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.08 12:34:00 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ielowutil.exe
PRC - [2008.10.21 11:36:28 | 000,172,032 | ---- | M] (CyberLink Corp.) -- C:\Programme\HomeCinema\PlayMovie\PMVService.exe
PRC - [2008.10.07 13:31:44 | 000,075,048 | ---- | M] (cyberlink) -- C:\Programme\Cyberlink\Shared files\brs.exe
PRC - [2008.09.18 19:00:10 | 006,294,048 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.09.08 11:10:20 | 000,450,560 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008.09.08 11:09:40 | 000,184,320 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.23 09:00:00 | 000,884,736 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2011.11.23 08:59:08 | 000,143,360 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2011.11.23 08:58:18 | 000,172,032 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2011.11.23 08:57:28 | 000,018,432 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2011.11.23 08:57:26 | 000,009,728 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2011.11.23 08:57:24 | 000,020,480 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2011.11.23 08:57:24 | 000,008,704 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2011.11.23 08:57:22 | 000,028,160 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2011.11.23 08:57:20 | 000,012,288 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2011.11.23 08:56:02 | 000,118,784 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2011.11.23 08:55:58 | 000,010,752 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2011.11.23 08:55:56 | 000,233,472 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2011.11.23 08:55:26 | 000,033,792 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011.11.17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011.11.17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009.05.08 09:35:50 | 002,780,432 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.04.11 07:27:36 | 000,065,536 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.11.17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011.06.30 10:20:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011.04.27 15:52:10 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.04.30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.09.08 11:10:20 | 000,450,560 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.09.08 11:09:40 | 000,184,320 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.06.30 10:20:33 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.30 10:20:33 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.04.28 17:48:33 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.04.28 17:48:33 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.30 21:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2009.04.30 15:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.10.21 11:40:46 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.10.07 20:31:38 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\HomeCinema\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2008.09.29 14:59:00 | 007,593,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.05 12:20:20 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.08.25 03:22:52 | 000,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008.08.18 18:58:16 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008.07.28 15:53:46 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.07.08 03:32:52 | 001,050,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.01.23 09:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.5.9
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&instlRef=sst&affID=17159&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M]
 
[2009.06.03 19:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Extensions
[2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions
[2010.10.16 14:55:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.27 11:50:34 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2011.05.14 16:54:39 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\ffxtlbr@babylon.com
[2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\staged
[2011.06.27 21:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.13 20:20:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE
() (No name found) -- C:\USERS\CHEFFE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JHD3XB5D.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011.06.16 05:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.14 16:54:39 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC336C5-793C-4413-91D7-08C17FDC82EA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B89040-6443-4225-B504-681C414A9CAB}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTARTER.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software
[2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software
[2011.12.27 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\kinoma
[2011.12.27 12:09:54 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Sony Corporation
[2011.12.27 11:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011.12.27 10:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma
[2011.12.27 10:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
[2011.12.27 10:07:17 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\Sony Corporation
[2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011.12.27 10:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2011.12.25 13:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Vampyre Story
[2011.12.25 13:15:12 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Vampyre Story
[2011.12.25 13:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\A Vampyre Story
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.11 19:24:09 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.11 19:24:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.11 19:24:09 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.11 19:24:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.11 19:22:18 | 000,000,000 | ---- | M] () -- C:\Users\Cheffe\defogger_reenable
[2012.01.11 19:21:51 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job
[2012.01.11 19:21:27 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.01.11 19:20:13 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.11 19:19:46 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.11 19:19:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.11 19:19:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.11 19:19:34 | 2414,067,712 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.01 22:16:34 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.01.01 16:52:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.27 17:49:33 | 000,407,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.27 10:07:30 | 000,001,934 | ---- | M] () -- C:\Users\Public\Desktop\Reader for PC.lnk
[2011.12.25 13:25:12 | 000,000,928 | ---- | M] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.11 19:22:18 | 000,000,000 | ---- | C] () -- C:\Users\Cheffe\defogger_reenable
[2012.01.11 19:19:34 | 2414,067,712 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.27 10:07:30 | 000,001,934 | ---- | C] () -- C:\Users\Public\Desktop\Reader for PC.lnk
[2011.12.25 13:25:12 | 000,000,928 | ---- | C] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk
[2011.07.24 18:20:41 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2009.09.25 15:52:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.25 15:52:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.12 17:20:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.08.12 17:20:29 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.06.22 16:37:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.06.07 12:30:23 | 000,050,176 | ---- | C] () -- C:\Users\Cheffe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.08 09:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.04.30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.04.30 15:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.02.05 22:33:04 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.02.05 22:33:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.02.05 22:33:04 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.02.05 22:33:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.02.05 14:01:52 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.02.05 13:54:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.02.05 13:45:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,407,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.06.20 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Ankh
[2010.10.25 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Canneverbe Limited
[2010.03.16 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\ICQ
[2011.12.27 11:50:35 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\kikin
[2011.05.29 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\QuickStoresToolbar
[2009.06.22 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Thunderbird
[2012.01.01 17:24:27 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.11 19:21:51 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job
 
========== Purity Check ==========
 
 

< End of report >
         

extra.txt

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 11.01.2012 19:26:01 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Martina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,25 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 62,89% Memory free
4,72 Gb Paging File | 3,67 Gb Available in Paging File | 77,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 176,97 Gb Free Space | 62,70% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32
Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033DE1ED-CFD8-437D-90DC-AA4701D854C9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{08311AA2-A7C4-4214-86CB-C77D2C2CAA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{086965D4-CC7C-4B6F-A810-CFDC30D6E9B6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0F9B34C9-E50A-4619-87FE-6021ECF420D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{18DA6B8C-4D44-4322-92C2-28919BB8D966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{76FD0AA7-5F77-4F6C-B58F-0F1B31428CD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8897F6FD-2276-4E2B-954F-17D4779645C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A7CC8194-7AF6-4532-8B0C-25CCE7BD4046}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ACC00DE5-8ACD-4C42-B322-52CB13817676}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DCB0F727-8551-4960-BFB8-928A076CEFA4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EA8C70E3-254E-461C-9BF5-394DBE55BA69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F204D640-80E2-4D9A-8B54-217EDCEC9ED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014B3176-174F-45E1-A67E-7571DC4F1B29}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe | 
"{107A1434-4517-471C-A627-5CCA9F876A20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{25F7F8F7-6A72-4FA4-8A71-A2E6F4338415}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{2B21C8B0-3E83-4148-97E1-DAD16DA278A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2D344E22-3F8C-4966-8FE7-9892E5F7BC91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2F50F021-901B-4948-AD9E-C04B04FDBD69}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{34025196-C1A0-4974-8F16-5A337D4AC10E}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{3827EE72-7CCA-41D1-92D3-9ABEF5362B07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{581B3538-86C0-41E1-9874-2C7B61028CA2}" = protocol=17 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe | 
"{5A478E19-6ECB-444C-89D2-E535A3533A10}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{5AA2CACC-786E-4AF0-AFBE-FA9A6DB34F36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{626EF331-9564-425D-BAA8-84336305AC01}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6DC40A49-80F9-4C6F-A447-E1B13330B191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{794CBED7-7D41-414C-80E2-28346E0F46C2}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{79664EA1-941D-4885-94DE-8D1B386AC0A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8046692F-0856-4F92-B146-48C504934350}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{890A5A65-C386-4D40-980E-9B871BC24B75}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe | 
"{89A64704-0D62-481A-B188-BEB3D4829999}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{8E9E018F-A7AC-4E3E-9F96-6B56391D4A05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8F3F2096-EB53-462B-85BD-AD2E8E8EA891}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B1A7A81-40B7-4232-9BAE-1D59A86A644E}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{AAF8BCBB-3861-4613-A2E4-54D3D86077C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B3DB579D-E994-4D58-90C1-04CE588DE7BE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8DE90CF-8C3A-4DA0-9070-635BE8769F8A}" = protocol=6 | dir=out | app=system | 
"{BA9B958E-5D86-4CB4-8C51-2AC58E5EED0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BBED257C-6A5C-4B92-BB66-CC596EF00503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C79981B7-778D-466F-ADD6-6517F3E631EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{C97BFDF3-A2EB-4DCE-8185-D87F39C219A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E61D77B2-0E4B-4C7E-B74F-512EA233AF2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB74D9A7-626C-4DC0-A1E2-1F14A7ACAEF9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{ECCF2B5B-5F03-4170-BA2A-19E50A6F62D4}" = protocol=6 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe | 
"{ECF2D918-DBD7-4E24-AD51-DD29A68FCE39}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{ED946555-15FD-43D9-B3B3-7EF54AA1B61E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{F6C4CA97-A9BF-4F30-AD48-FA8DEF9B1067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8C54AB4-4DD2-4812-8912-66C5CBA791AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"TCP Query User{0786A12F-9609-43FF-9123-16E8E76D0F51}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{28937610-D652-4B08-A258-785CAFD8E492}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | 
"TCP Query User{56CCA9BC-2E73-4510-8625-D9C75553C677}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | 
"TCP Query User{878E611D-6171-4884-A351-0EFE8619D792}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"TCP Query User{9D5EEFCB-F126-45D8-8D4D-280795F401C0}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | 
"TCP Query User{A646A1A9-A08B-4EFA-8FD2-6A74DABBA51B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | 
"TCP Query User{D232A219-2C36-4648-AC3E-B3A9A552ED21}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{F05175A7-5A3E-4B12-9FE6-D5C6CEFB8EE1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{F6090DC2-5A94-42B2-8B76-FF4A9C90177F}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | 
"TCP Query User{F960C423-F010-4878-BABE-0B4DCC2413C8}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | 
"UDP Query User{0271C050-90E5-4326-A662-300AE7D78FD3}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"UDP Query User{4F84468F-FF4B-44A0-A54C-01DB4869C1F0}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | 
"UDP Query User{5825C956-4B68-4B71-93F9-9E76250D5263}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | 
"UDP Query User{6923D76E-4FB1-4B16-84A0-724B0DAB78AC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{7B079471-6D09-49F0-8A37-368E533E4B83}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | 
"UDP Query User{AF192E8B-C662-4544-AA61-D45E44FE65B3}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | 
"UDP Query User{DA329EFF-0F3F-4C7B-882B-C5F7D88FB1D8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{ED490460-D2BB-4D2D-A631-544B018D121C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{F649B6D4-AAAF-4BD3-A9A3-E0CFCAC2247B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | 
"UDP Query User{F961846E-F484-4167-9292-37282D6AFAF4}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI: Dark Motives
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4B21AAD6-6AB1-465A-A4AE-5CC1B7A0FCC9}" = Informaticus
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.4
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E5A2F17-5F82-40EB-B688-6FC9B93430D2}" = Hollywood - Directors Cut
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.5
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"A Vampyre Story" = A Vampyre Story
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ankh" = Ankh
"Ankh3" = Ankh3
"Art of Murder/DE-German_is1" = Die Kunst des Mordens: Geheimakte FBI
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar
"CodInstl" = Intel A/V Codecs V2.0
"Curse - The Eye of Isis" = Curse - The Eye of Isis
"Der Stein der Weisen" = Der Stein der Weisen
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Desktop" = Google Desktop
"Holly im Wunderland" = Holly im Wunderland
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Picasa2" = Picasa 2
"PirateVille" = PirateVille
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Shockwave" = Shockwave
"So Blonde" = So Blonde
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Book Of Unwritten Tales_is1" = The Book Of Unwritten Tales Version 1.02
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.12.2011 09:39:49 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 30.12.2011 09:40:57 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.12.2011 05:11:15 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 31.12.2011 05:11:15 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 31.12.2011 05:12:24 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.01.2012 05:55:28 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.01.2012 05:55:28 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.01.2012 05:56:37 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.01.2012 17:08:56 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.01.2012 17:08:56 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 01.01.2012 17:16:44 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.01.2012 14:13:43 | Computer Name = Martina-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 01.01.2012 um 22:18:02 unerwartet heruntergefahren.
 
Error - 11.01.2012 14:14:08 | Computer Name = Martina-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = 
 
Error - 11.01.2012 14:14:10 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11.01.2012 14:14:17 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11.01.2012 14:14:22 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11.01.2012 14:14:27 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11.01.2012 14:14:58 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.01.2012 14:14:58 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 11.01.2012 14:21:10 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

gmer gestartet

Der Scan brach nach einiger Zeit ab mit der Meldung:
xxxxx.exe (gmer) funktioniert nicht mehr
Das Programm wird aufgrund eines Porblems nicht richtig ausgeführt. Das Programm wird geschlossen und sie werden benachrichtigt, wenn eine Lösung verfügbar ist.
Programm schließen

Ein Logfile wurde nicht erstellt.
Bis zum Abbruch waren bereits einige Meldungen, die ich aber leider nicht abgeschrieben habe, bevor ich das Fenster zugemacht habe.

Ein zweiter Versuch im abgesicherten Modus endete sofort mit der gleichen Fehlermeldung, gmer ließ sich gar nicht starten.

3. Versuch, neuer Download (und damit neuer Dateiname), jetzt sofort im abgesicherten Modus ausgeführt
Scan startet, bricht aber nach kurzer Zeit mit der gleichen Fehlermeldung ab. Keine weiteren Meldungen.

Ich hoffe, ihr könnt mir helfen.

Mfg

Skraty

Hi,

soso, ein Explorer in AppData...
C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe

Bin faul, MAM auf einen Stick ziehen, rüber kopieren und installieren und Fullscann...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

Sonst kille ich ihn "per hand"...

chris

Hihih,
Markus und ich haben es mal wieder geschafft... ;o), na, wer soll weiter machen...????

hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code: Alles auswählenAufklappen

ATTFilter

:OTL
 :Files
C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe

:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

Erst mal danke, dass ihr euch um mich kümmert

Ich habe mich jetzt mal für die Variante von Chris entschieden und MAM drüberlaufen lassen.

1. Durchlauf - ohne Aktualisierung
kein Fund

2. Durchlauf - nach Aktualisierung
2 Funde, einmal der von dir angegebene und noch ein weiterer, der so ähnlich lautete, sich aber woanders versteckt hatte. Leider ist das Logfile im Datennirvana verschwunden und nicht auffindbar. Entfernung wurde als erfolgreich gemeldet.

zur Sicherheit noch 3. Durchlauf gemacht, wieder ein Fund. Hier gibts auch ein Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.11.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Martina :: MARTINA-PC [limited]

14.01.2012 22:15:42
mbam-log-2012-01-14 (22-15-42).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 397624
Time elapsed: 1 hour(s), 41 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|iexploer.exe (Trojan.Agent) -> Data: C:\Users\Martina\AppData\Roaming\Microsoft\Internet Explorer\iexploer.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         

und weil´s so schön war, noch ein 4. Durchlauf, ohne Fund

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.11.06

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Martina :: MARTINA-PC [limitiert]

15.01.2012 02:07:03
mbam-log-2012-01-15 (02-07-03).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 397560
Laufzeit: 1 Stunde(n), 36 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Ich trau dem Frieden aber irgendwie nicht.

MfG Jörg

Hi,

bitte ein neues OTL-Log und

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

ESET Online Scanner ESET

Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Button "ESET Online Scanner" drücken.
Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User müssen das Installieren eines ActiveX Elements erlauben.
Einen Haken bei "Remove found threads" und "Scan archives" machen.
Start drücken.
Der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

chris

Hallo Chris

habe die Scans durchlaufen lassen.

OTL.txt

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 17.01.2012 21:54:31 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Martina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,25 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 57,52% Memory free
4,72 Gb Paging File | 3,63 Gb Available in Paging File | 76,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 174,37 Gb Free Space | 61,78% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32
Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Martina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
PRC - C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe ()
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
PRC - C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
PRC - C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\fsk.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\readerAppHelper.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\USBDetector.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskNetInterface.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskPower.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskinLocalize.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ticket.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\Fskin.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\FskSecurity.dll ()
MOD - C:\Programme\Sony\ReaderDesktop\appHelper\ebookUsb.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Sony SCSI Helper Service) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe (Sony Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\HomeCinema\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- C:\Programme\HomeCinema\PowerDVD8\000.fcl (Cyberlink Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&affID=17159"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.5.9
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=a4a2c01000000000000000224369509c&tlver=1.4.19.19&instlRef=sst&affID=17159&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.10 14:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.09.10 14:08:02 | 000,000,000 | ---D | M]
 
[2009.06.03 19:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Extensions
[2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions
[2010.10.16 14:55:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.27 11:50:34 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2011.05.14 16:54:39 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\ffxtlbr@babylon.com
[2011.12.27 11:54:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cheffe\AppData\Roaming\mozilla\Firefox\Profiles\jhd3xb5d.default\extensions\staged
[2011.06.27 21:12:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.13 20:20:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011.05.29 17:27:37 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE
() (No name found) -- C:\USERS\CHEFFE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JHD3XB5D.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011.06.16 05:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.14 16:54:39 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Programme\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Programme\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\HomeCinema\PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PlusService] C:\Programme\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [Reader Application Helper] C:\Programme\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FC336C5-793C-4413-91D7-08C17FDC82EA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{99B89040-6443-4225-B504-681C414A9CAB}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6129bec7-5068-11de-82e0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTARTER.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.11 21:50:25 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Malwarebytes
[2012.01.11 21:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.11 21:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.11 21:50:13 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.11 21:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\id Software
[2011.12.29 21:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software
[2011.12.27 12:09:58 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\kinoma
[2011.12.27 12:09:54 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Sony Corporation
[2011.12.27 11:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2011.12.27 10:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\kinoma
[2011.12.27 10:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
[2011.12.27 10:07:17 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Local\Sony Corporation
[2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2011.12.27 10:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011.12.27 10:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2011.12.25 13:33:43 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2011.12.25 13:33:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2011.12.25 13:33:42 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2011.12.25 13:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Vampyre Story
[2011.12.25 13:15:12 | 000,000,000 | ---D | C] -- C:\Users\Cheffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A Vampyre Story
[2011.12.25 13:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\A Vampyre Story
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.17 21:52:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.17 21:01:58 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.01.17 21:01:32 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.17 20:55:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.17 20:55:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.17 20:55:50 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.17 20:55:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.17 20:50:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 20:50:17 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 20:50:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.17 20:50:03 | 2414,153,728 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.16 22:12:26 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job
[2012.01.16 22:10:26 | 000,131,967 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.01.11 21:50:14 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.11 19:22:18 | 000,000,000 | ---- | M] () -- C:\Users\Cheffe\defogger_reenable
[2011.12.27 17:49:33 | 000,407,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.27 10:07:30 | 000,001,934 | ---- | M] () -- C:\Users\Public\Desktop\Reader for PC.lnk
[2011.12.25 13:25:12 | 000,000,928 | ---- | M] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.11 21:50:14 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.11 21:46:41 | 2414,153,728 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.11 19:22:18 | 000,000,000 | ---- | C] () -- C:\Users\Cheffe\defogger_reenable
[2011.12.27 10:07:30 | 000,001,934 | ---- | C] () -- C:\Users\Public\Desktop\Reader for PC.lnk
[2011.12.25 13:25:12 | 000,000,928 | ---- | C] () -- C:\Users\Cheffe\Desktop\A Vampyre Story.lnk
[2011.07.24 18:20:41 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2009.09.25 15:52:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.25 15:52:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.12 17:20:30 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.08.12 17:20:29 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.06.22 16:37:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.06.07 12:30:23 | 000,050,176 | ---- | C] () -- C:\Users\Cheffe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.08 09:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.04.30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.04.30 15:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.02.05 22:33:04 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.02.05 22:33:04 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.02.05 22:33:04 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.02.05 22:33:04 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.02.05 14:01:52 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.02.05 13:54:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.02.05 13:45:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,407,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2009.06.20 17:22:25 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Ankh
[2010.10.25 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Canneverbe Limited
[2010.03.16 22:35:05 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\ICQ
[2011.12.27 11:50:35 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\kikin
[2011.05.29 17:27:37 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\QuickStoresToolbar
[2009.06.22 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\Cheffe\AppData\Roaming\Thunderbird
[2012.01.16 23:49:43 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.16 22:12:26 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7B410805-6458-4870-BECF-E4E9A1798D34}.job
 
========== Purity Check ==========
 
 

< End of report >
         

--- --- ---



extras.txt
OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 17.01.2012 21:54:31 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Martina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,25 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 57,52% Memory free
4,72 Gb Paging File | 3,63 Gb Available in Paging File | 76,81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 282,27 Gb Total Space | 174,37 Gb Free Space | 61,78% Space Free | Partition Type: NTFS
Drive D: | 15,81 Gb Total Space | 4,09 Gb Free Space | 25,90% Space Free | Partition Type: FAT32
Drive E: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MARTINA-PC | User Name: Cheffe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033DE1ED-CFD8-437D-90DC-AA4701D854C9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{08311AA2-A7C4-4214-86CB-C77D2C2CAA9C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{086965D4-CC7C-4B6F-A810-CFDC30D6E9B6}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{0F9B34C9-E50A-4619-87FE-6021ECF420D7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{18DA6B8C-4D44-4322-92C2-28919BB8D966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{76FD0AA7-5F77-4F6C-B58F-0F1B31428CD8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8897F6FD-2276-4E2B-954F-17D4779645C3}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{A7CC8194-7AF6-4532-8B0C-25CCE7BD4046}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ACC00DE5-8ACD-4C42-B322-52CB13817676}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DCB0F727-8551-4960-BFB8-928A076CEFA4}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EA8C70E3-254E-461C-9BF5-394DBE55BA69}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F204D640-80E2-4D9A-8B54-217EDCEC9ED5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014B3176-174F-45E1-A67E-7571DC4F1B29}" = dir=in | app=c:\program files\homecinema\playmovie\pmvservice.exe | 
"{107A1434-4517-471C-A627-5CCA9F876A20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{25F7F8F7-6A72-4FA4-8A71-A2E6F4338415}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{2B21C8B0-3E83-4148-97E1-DAD16DA278A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2D344E22-3F8C-4966-8FE7-9892E5F7BC91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2F50F021-901B-4948-AD9E-C04B04FDBD69}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{34025196-C1A0-4974-8F16-5A337D4AC10E}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe | 
"{3827EE72-7CCA-41D1-92D3-9ABEF5362B07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{581B3538-86C0-41E1-9874-2C7B61028CA2}" = protocol=17 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe | 
"{5A478E19-6ECB-444C-89D2-E535A3533A10}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{5AA2CACC-786E-4AF0-AFBE-FA9A6DB34F36}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{626EF331-9564-425D-BAA8-84336305AC01}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6DC40A49-80F9-4C6F-A447-E1B13330B191}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{794CBED7-7D41-414C-80E2-28346E0F46C2}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{79664EA1-941D-4885-94DE-8D1B386AC0A6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8046692F-0856-4F92-B146-48C504934350}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{890A5A65-C386-4D40-980E-9B871BC24B75}" = dir=in | app=c:\program files\homecinema\playmovie\playmovie.exe | 
"{89A64704-0D62-481A-B188-BEB3D4829999}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{8E9E018F-A7AC-4E3E-9F96-6B56391D4A05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8F3F2096-EB53-462B-85BD-AD2E8E8EA891}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B1A7A81-40B7-4232-9BAE-1D59A86A644E}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{AAF8BCBB-3861-4613-A2E4-54D3D86077C0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B3DB579D-E994-4D58-90C1-04CE588DE7BE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8DE90CF-8C3A-4DA0-9070-635BE8769F8A}" = protocol=6 | dir=out | app=system | 
"{BA9B958E-5D86-4CB4-8C51-2AC58E5EED0C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BBED257C-6A5C-4B92-BB66-CC596EF00503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C79981B7-778D-466F-ADD6-6517F3E631EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{C97BFDF3-A2EB-4DCE-8185-D87F39C219A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E61D77B2-0E4B-4C7E-B74F-512EA233AF2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EB74D9A7-626C-4DC0-A1E2-1F14A7ACAEF9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{ECCF2B5B-5F03-4170-BA2A-19E50A6F62D4}" = protocol=6 | dir=in | app=c:\users\martina\appdata\local\temp\update_096b.exe | 
"{ECF2D918-DBD7-4E24-AD51-DD29A68FCE39}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{ED946555-15FD-43D9-B3B3-7EF54AA1B61E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{F6C4CA97-A9BF-4F30-AD48-FA8DEF9B1067}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8C54AB4-4DD2-4812-8912-66C5CBA791AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"TCP Query User{0786A12F-9609-43FF-9123-16E8E76D0F51}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{28937610-D652-4B08-A258-785CAFD8E492}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | 
"TCP Query User{56CCA9BC-2E73-4510-8625-D9C75553C677}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | 
"TCP Query User{878E611D-6171-4884-A351-0EFE8619D792}C:\program files\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"TCP Query User{9D5EEFCB-F126-45D8-8D4D-280795F401C0}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | 
"TCP Query User{A646A1A9-A08B-4EFA-8FD2-6A74DABBA51B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | 
"TCP Query User{D232A219-2C36-4648-AC3E-B3A9A552ED21}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{F05175A7-5A3E-4B12-9FE6-D5C6CEFB8EE1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{F6090DC2-5A94-42B2-8B76-FF4A9C90177F}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | 
"TCP Query User{F960C423-F010-4878-BABE-0B4DCC2413C8}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | 
"UDP Query User{0271C050-90E5-4326-A662-300AE7D78FD3}C:\program files\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"UDP Query User{4F84468F-FF4B-44A0-A54C-01DB4869C1F0}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | 
"UDP Query User{5825C956-4B68-4B71-93F9-9E76250D5263}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | 
"UDP Query User{6923D76E-4FB1-4B16-84A0-724B0DAB78AC}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{7B079471-6D09-49F0-8A37-368E533E4B83}C:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\users\martina\appdata\roaming\icq\application\icq7.5\icq.exe | 
"UDP Query User{AF192E8B-C662-4544-AA61-D45E44FE65B3}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | 
"UDP Query User{DA329EFF-0F3F-4C7B-882B-C5F7D88FB1D8}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{ED490460-D2BB-4D2D-A631-544B018D121C}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{F649B6D4-AAAF-4BD3-A9A3-E0CFCAC2247B}C:\program files\metin2_germany\bgm\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2client.bin | 
"UDP Query User{F961846E-F484-4167-9292-37282D6AFAF4}C:\program files\metin2_germany\bgm\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2_germany\bgm\metin2.bin | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{41C5EDB3-BE78-4C29-AE83-EDD2B1B740F1}" = CSI: Dark Motives
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4B21AAD6-6AB1-465A-A4AE-5CC1B7A0FCC9}" = Informaticus
"{4D3DA153-548D-4D7F-B62B-653D845169D3}" = Reader for PC
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5AD05333-600A-4CD8-88C6-BF22A3BE9767}_is1" = Multi-ICQ 1.4
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{70E8EBD5-78C9-4258-B20A-5098CCA000F0}" = Dolby Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7730D510-6DE2-4CD4-8F58-0B04680AEFE6}" = Mysteryville 2
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E5A2F17-5F82-40EB-B688-6FC9B93430D2}" = Hollywood - Directors Cut
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Play Movie
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B42A6552-1A83-4D79-9137-AB0C9036249A}" = Quake Live Mozilla Plugin
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BE7347AD-2D93-4A74-8DBF-C1B073DAE509}" = Geheimakte 2 - Puritas Cordis
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.5
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"A Vampyre Story" = A Vampyre Story
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ankh" = Ankh
"Ankh3" = Ankh3
"Art of Murder/DE-German_is1" = Die Kunst des Mordens: Geheimakte FBI
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BabylonToolbar" = Babylon toolbar
"CodInstl" = Intel A/V Codecs V2.0
"Curse - The Eye of Isis" = Curse - The Eye of Isis
"Der Stein der Weisen" = Der Stein der Weisen
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Google Desktop" = Google Desktop
"Holly im Wunderland" = Holly im Wunderland
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Picasa2" = Picasa 2
"PirateVille" = PirateVille
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.2.0
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Shockwave" = Shockwave
"So Blonde" = So Blonde
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Book Of Unwritten Tales_is1" = The Book Of Unwritten Tales Version 1.02
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.01.2012 16:48:14 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 11.01.2012 16:48:15 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 11.01.2012 16:48:15 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 11.01.2012 16:48:19 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.01.2012 16:48:40 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 11.01.2012 16:48:40 | Computer Name = Martina-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 11.01.2012 20:18:35 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.01.2012 20:18:35 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.01.2012 20:19:41 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.01.2012 19:09:01 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 11.01.2012 15:43:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.01.2012 15:43:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.01.2012 15:43:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.01.2012 15:43:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.01.2012 16:02:04 | Computer Name = Martina-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 11.01.2012 16:48:20 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 11.01.2012 20:19:42 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 12.01.2012 14:36:53 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 14.01.2012 19:10:09 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 15:51:41 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

--- --- ---


ESET Online Scanner

Der erste Durchlauf lief bis in die Nacht. Leider kam dann das automatische Windows-update mit Neustart
Daher kein Report von diesem Scan.

Hab den Durchlauf daher wiederholt, kein Fund, kein Bericht. Aber in der Quarantäne wird einiges angezeigt. Ich denke, dass ist beim ersten Durchlauf dorthin verschoben worden.
Hmm, lässt sich nicht kopieren, muss ich es wohl abschreiben.

Code: Alles auswählenAufklappen

ATTFilter

C:\Users\Martina\AppData\Local\Temp\Update_b007.exe
C:\Users\Martina\AppData\Local\Temp\Update_a91a.exe
C:\Users\Martina\AppData\Local\Temp\Update_a0fb.exe
C:\Users\Martina\AppData\Local\Temp\Update_7beb.exe
C:\Users\Martina\AppData\Local\Temp\Update_665c.exe
C:\Users\Martina\AppData\Local\Temp\Update_2f58.exe
C:\Users\Martina\AppData\Local\Temp\Update_096b.exe
C:\Users\Jörg\AppData\Local\Temp\Update_1b84.exe
C:\Users\Cheffe\Downloads\MsgLive-490.exe
C:\Users\Cheffe\AppData\Local\Temp\is887590510\MyBabylonTB.exe
C:\Users\Cheffe\AppData\Local\Temp\ICReinstall\Update_096b.exe
C:\Users\Cheffe\AppData\Local\Temp\NOD1F52.tmp
C:\Program Files\BabylonToolbar\1.41.19.19\BabylonToolbarsrv.exe
C:\Program Files\BabylonToolbar\1.41.19.19\BabylonToolbarAp p.dll
         

So, musste grad feststellen, wer lesen kann ist klar im Vorteil, es gibt doch ein Logfile vom ersten Scan mit ESET

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ba4f1b20f6cdd24282f75b4e7ad580bb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-18 01:03:55
# local_time=2012-01-18 02:03:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 1388204 101733273 1421213 0
# compatibility_mode=5892 16776573 100 100 4352 164369437 0 0
# compatibility_mode=8192 67108863 100 0 3867 3867 0 0
# scanned=263491
# found=14
# cleaned=14
# scan_time=11926
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarApp.dll	a variant of Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined)	00000000000000000000000000000000	C
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe	probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Cheffe\AppData\Local\Temp\NOD1F52.tmp	a variant of Win32/Toolbar.Babylon application (cleaned by deleting (after the next restart) - quarantined)	00000000000000000000000000000000	C
C:\Users\Cheffe\AppData\Local\Temp\ICReinstall\Update_096b.exe	probably a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Cheffe\AppData\Local\Temp\is887590510\MyBabylonTB.exe	a variant of Win32/Toolbar.Babylon application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Cheffe\Downloads\MsgPlusLive-490.exe	a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Jörg\AppData\Local\Temp\Update_1b84.exe	a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Martina\AppData\Local\Temp\Update_096b.exe	probably a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Martina\AppData\Local\Temp\Update_2f58.exe	a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Martina\AppData\Local\Temp\Update_665c.exe	a variant of Win32/MessengerPlus.A application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Users\Martina\AppData\Local\Temp\Update_7beb.exe	a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Martina\AppData\Local\Temp\Update_a0fb.exe	a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Martina\AppData\Local\Temp\Update_a91a.exe	a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Users\Martina\AppData\Local\Temp\Update_b007.exe	a variant of Win32/MessengerPlus.A application (deleted - quarantined)	00000000000000000000000000000000	C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ba4f1b20f6cdd24282f75b4e7ad580bb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-19 07:14:59
# local_time=2012-01-19 08:14:59 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 4835 101885202 0 0
# compatibility_mode=5892 16776573 100 100 156281 164521366 0 0
# compatibility_mode=8192 67108863 100 0 155796 155796 0 0
# scanned=263591
# found=0
# cleaned=0
# scan_time=11861
         

Hab den Scan mit IE durchgeführt.
Leider kann ich hiermit

Zitat:

IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

gar nichts anfangen und bin ratlos was ich machen soll.

MfG
Jörg

Hi,

sieht ok aus, was macht das TDSS-Log?

chris

ist mir doch glatt durch die Lappen gegangen

Code: Alles auswählenAufklappen

ATTFilter

22:17:35.0212 3676	TDSS rootkit removing tool 2.7.3.0 Jan 16 2012 18:53:41
22:17:35.0293 3676	============================================================
22:17:35.0293 3676	Current date / time: 2012/01/17 22:17:35.0293
22:17:35.0293 3676	SystemInfo:
22:17:35.0293 3676	
22:17:35.0293 3676	OS Version: 6.0.6002 ServicePack: 2.0
22:17:35.0293 3676	Product type: Workstation
22:17:35.0293 3676	ComputerName: MARTINA-PC
22:17:35.0294 3676	UserName: Cheffe
22:17:35.0294 3676	Windows directory: C:\Windows
22:17:35.0294 3676	System windows directory: C:\Windows
22:17:35.0294 3676	Processor architecture: Intel x86
22:17:35.0294 3676	Number of processors: 2
22:17:35.0294 3676	Page size: 0x1000
22:17:35.0294 3676	Boot type: Normal boot
22:17:35.0294 3676	============================================================
22:17:36.0534 3676	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:17:36.0603 3676	Initialize success
22:17:50.0219 1804	============================================================
22:17:50.0219 1804	Scan started
22:17:50.0219 1804	Mode: Manual; 
22:17:50.0219 1804	============================================================
22:17:51.0065 1804	acedrv11        (66dc3740111238c91b875d8a0021834d) C:\Windows\system32\drivers\acedrv11.sys
22:17:51.0073 1804	acedrv11 - ok
22:17:51.0125 1804	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:17:51.0128 1804	ACPI - ok
22:17:51.0186 1804	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
22:17:51.0194 1804	adp94xx - ok
22:17:51.0220 1804	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
22:17:51.0226 1804	adpahci - ok
22:17:51.0252 1804	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
22:17:51.0253 1804	adpu160m - ok
22:17:51.0279 1804	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
22:17:51.0282 1804	adpu320 - ok
22:17:51.0351 1804	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:17:51.0354 1804	AFD - ok
22:17:51.0404 1804	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
22:17:51.0406 1804	agp440 - ok
22:17:51.0436 1804	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:17:51.0438 1804	aic78xx - ok
22:17:51.0467 1804	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
22:17:51.0468 1804	aliide - ok
22:17:51.0500 1804	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
22:17:51.0502 1804	amdagp - ok
22:17:51.0527 1804	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
22:17:51.0528 1804	amdide - ok
22:17:51.0554 1804	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
22:17:51.0555 1804	AmdK7 - ok
22:17:51.0575 1804	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
22:17:51.0577 1804	AmdK8 - ok
22:17:51.0640 1804	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
22:17:51.0641 1804	arc - ok
22:17:51.0674 1804	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
22:17:51.0676 1804	arcsas - ok
22:17:51.0715 1804	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:17:51.0716 1804	AsyncMac - ok
22:17:51.0755 1804	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:17:51.0756 1804	atapi - ok
22:17:52.0019 1804	athr            (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
22:17:52.0051 1804	athr - ok
22:17:52.0132 1804	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
22:17:52.0137 1804	atksgt - ok
22:17:52.0227 1804	avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
22:17:52.0228 1804	avgio - ok
22:17:52.0285 1804	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
22:17:52.0287 1804	avgntflt - ok
22:17:52.0337 1804	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
22:17:52.0339 1804	avipbb - ok
22:17:52.0387 1804	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:17:52.0388 1804	Beep - ok
22:17:52.0430 1804	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
22:17:52.0432 1804	blbdrive - ok
22:17:52.0504 1804	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:17:52.0506 1804	bowser - ok
22:17:52.0538 1804	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:17:52.0539 1804	BrFiltLo - ok
22:17:52.0561 1804	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:17:52.0562 1804	BrFiltUp - ok
22:17:52.0593 1804	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:17:52.0595 1804	Brserid - ok
22:17:52.0626 1804	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:17:52.0627 1804	BrSerWdm - ok
22:17:52.0648 1804	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:17:52.0649 1804	BrUsbMdm - ok
22:17:52.0661 1804	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:17:52.0662 1804	BrUsbSer - ok
22:17:52.0689 1804	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
22:17:52.0691 1804	BTHMODEM - ok
22:17:52.0731 1804	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:17:52.0733 1804	cdfs - ok
22:17:52.0764 1804	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:17:52.0765 1804	cdrom - ok
22:17:52.0789 1804	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
22:17:52.0790 1804	circlass - ok
22:17:52.0841 1804	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:17:52.0844 1804	CLFS - ok
22:17:52.0903 1804	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:17:52.0904 1804	CmBatt - ok
22:17:52.0923 1804	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
22:17:52.0924 1804	cmdide - ok
22:17:52.0936 1804	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:17:52.0937 1804	Compbatt - ok
22:17:52.0958 1804	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
22:17:52.0959 1804	crcdisk - ok
22:17:52.0984 1804	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
22:17:52.0985 1804	Crusoe - ok
22:17:53.0052 1804	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:17:53.0053 1804	DfsC - ok
22:17:53.0132 1804	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:17:53.0133 1804	disk - ok
22:17:53.0176 1804	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:17:53.0177 1804	drmkaud - ok
22:17:53.0232 1804	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
22:17:53.0254 1804	DXGKrnl - ok
22:17:53.0279 1804	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:17:53.0281 1804	E1G60 - ok
22:17:53.0298 1804	EagleNT - ok
22:17:53.0372 1804	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:17:53.0374 1804	Ecache - ok
22:17:53.0423 1804	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
22:17:53.0429 1804	elxstor - ok
22:17:53.0473 1804	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
22:17:53.0474 1804	ErrDev - ok
22:17:53.0557 1804	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:17:53.0559 1804	exfat - ok
22:17:53.0605 1804	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:17:53.0608 1804	fastfat - ok
22:17:53.0652 1804	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
22:17:53.0653 1804	fdc - ok
22:17:53.0691 1804	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:17:53.0693 1804	FileInfo - ok
22:17:53.0731 1804	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:17:53.0732 1804	Filetrace - ok
22:17:53.0778 1804	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:17:53.0779 1804	flpydisk - ok
22:17:53.0855 1804	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:17:53.0857 1804	FltMgr - ok
22:17:53.0907 1804	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:17:53.0908 1804	Fs_Rec - ok
22:17:53.0928 1804	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
22:17:53.0929 1804	gagp30kx - ok
22:17:53.0983 1804	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:17:53.0985 1804	GEARAspiWDM - ok
22:17:54.0085 1804	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
22:17:54.0088 1804	HdAudAddService - ok
22:17:54.0136 1804	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:17:54.0155 1804	HDAudBus - ok
22:17:54.0179 1804	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
22:17:54.0181 1804	HidBth - ok
22:17:54.0206 1804	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:17:54.0208 1804	HidIr - ok
22:17:54.0245 1804	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:17:54.0246 1804	HidUsb - ok
22:17:54.0269 1804	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
22:17:54.0270 1804	HpCISSs - ok
22:17:54.0315 1804	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:17:54.0322 1804	HTTP - ok
22:17:54.0337 1804	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
22:17:54.0338 1804	i2omp - ok
22:17:54.0387 1804	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:17:54.0389 1804	i8042prt - ok
22:17:54.0418 1804	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
22:17:54.0422 1804	iaStorV - ok
22:17:54.0463 1804	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:17:54.0464 1804	iirsp - ok
22:17:54.0569 1804	IntcAzAudAddService (b8716d9677b04b82fa405c8c54954728) C:\Windows\system32\drivers\RTKVHDA.sys
22:17:54.0635 1804	IntcAzAudAddService - ok
22:17:54.0658 1804	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:17:54.0659 1804	intelide - ok
22:17:54.0696 1804	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:17:54.0698 1804	intelppm - ok
22:17:54.0730 1804	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:17:54.0732 1804	IpFilterDriver - ok
22:17:54.0751 1804	IpInIp - ok
22:17:54.0776 1804	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
22:17:54.0777 1804	IPMIDRV - ok
22:17:54.0798 1804	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:17:54.0800 1804	IPNAT - ok
22:17:54.0837 1804	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:17:54.0838 1804	IRENUM - ok
22:17:54.0860 1804	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
22:17:54.0861 1804	isapnp - ok
22:17:54.0900 1804	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:17:54.0903 1804	iScsiPrt - ok
22:17:54.0919 1804	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:17:54.0920 1804	iteatapi - ok
22:17:54.0951 1804	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:17:54.0952 1804	iteraid - ok
22:17:54.0969 1804	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:17:54.0971 1804	kbdclass - ok
22:17:54.0998 1804	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:17:54.0999 1804	kbdhid - ok
22:17:55.0072 1804	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:17:55.0078 1804	KSecDD - ok
22:17:55.0168 1804	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
22:17:55.0169 1804	lirsgt - ok
22:17:55.0186 1804	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:17:55.0187 1804	lltdio - ok
22:17:55.0220 1804	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
22:17:55.0222 1804	LSI_FC - ok
22:17:55.0245 1804	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
22:17:55.0246 1804	LSI_SAS - ok
22:17:55.0269 1804	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
22:17:55.0270 1804	LSI_SCSI - ok
22:17:55.0291 1804	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:17:55.0293 1804	luafv - ok
22:17:55.0378 1804	LVPr2Mon        (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
22:17:55.0380 1804	LVPr2Mon - ok
22:17:55.0424 1804	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
22:17:55.0425 1804	megasas - ok
22:17:55.0472 1804	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
22:17:55.0480 1804	MegaSR - ok
22:17:55.0521 1804	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:17:55.0522 1804	Modem - ok
22:17:55.0544 1804	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:17:55.0545 1804	monitor - ok
22:17:55.0567 1804	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:17:55.0568 1804	mouclass - ok
22:17:55.0591 1804	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:17:55.0593 1804	mouhid - ok
22:17:55.0619 1804	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:17:55.0621 1804	MountMgr - ok
22:17:55.0657 1804	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
22:17:55.0659 1804	mpio - ok
22:17:55.0683 1804	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:17:55.0685 1804	mpsdrv - ok
22:17:55.0714 1804	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:17:55.0715 1804	Mraid35x - ok
22:17:55.0767 1804	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:17:55.0769 1804	MRxDAV - ok
22:17:55.0801 1804	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:17:55.0803 1804	mrxsmb - ok
22:17:55.0869 1804	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:17:55.0873 1804	mrxsmb10 - ok
22:17:55.0886 1804	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:17:55.0888 1804	mrxsmb20 - ok
22:17:55.0926 1804	msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
22:17:55.0928 1804	msahci - ok
22:17:55.0961 1804	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
22:17:55.0963 1804	msdsm - ok
22:17:56.0004 1804	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:17:56.0005 1804	Msfs - ok
22:17:56.0042 1804	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:17:56.0044 1804	msisadrv - ok
22:17:56.0093 1804	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:17:56.0094 1804	MSKSSRV - ok
22:17:56.0114 1804	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:17:56.0116 1804	MSPCLOCK - ok
22:17:56.0144 1804	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:17:56.0145 1804	MSPQM - ok
22:17:56.0205 1804	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:17:56.0207 1804	MsRPC - ok
22:17:56.0253 1804	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:17:56.0255 1804	mssmbios - ok
22:17:56.0278 1804	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:17:56.0279 1804	MSTEE - ok
22:17:56.0298 1804	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:17:56.0300 1804	Mup - ok
22:17:56.0376 1804	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:17:56.0378 1804	NativeWifiP - ok
22:17:56.0453 1804	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:17:56.0460 1804	NDIS - ok
22:17:56.0495 1804	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:17:56.0497 1804	NdisTapi - ok
22:17:56.0524 1804	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:17:56.0525 1804	Ndisuio - ok
22:17:56.0567 1804	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:17:56.0570 1804	NdisWan - ok
22:17:56.0600 1804	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:17:56.0601 1804	NDProxy - ok
22:17:56.0652 1804	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:17:56.0653 1804	NetBIOS - ok
22:17:56.0710 1804	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:17:56.0712 1804	netbt - ok
22:17:56.0757 1804	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:17:56.0759 1804	nfrd960 - ok
22:17:56.0848 1804	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:17:56.0849 1804	Npfs - ok
22:17:56.0868 1804	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:17:56.0869 1804	nsiproxy - ok
22:17:56.0990 1804	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:17:57.0021 1804	Ntfs - ok
22:17:57.0044 1804	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:17:57.0046 1804	ntrigdigi - ok
22:17:57.0289 1804	NuidFltr        (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
22:17:57.0291 1804	NuidFltr - ok
22:17:57.0310 1804	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:17:57.0311 1804	Null - ok
22:17:57.0375 1804	NVENETFD        (adb84b1e6b837c45443aa25abe9e7012) C:\Windows\system32\DRIVERS\nvmfdx32.sys
22:17:57.0409 1804	NVENETFD - ok
22:17:57.0452 1804	NVHDA           (faa22e6256d9fa2c7f77b67c68cdd749) C:\Windows\system32\drivers\nvhda32v.sys
22:17:57.0454 1804	NVHDA - ok
22:17:57.0696 1804	nvlddmkm        (cd10cf6c0200a6fe2f9ed9747ba123a1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:17:57.0827 1804	nvlddmkm - ok
22:17:57.0865 1804	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
22:17:57.0867 1804	nvraid - ok
22:17:57.0902 1804	nvsmu           (af1bd777af00e96c45c77192d7453369) C:\Windows\system32\DRIVERS\nvsmu.sys
22:17:57.0904 1804	nvsmu - ok
22:17:57.0931 1804	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
22:17:57.0932 1804	nvstor - ok
22:17:57.0976 1804	nvstor32        (8ee374b6fb3cb2bb8d70395218b464a5) C:\Windows\system32\DRIVERS\nvstor32.sys
22:17:57.0979 1804	nvstor32 - ok
22:17:58.0008 1804	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
22:17:58.0010 1804	nv_agp - ok
22:17:58.0022 1804	NwlnkFlt - ok
22:17:58.0038 1804	NwlnkFwd - ok
22:17:58.0080 1804	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
22:17:58.0082 1804	ohci1394 - ok
22:17:58.0145 1804	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:17:58.0146 1804	Parport - ok
22:17:58.0196 1804	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:17:58.0198 1804	partmgr - ok
22:17:58.0221 1804	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:17:58.0223 1804	Parvdm - ok
22:17:58.0266 1804	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:17:58.0268 1804	pci - ok
22:17:58.0290 1804	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
22:17:58.0291 1804	pciide - ok
22:17:58.0319 1804	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:17:58.0321 1804	pcmcia - ok
22:17:58.0373 1804	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:17:58.0392 1804	PEAUTH - ok
22:17:58.0490 1804	PID_0928        (d2d2fa02b722336960eeae0ae7107891) C:\Windows\system32\DRIVERS\LV561AV.SYS
22:17:58.0499 1804	PID_0928 - ok
22:17:58.0635 1804	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:17:58.0636 1804	PptpMiniport - ok
22:17:58.0665 1804	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
22:17:58.0667 1804	Processor - ok
22:17:58.0734 1804	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:17:58.0736 1804	PSched - ok
22:17:58.0765 1804	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
22:17:58.0766 1804	PxHelp20 - ok
22:17:58.0826 1804	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
22:17:58.0859 1804	ql2300 - ok
22:17:58.0879 1804	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:17:58.0881 1804	ql40xx - ok
22:17:58.0914 1804	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:17:58.0916 1804	QWAVEdrv - ok
22:17:58.0932 1804	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:17:58.0933 1804	RasAcd - ok
22:17:58.0955 1804	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:17:58.0957 1804	Rasl2tp - ok
22:17:59.0015 1804	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:17:59.0017 1804	RasPppoe - ok
22:17:59.0056 1804	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:17:59.0058 1804	RasSstp - ok
22:17:59.0108 1804	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:17:59.0112 1804	rdbss - ok
22:17:59.0136 1804	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:17:59.0137 1804	RDPCDD - ok
22:17:59.0175 1804	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
22:17:59.0178 1804	rdpdr - ok
22:17:59.0191 1804	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:17:59.0193 1804	RDPENCDD - ok
22:17:59.0233 1804	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:17:59.0236 1804	RDPWD - ok
22:17:59.0298 1804	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:17:59.0300 1804	rspndr - ok
22:17:59.0325 1804	RTSTOR          (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
22:17:59.0326 1804	RTSTOR - ok
22:17:59.0357 1804	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:17:59.0359 1804	sbp2port - ok
22:17:59.0406 1804	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:17:59.0407 1804	secdrv - ok
22:17:59.0436 1804	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:17:59.0437 1804	Serenum - ok
22:17:59.0475 1804	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:17:59.0477 1804	Serial - ok
22:17:59.0500 1804	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:17:59.0501 1804	sermouse - ok
22:17:59.0541 1804	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
22:17:59.0542 1804	sffdisk - ok
22:17:59.0567 1804	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
22:17:59.0568 1804	sffp_mmc - ok
22:17:59.0592 1804	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
22:17:59.0593 1804	sffp_sd - ok
22:17:59.0607 1804	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:17:59.0609 1804	sfloppy - ok
22:17:59.0642 1804	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
22:17:59.0644 1804	sisagp - ok
22:17:59.0661 1804	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
22:17:59.0663 1804	SiSRaid2 - ok
22:17:59.0688 1804	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
22:17:59.0689 1804	SiSRaid4 - ok
22:17:59.0764 1804	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:17:59.0766 1804	Smb - ok
22:17:59.0819 1804	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:17:59.0820 1804	spldr - ok
22:17:59.0866 1804	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:17:59.0872 1804	srv - ok
22:17:59.0904 1804	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:17:59.0906 1804	srv2 - ok
22:17:59.0933 1804	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:17:59.0935 1804	srvnet - ok
22:17:59.0992 1804	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:17:59.0994 1804	ssmdrv - ok
22:18:00.0056 1804	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:18:00.0057 1804	swenum - ok
22:18:00.0099 1804	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:18:00.0100 1804	Symc8xx - ok
22:18:00.0118 1804	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:18:00.0119 1804	Sym_hi - ok
22:18:00.0143 1804	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:18:00.0145 1804	Sym_u3 - ok
22:18:00.0177 1804	SynTP           (be78198c69135ef1fa157e08fd5c90ff) C:\Windows\system32\DRIVERS\SynTP.sys
22:18:00.0180 1804	SynTP - ok
22:18:00.0253 1804	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:18:00.0272 1804	Tcpip - ok
22:18:00.0312 1804	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:18:00.0322 1804	Tcpip6 - ok
22:18:00.0360 1804	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:18:00.0362 1804	tcpipreg - ok
22:18:00.0397 1804	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:18:00.0399 1804	TDPIPE - ok
22:18:00.0424 1804	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:18:00.0425 1804	TDTCP - ok
22:18:00.0489 1804	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:18:00.0491 1804	tdx - ok
22:18:00.0535 1804	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:18:00.0537 1804	TermDD - ok
22:18:00.0578 1804	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:18:00.0580 1804	tssecsrv - ok
22:18:00.0603 1804	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:18:00.0604 1804	tunmp - ok
22:18:00.0649 1804	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:18:00.0650 1804	tunnel - ok
22:18:00.0670 1804	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
22:18:00.0672 1804	uagp35 - ok
22:18:00.0733 1804	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:18:00.0737 1804	udfs - ok
22:18:00.0771 1804	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
22:18:00.0773 1804	uliagpkx - ok
22:18:00.0800 1804	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
22:18:00.0805 1804	uliahci - ok
22:18:00.0828 1804	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:18:00.0830 1804	UlSata - ok
22:18:00.0870 1804	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:18:00.0872 1804	ulsata2 - ok
22:18:00.0895 1804	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:18:00.0897 1804	umbus - ok
22:18:00.0976 1804	USBAAPL         (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
22:18:00.0978 1804	USBAAPL - ok
22:18:01.0021 1804	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:18:01.0023 1804	usbccgp - ok
22:18:01.0054 1804	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:18:01.0056 1804	usbcir - ok
22:18:01.0085 1804	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:18:01.0087 1804	usbehci - ok
22:18:01.0123 1804	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:18:01.0125 1804	usbhub - ok
22:18:01.0161 1804	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
22:18:01.0163 1804	usbohci - ok
22:18:01.0189 1804	usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
22:18:01.0190 1804	usbprint - ok
22:18:01.0217 1804	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:18:01.0219 1804	USBSTOR - ok
22:18:01.0244 1804	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:18:01.0246 1804	usbuhci - ok
22:18:01.0299 1804	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:18:01.0301 1804	usbvideo - ok
22:18:01.0333 1804	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:18:01.0334 1804	vga - ok
22:18:01.0358 1804	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:18:01.0359 1804	VgaSave - ok
22:18:01.0382 1804	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
22:18:01.0384 1804	viaagp - ok
22:18:01.0405 1804	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
22:18:01.0406 1804	ViaC7 - ok
22:18:01.0433 1804	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
22:18:01.0434 1804	viaide - ok
22:18:01.0477 1804	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:18:01.0479 1804	volmgr - ok
22:18:01.0534 1804	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:18:01.0539 1804	volmgrx - ok
22:18:01.0591 1804	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:18:01.0594 1804	volsnap - ok
22:18:01.0636 1804	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
22:18:01.0639 1804	vsmraid - ok
22:18:01.0675 1804	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:18:01.0676 1804	WacomPen - ok
22:18:01.0696 1804	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:18:01.0698 1804	Wanarp - ok
22:18:01.0719 1804	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:18:01.0721 1804	Wanarpv6 - ok
22:18:01.0756 1804	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
22:18:01.0757 1804	Wd - ok
22:18:01.0798 1804	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:18:01.0805 1804	Wdf01000 - ok
22:18:01.0893 1804	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
22:18:01.0895 1804	WmiAcpi - ok
22:18:01.0964 1804	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:18:01.0966 1804	WpdUsb - ok
22:18:01.0992 1804	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:18:01.0993 1804	ws2ifsl - ok
22:18:02.0046 1804	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:18:02.0048 1804	WUDFRd - ok
22:18:02.0094 1804	XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
22:18:02.0095 1804	XUIF - ok
22:18:02.0220 1804	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\HomeCinema\PlayMovie\000.fcl
22:18:02.0221 1804	{49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
22:18:02.0405 1804	{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\HomeCinema\PowerDVD8\000.fcl
22:18:02.0406 1804	{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
22:18:02.0430 1804	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
22:18:02.0502 1804	\Device\Harddisk0\DR0 - ok
22:18:02.0508 1804	Boot (0x1200)   (a1003dd3ff05d2edf2ccf93d049c381f) \Device\Harddisk0\DR0\Partition0
22:18:02.0509 1804	\Device\Harddisk0\DR0\Partition0 - ok
22:18:02.0554 1804	Boot (0x1200)   (6f9846175cb6c258007fb98eac3fe9df) \Device\Harddisk0\DR0\Partition1
22:18:02.0554 1804	\Device\Harddisk0\DR0\Partition1 - ok
22:18:02.0555 1804	============================================================
22:18:02.0555 1804	Scan finished
22:18:02.0555 1804	============================================================
22:18:02.0573 1664	Detected object count: 0
22:18:02.0573 1664	Actual detected object count: 0
         

sieht auch sauber aus

MfG Jörg

Hi,

ja, sieht ok aus...
Falls keine sonstigen Symptome (Umleitungen, sich öffnende Browserfenster etc.) auftauchen, sollten wir durch sein...

chris

Ok, super vielen Dank Chris, ohne deine Hilfe hätte ich das nie in den Griff bekommen.



Ein paar Fragen hab ich aber noch:

1. Was mache ich hier?

Zitat:

IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

2. Was ist mit Defogger?

3. Die von ESET in Quarantäne verschobenen Dateien, was passiert mit denen? Babylon Toolbar ist Schrott, das ist klar, aber was ist mit dem Rest? Braucht man das noch?

Ich hoffe, das war´s dann endgültig.

Nochmals vielen Dank für deine Bemühungen

MfG Jörg

Hi,

kann gelöscht werden (das von ESET);
Für eine "rückstandsfreie Entfernung" von ESET kann der Eintrag mit HJ entfernt werden (muß aber nicht)...

Defogger kann gelösch twerden...

Gruß,
chris

Sieht soweit alles gut aus, keine ungewöhnlichen Meldungen mehr. Das sollte es gewesen sein.

Vielen Dank für deine Hilfe Chris, allein hätte ich das niemals hinbekommen.



Nun will ich mal hoffen, dass mir so ein "Schnupfen" in Zukunft erspart bleibt.

LG Jörg